From 5822bff49bfef08c186386cc779a77484d018e1e Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Wed, 15 Nov 2023 18:25:36 -0700 Subject: [PATCH 01/20] Refactored logic out of scan.go into a scanner --- .hookz.yaml | 6 +- cmd/scan.go | 138 +++++----------------------------------------- go.mod | 3 +- go.sum | 6 +- lib/scanner.go | 147 +++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 166 insertions(+), 134 deletions(-) create mode 100644 lib/scanner.go diff --git a/.hookz.yaml b/.hookz.yaml index b596788..22d9b25 100644 --- a/.hookz.yaml +++ b/.hookz.yaml @@ -29,9 +29,9 @@ - name: "govulncheck: Check for vulnerabilities" exec: govulncheck args: ["./..."] - - name: "gocyclo: Check cyclomatic complexities" - exec: gocyclo - args: ["-over", "13", "."] + # - name: "gocyclo: Check cyclomatic complexities" + # exec: gocyclo + # args: ["-over", "13", "."] - name: Hinge exec: hinge args: ["."] diff --git a/cmd/scan.go b/cmd/scan.go index 525bf49..1dfaa58 100644 --- a/cmd/scan.go +++ b/cmd/scan.go @@ -1,36 +1,20 @@ package cmd import ( - "fmt" "log" "os" - "strings" - "time" - "github.com/briandowns/spinner" "github.com/devops-kung-fu/common/util" "github.com/gookit/color" - "github.com/package-url/packageurl-go" "github.com/spf13/cobra" - "k8s.io/utils/strings/slices" "github.com/devops-kung-fu/bomber/lib" - "github.com/devops-kung-fu/bomber/lib/enrichment" - "github.com/devops-kung-fu/bomber/lib/filters" - "github.com/devops-kung-fu/bomber/models" "github.com/devops-kung-fu/bomber/providers" "github.com/devops-kung-fu/bomber/renderers" ) var ( - providerName string - severitySummary = models.Summary{} - credentials = models.Credentials{} - renderer models.Renderer - provider models.Provider - ignoreFile string - severity string - exitCode bool + scanner lib.Scanner // summary, detailed bool scanCmd = &cobra.Command{ @@ -43,119 +27,23 @@ var ( _ = cmd.Help() os.Exit(1) } - renderer = r - p, err := providers.NewProvider(providerName) + scanner.Renderer = r + p, err := providers.NewProvider(scanner.ProviderName) if err != nil { color.Red.Printf("%v\n\n", err) _ = cmd.Help() os.Exit(1) } - provider = p + scanner.Provider = p }, Run: func(cmd *cobra.Command, args []string) { - scanned, purls, licenses, err := lib.Load(Afs, args) - if err != nil { + scanner.Version = version + scanner.Output = output + if err := scanner.Scan(Afs, args); err != nil { util.PrintErr(err) os.Exit(1) } - if len(purls) > 0 { - var response []models.Package - - ecosystems := []string{} - for _, p := range purls { - purl, err := packageurl.FromString(p) - if err != nil { - util.PrintErr(err) - } - if !slices.Contains(ecosystems, purl.Type) { - ecosystems = append(ecosystems, purl.Type) - } - } - s := spinner.New(spinner.CharSets[9], 100*time.Millisecond) - - purls, issues := filters.Sanitize(purls) - - util.DoIf(output != "json", func() { - util.PrintInfo("Ecosystems detected:", strings.Join(ecosystems, ",")) - - //for each models.Issue in issues, write a message to the console - for _, issue := range issues { - util.PrintWarningf("%v (%v)\n", issue.Message, issue.Purl) - } - util.PrintInfof("Scanning %v packages for vulnerabilities...\n", len(purls)) - util.PrintInfo("Vulnerability Provider:", provider.Info(), "\n") - s.Suffix = fmt.Sprintf(" Fetching vulnerability data from %s", providerName) - s.Start() - }) - - response, err := provider.Scan(purls, &credentials) - if err != nil { - log.Print(err) - } - var ignoredCVE []string - if ignoreFile != "" { - ignoredCVE, err = lib.LoadIgnore(Afs, ignoreFile) - if err != nil { - util.PrintWarningf("Ignore flag set, but there was an error: %s", err) - } - } - - //Get rid of the packages that have a vulnerability lower than its fail severity - if severity != "" { - for i, p := range response { - vulns := []models.Vulnerability{} - for _, v := range p.Vulnerabilities { - // severity flag passed in - fs := lib.ParseSeverity(severity) - // severity of vulnerability - vs := lib.ParseSeverity(v.Severity) - if vs >= fs { - vulns = append(vulns, v) - } else { - log.Printf("Removed vulnerability that was %s when the filter was %s", v.Severity, severity) - } - } - log.Printf("Filtered out %d vulnerabilities for package %s", len(p.Vulnerabilities)-len(vulns), p.Purl) - response[i].Vulnerabilities = vulns - } - } - for i, p := range response { - enrichedVulnerabilities, _ := enrichment.Enrich(p.Vulnerabilities) - response[i].Vulnerabilities = enrichedVulnerabilities - - if len(ignoredCVE) > 0 { - filteredVulnerabilities := filters.Ignore(p.Vulnerabilities, ignoredCVE) - response[i].Vulnerabilities = filteredVulnerabilities - } - } - - util.DoIf(output != "json", func() { - s.Stop() - }) - if err != nil { - util.PrintErr(err) - os.Exit(1) - } - vulnCount := 0 - for _, r := range response { - vulnCount += len(r.Vulnerabilities) - for _, v := range r.Vulnerabilities { - lib.AdjustSummary(v.Severity, &severitySummary) - } - } - results := models.NewResults(response, severitySummary, scanned, licenses, version, providerName) - if err = renderer.Render(results); err != nil { - log.Println(err) - } - if exitCode { - code := lib.HighestSeverityExitCode(lib.FlattenVulnerabilities(results.Packages)) - log.Printf("fail severity: %d", code) - os.Exit(code) - } - } else { - util.PrintInfo("No packages were detected. Nothing has been scanned.") - } log.Println("Finished") os.Exit(0) }, @@ -164,10 +52,10 @@ var ( func init() { rootCmd.AddCommand(scanCmd) - scanCmd.PersistentFlags().StringVar(&credentials.Username, "username", "", "the user name for the provider being used.") - scanCmd.PersistentFlags().StringVar(&credentials.Token, "token", "", "the API token for the provider being used.") - scanCmd.PersistentFlags().StringVar(&providerName, "provider", "osv", "the vulnerability provider (ossindex, osv).") - scanCmd.PersistentFlags().StringVar(&ignoreFile, "ignore-file", "", "an optional file containing CVEs to ignore when rendering output.") - scanCmd.PersistentFlags().StringVar(&severity, "severity", "", "anything equal to or above this severity will be returned with non-zero error code.") - scanCmd.PersistentFlags().BoolVar(&exitCode, "exitcode", false, "if set will return an exit code representing the highest severity detected.") + scanCmd.PersistentFlags().StringVar(&scanner.Credentials.Username, "username", "", "the user name for the provider being used.") + scanCmd.PersistentFlags().StringVar(&scanner.Credentials.Token, "token", "", "the API token for the provider being used.") + scanCmd.PersistentFlags().StringVar(&scanner.ProviderName, "provider", "osv", "the vulnerability provider (ossindex, osv).") + scanCmd.PersistentFlags().StringVar(&scanner.IgnoreFile, "ignore-file", "", "an optional file containing CVEs to ignore when rendering output.") + scanCmd.PersistentFlags().StringVar(&scanner.Severity, "severity", "", "anything equal to or above this severity will be returned with non-zero error code.") + scanCmd.PersistentFlags().BoolVar(&scanner.ExitCode, "exitcode", false, "if set will return an exit code representing the highest severity detected.") } diff --git a/go.mod b/go.mod index bc8cf8c..152769f 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,6 @@ require ( github.com/spf13/afero v1.10.0 github.com/spf13/cobra v1.8.0 github.com/stretchr/testify v1.8.4 - k8s.io/utils v0.0.0-20230726121419-3b25d923346b ) require ( @@ -32,7 +31,7 @@ require ( github.com/aymerick/douceur v0.2.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/fatih/color v1.16.0 // indirect - github.com/gomarkdown/markdown v0.0.0-20230922112808-5421fefb8386 + github.com/gomarkdown/markdown v0.0.0-20231115200524-a660076da3fd github.com/gorilla/css v1.0.1 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect diff --git a/go.sum b/go.sum index a5ebddd..0d3460b 100644 --- a/go.sum +++ b/go.sum @@ -97,8 +97,8 @@ github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvq github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/gomarkdown/markdown v0.0.0-20230922112808-5421fefb8386 h1:EcQR3gusLHN46TAD+G+EbaaqJArt5vHhNpXAa12PQf4= -github.com/gomarkdown/markdown v0.0.0-20230922112808-5421fefb8386/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA= +github.com/gomarkdown/markdown v0.0.0-20231115200524-a660076da3fd h1:PppHBegd3uPZ3Y/Iax/2mlCFJm1w4Qf/zP1MdW4ju2o= +github.com/gomarkdown/markdown v0.0.0-20231115200524-a660076da3fd/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -528,8 +528,6 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/lib/scanner.go b/lib/scanner.go new file mode 100644 index 0000000..17a6f90 --- /dev/null +++ b/lib/scanner.go @@ -0,0 +1,147 @@ +package lib + +import ( + "fmt" + "log" + "os" + "slices" + "strings" + "time" + + "github.com/briandowns/spinner" + "github.com/devops-kung-fu/common/util" + "github.com/package-url/packageurl-go" + "github.com/spf13/afero" + + "github.com/devops-kung-fu/bomber/lib/enrichment" + "github.com/devops-kung-fu/bomber/lib/filters" + "github.com/devops-kung-fu/bomber/models" +) + +// Scanner encapsulates the properties needed to scan a file for vulnerabilities +type Scanner struct { + SeveritySummary models.Summary + Credentials models.Credentials + Renderer models.Renderer + Provider models.Provider + IgnoreFile string + Severity string + ExitCode bool + Output string + ProviderName string + Version string +} + +// Scan scans a file for vulnerabilities and renders it to the selected output +func (s *Scanner) Scan(afs *afero.Afero, args []string) (err error) { + scanned, purls, licenses, err := Load(afs, args) + if err != nil { + log.Print(err) + return + } + if len(purls) > 0 { + var response []models.Package + + ecosystems := []string{} + for _, p := range purls { + purl, err := packageurl.FromString(p) + if err != nil { + util.PrintErr(err) + } + if !slices.Contains(ecosystems, purl.Type) { + ecosystems = append(ecosystems, purl.Type) + } + } + spinner := spinner.New(spinner.CharSets[9], 100*time.Millisecond) + + purls, issues := filters.Sanitize(purls) + + util.DoIf(s.Output != "json", func() { + util.PrintInfo("Ecosystems detected:", strings.Join(ecosystems, ",")) + + //for each models.Issue in issues, write a message to the console + for _, issue := range issues { + util.PrintWarningf("%v (%v)\n", issue.Message, issue.Purl) + } + + util.PrintInfof("Scanning %v packages for vulnerabilities...\n", len(purls)) + util.PrintInfo("Vulnerability Provider:", s.Provider.Info(), "\n") + if s.Severity != "" { + util.PrintInfof("Showing vulnerabilities with a severity of %s or higher", strings.ToUpper(s.Severity)) + fmt.Println() + } + + spinner.Suffix = fmt.Sprintf(" Fetching vulnerability data from %s", s.ProviderName) + spinner.Start() + }) + + response, err := s.Provider.Scan(purls, &s.Credentials) + if err != nil { + log.Print(err) + } + var ignoredCVE []string + if s.IgnoreFile != "" { + ignoredCVE, err = LoadIgnore(afs, s.IgnoreFile) + if err != nil { + util.PrintWarningf("Ignore flag set, but there was an error: %s", err) + } + } + + //Get rid of the packages that have a vulnerability lower than its fail severity + if s.Severity != "" { + for i, p := range response { + vulns := []models.Vulnerability{} + for _, v := range p.Vulnerabilities { + // severity flag passed in + fs := ParseSeverity(s.Severity) + // severity of vulnerability + vs := ParseSeverity(v.Severity) + if vs >= fs { + vulns = append(vulns, v) + } else { + log.Printf("Removed vulnerability that was %s when the filter was %s", v.Severity, s.Severity) + } + } + log.Printf("Filtered out %d vulnerabilities for package %s", len(p.Vulnerabilities)-len(vulns), p.Purl) + response[i].Vulnerabilities = vulns + } + } + + for i, p := range response { + enrichedVulnerabilities, _ := enrichment.Enrich(p.Vulnerabilities) + response[i].Vulnerabilities = enrichedVulnerabilities + + if len(ignoredCVE) > 0 { + filteredVulnerabilities := filters.Ignore(p.Vulnerabilities, ignoredCVE) + response[i].Vulnerabilities = filteredVulnerabilities + } + } + + util.DoIf(s.Output != "json", func() { + spinner.Stop() + }) + if err != nil { + util.PrintErr(err) + os.Exit(1) + } + vulnCount := 0 + for _, r := range response { + vulnCount += len(r.Vulnerabilities) + for _, v := range r.Vulnerabilities { + AdjustSummary(v.Severity, &s.SeveritySummary) + } + } + results := models.NewResults(response, s.SeveritySummary, scanned, licenses, s.Version, s.ProviderName) + if err = s.Renderer.Render(results); err != nil { + log.Println(err) + } + if s.ExitCode { + code := HighestSeverityExitCode(FlattenVulnerabilities(results.Packages)) + log.Printf("fail severity: %d", code) + os.Exit(code) + } + } else { + util.PrintInfo("No packages were detected. Nothing has been scanned.") + } + return +} From 6d255fcd7a9b9cd7bd7e3174c76e6e77a007ad62 Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Thu, 16 Nov 2023 08:30:19 -0700 Subject: [PATCH 02/20] Reduced cyclomatic complexity --- .hookz.yaml | 6 +- lib/scanner.go | 241 ++++++++++++++++++++++++++++---------------- lib/scanner_test.go | 62 ++++++++++++ 3 files changed, 217 insertions(+), 92 deletions(-) create mode 100644 lib/scanner_test.go diff --git a/.hookz.yaml b/.hookz.yaml index 22d9b25..79d5285 100644 --- a/.hookz.yaml +++ b/.hookz.yaml @@ -29,9 +29,9 @@ - name: "govulncheck: Check for vulnerabilities" exec: govulncheck args: ["./..."] - # - name: "gocyclo: Check cyclomatic complexities" - # exec: gocyclo - # args: ["-over", "13", "."] + - name: "gocyclo: Check cyclomatic complexities" + exec: gocyclo + args: ["-over", "11", "."] - name: Hinge exec: hinge args: ["."] diff --git a/lib/scanner.go b/lib/scanner.go index 17a6f90..043d52e 100644 --- a/lib/scanner.go +++ b/lib/scanner.go @@ -1,3 +1,4 @@ +// Package lib contains core functionality to load Software Bill of Materials and contains common functions package lib import ( @@ -18,7 +19,7 @@ import ( "github.com/devops-kung-fu/bomber/models" ) -// Scanner encapsulates the properties needed to scan a file for vulnerabilities +// Scanner represents a vulnerability scanner. type Scanner struct { SeveritySummary models.Summary Credentials models.Credentials @@ -30,118 +31,180 @@ type Scanner struct { Output string ProviderName string Version string + Afs *afero.Afero } -// Scan scans a file for vulnerabilities and renders it to the selected output +// Scan performs the vulnerability scan. func (s *Scanner) Scan(afs *afero.Afero, args []string) (err error) { - scanned, purls, licenses, err := Load(afs, args) + // Load packages and associated data + s.Afs = afs + scanned, purls, licenses, err := Load(s.Afs, args) if err != nil { log.Print(err) return } - if len(purls) > 0 { - var response []models.Package - - ecosystems := []string{} - for _, p := range purls { - purl, err := packageurl.FromString(p) - if err != nil { - util.PrintErr(err) - } - if !slices.Contains(ecosystems, purl.Type) { - ecosystems = append(ecosystems, purl.Type) - } - } - spinner := spinner.New(spinner.CharSets[9], 100*time.Millisecond) - purls, issues := filters.Sanitize(purls) + // If no packages are detected, print a message and return + if len(purls) == 0 { + util.PrintInfo("No packages were detected. Nothing has been scanned.") + return + } - util.DoIf(s.Output != "json", func() { - util.PrintInfo("Ecosystems detected:", strings.Join(ecosystems, ",")) + // Perform the package scan + response, err := s.scanPackages(purls) + if err != nil { + return err + } - //for each models.Issue in issues, write a message to the console - for _, issue := range issues { - util.PrintWarningf("%v (%v)\n", issue.Message, issue.Purl) - } + // Process and output the scan results + s.processResults(scanned, licenses, response) + return +} - util.PrintInfof("Scanning %v packages for vulnerabilities...\n", len(purls)) - util.PrintInfo("Vulnerability Provider:", s.Provider.Info(), "\n") - if s.Severity != "" { - util.PrintInfof("Showing vulnerabilities with a severity of %s or higher", strings.ToUpper(s.Severity)) - fmt.Println() - } +// scanPackages performs the core logic of scanning packages. +func (s *Scanner) scanPackages(purls []string) ([]models.Package, error) { + // Detect and print information about ecosystems + ecosystems := s.detectEcosystems(purls) + spinner := s.setupSpinner(ecosystems, purls) - spinner.Suffix = fmt.Sprintf(" Fetching vulnerability data from %s", s.ProviderName) - spinner.Start() - }) + // Sanitize package URLs and handle initial console output + purls, issues := filters.Sanitize(purls) + s.printInitialInfo(len(purls), ecosystems, issues, spinner) + + // Perform the actual scan with the selected provider + response, err := s.Provider.Scan(purls, &s.Credentials) + if err != nil { + return nil, err + } - response, err := s.Provider.Scan(purls, &s.Credentials) - if err != nil { - log.Print(err) + // Load ignore data if specified + ignoredCVE, err := s.loadIgnoreData(s.Afs, s.IgnoreFile) + if err != nil { + util.PrintWarningf("Ignore flag set, but there was an error: %s", err) + } + + // Filter, enrich, and ignore vulnerabilities as needed + s.filterVulnerabilities(response) + s.enrichAndIgnoreVulnerabilities(response, ignoredCVE) + s.stopSpinner(spinner) + + return response, nil +} + +// detectEcosystems detects the ecosystems from package URLs. +func (s *Scanner) detectEcosystems(purls []string) []string { + ecosystems := []string{} + for _, p := range purls { + purl, err := packageurl.FromString(p) + if err == nil && !slices.Contains(ecosystems, purl.Type) { + ecosystems = append(ecosystems, purl.Type) } - var ignoredCVE []string - if s.IgnoreFile != "" { - ignoredCVE, err = LoadIgnore(afs, s.IgnoreFile) - if err != nil { - util.PrintWarningf("Ignore flag set, but there was an error: %s", err) - } + } + return ecosystems +} + +// setupSpinner creates and configures a spinner for console output. +func (s *Scanner) setupSpinner(ecosystems []string, purls []string) *spinner.Spinner { + spinner := spinner.New(spinner.CharSets[9], 100*time.Millisecond) + return spinner +} + +// printInitialInfo prints initial information about the scan. +func (s *Scanner) printInitialInfo(purlCount int, ecosystems []string, issues []models.Issue, spinner *spinner.Spinner) { + util.DoIf(s.Output != "json", func() { + util.PrintInfo("Ecosystems detected:", strings.Join(ecosystems, ",")) + + for _, issue := range issues { + util.PrintWarningf("%v (%v)\n", issue.Message, issue.Purl) } - //Get rid of the packages that have a vulnerability lower than its fail severity + util.PrintInfof("Scanning %v packages for vulnerabilities...\n", purlCount) + util.PrintInfo("Vulnerability Provider:", s.Provider.Info(), "\n") + if s.Severity != "" { - for i, p := range response { - vulns := []models.Vulnerability{} - for _, v := range p.Vulnerabilities { - // severity flag passed in - fs := ParseSeverity(s.Severity) - // severity of vulnerability - vs := ParseSeverity(v.Severity) - if vs >= fs { - vulns = append(vulns, v) - } else { - log.Printf("Removed vulnerability that was %s when the filter was %s", v.Severity, s.Severity) - } - } - log.Printf("Filtered out %d vulnerabilities for package %s", len(p.Vulnerabilities)-len(vulns), p.Purl) - response[i].Vulnerabilities = vulns - } + util.PrintInfof("Showing vulnerabilities with a severity of %s or higher", strings.ToUpper(s.Severity)) + fmt.Println() } - for i, p := range response { - enrichedVulnerabilities, _ := enrichment.Enrich(p.Vulnerabilities) - response[i].Vulnerabilities = enrichedVulnerabilities + spinner.Suffix = fmt.Sprintf(" Fetching vulnerability data from %s", s.ProviderName) + spinner.Start() + }) +} - if len(ignoredCVE) > 0 { - filteredVulnerabilities := filters.Ignore(p.Vulnerabilities, ignoredCVE) - response[i].Vulnerabilities = filteredVulnerabilities - } - } +// loadIgnoreData loads the ignore data from a file if specified. +func (s *Scanner) loadIgnoreData(afs *afero.Afero, ignoreFile string) ([]string, error) { + if ignoreFile != "" { + return LoadIgnore(afs, ignoreFile) + } + return nil, nil +} - util.DoIf(s.Output != "json", func() { - spinner.Stop() - }) - if err != nil { - util.PrintErr(err) - os.Exit(1) - } - vulnCount := 0 - for _, r := range response { - vulnCount += len(r.Vulnerabilities) - for _, v := range r.Vulnerabilities { - AdjustSummary(v.Severity, &s.SeveritySummary) +// filterVulnerabilities filters vulnerabilities based on severity. +func (s *Scanner) filterVulnerabilities(response []models.Package) { + if s.Severity != "" { + for i, p := range response { + vulns := []models.Vulnerability{} + for _, v := range p.Vulnerabilities { + fs := ParseSeverity(s.Severity) + vs := ParseSeverity(v.Severity) + if vs >= fs { + vulns = append(vulns, v) + } else { + log.Printf("Removed vulnerability that was %s when the filter was %s", v.Severity, s.Severity) + } } + log.Printf("Filtered out %d vulnerabilities for package %s", len(p.Vulnerabilities)-len(vulns), p.Purl) + response[i].Vulnerabilities = vulns } - results := models.NewResults(response, s.SeveritySummary, scanned, licenses, s.Version, s.ProviderName) - if err = s.Renderer.Render(results); err != nil { - log.Println(err) + } +} + +// enrichAndIgnoreVulnerabilities enriches and ignores vulnerabilities as needed. +func (s *Scanner) enrichAndIgnoreVulnerabilities(response []models.Package, ignoredCVE []string) { + for i, p := range response { + enrichedVulnerabilities, _ := enrichment.Enrich(p.Vulnerabilities) + response[i].Vulnerabilities = enrichedVulnerabilities + + if len(ignoredCVE) > 0 { + filteredVulnerabilities := filters.Ignore(p.Vulnerabilities, ignoredCVE) + response[i].Vulnerabilities = filteredVulnerabilities } - if s.ExitCode { - code := HighestSeverityExitCode(FlattenVulnerabilities(results.Packages)) - log.Printf("fail severity: %d", code) - os.Exit(code) + } +} + +// stopSpinner stops the spinner if it was started. +func (s *Scanner) stopSpinner(spinner *spinner.Spinner) { + util.DoIf(s.Output != "json", func() { + spinner.Stop() + }) +} + +// processResults handles the final processing and output of scan results. +func (s *Scanner) processResults(scanned []models.ScannedFile, licenses []string, response []models.Package) { + log.Println("Building severity summary") + for _, r := range response { + for _, v := range r.Vulnerabilities { + AdjustSummary(v.Severity, &s.SeveritySummary) } - } else { - util.PrintInfo("No packages were detected. Nothing has been scanned.") } - return + log.Println("Creating results") + // Create results object + results := models.NewResults(response, s.SeveritySummary, scanned, licenses, s.Version, s.ProviderName) + + // Render results using the specified renderer + if err := s.Renderer.Render(results); err != nil { + log.Println(err) + } + + // Exit with code if required + s.exitWithCodeIfRequired(results) +} + +// exitWithCodeIfRequired exits the program with the appropriate code based on severity. +func (s *Scanner) exitWithCodeIfRequired(results models.Results) { + if s.ExitCode { + code := HighestSeverityExitCode(FlattenVulnerabilities(results.Packages)) + log.Printf("fail severity: %d", code) + os.Exit(code) + } } diff --git a/lib/scanner_test.go b/lib/scanner_test.go new file mode 100644 index 0000000..a2c192e --- /dev/null +++ b/lib/scanner_test.go @@ -0,0 +1,62 @@ +// Package lib contains core functionality to load Software Bill of Materials and contains common functions +package lib + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestSetupSpinner(t *testing.T) { + // Create a mock Scanner instance + scanner := Scanner{} + + // Call the setupSpinner function + spinner := scanner.setupSpinner([]string{"ecosystem1", "ecosystem2"}, []string{"package1", "package2"}) + + // Assert that the returned spinner is not nil + assert.NotNil(t, spinner, "Expected non-nil spinner, got nil") +} + +// func TestExitWithCodeIfRequired(t *testing.T) { + +// _ = os.Exit + +// // Create a mock Scanner instance +// scanner := &Scanner{ +// ExitCode: true, +// } + +// // Mock results with a specific severity +// severitySummary := models.Summary{ +// Unspecified: 1, +// Low: 2, +// Moderate: 3, +// High: 4, +// Critical: 5, +// } + +// results := models.Results{ +// Summary: severitySummary, +// } + +// // Mock the log.Printf function +// var logOutput string +// log.SetOutput(&mockLogger{&logOutput}) + +// // Call the exitWithCodeIfRequired method +// scanner.exitWithCodeIfRequired(results) + +// // Assert the log output contains the expected message +// require.Contains(t, logOutput, "fail severity: 5", "Log output does not contain expected message") +// } + +// // mockLogger is a simple implementation of io.Writer to capture log output +// type mockLogger struct { +// output *string +// } + +// func (m *mockLogger) Write(p []byte) (n int, err error) { +// *m.output += string(p) +// return len(p), nil +// } From 095f439b8023963d49afe455a24b687e90680dc4 Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Thu, 16 Nov 2023 09:52:58 -0700 Subject: [PATCH 03/20] More test cases --- lib/scanner.go | 24 +++++----------- lib/scanner_test.go | 68 +++++++++++++++++---------------------------- 2 files changed, 32 insertions(+), 60 deletions(-) diff --git a/lib/scanner.go b/lib/scanner.go index 043d52e..5dba3f7 100644 --- a/lib/scanner.go +++ b/lib/scanner.go @@ -65,7 +65,7 @@ func (s *Scanner) Scan(afs *afero.Afero, args []string) (err error) { func (s *Scanner) scanPackages(purls []string) ([]models.Package, error) { // Detect and print information about ecosystems ecosystems := s.detectEcosystems(purls) - spinner := s.setupSpinner(ecosystems, purls) + spinner := spinner.New(spinner.CharSets[9], 100*time.Millisecond) // Sanitize package URLs and handle initial console output purls, issues := filters.Sanitize(purls) @@ -86,7 +86,10 @@ func (s *Scanner) scanPackages(purls []string) ([]models.Package, error) { // Filter, enrich, and ignore vulnerabilities as needed s.filterVulnerabilities(response) s.enrichAndIgnoreVulnerabilities(response, ignoredCVE) - s.stopSpinner(spinner) + + if s.Output != "json" { + spinner.Stop() + } return response, nil } @@ -103,15 +106,9 @@ func (s *Scanner) detectEcosystems(purls []string) []string { return ecosystems } -// setupSpinner creates and configures a spinner for console output. -func (s *Scanner) setupSpinner(ecosystems []string, purls []string) *spinner.Spinner { - spinner := spinner.New(spinner.CharSets[9], 100*time.Millisecond) - return spinner -} - // printInitialInfo prints initial information about the scan. func (s *Scanner) printInitialInfo(purlCount int, ecosystems []string, issues []models.Issue, spinner *spinner.Spinner) { - util.DoIf(s.Output != "json", func() { + if s.Output != "json" { util.PrintInfo("Ecosystems detected:", strings.Join(ecosystems, ",")) for _, issue := range issues { @@ -128,7 +125,7 @@ func (s *Scanner) printInitialInfo(purlCount int, ecosystems []string, issues [] spinner.Suffix = fmt.Sprintf(" Fetching vulnerability data from %s", s.ProviderName) spinner.Start() - }) + } } // loadIgnoreData loads the ignore data from a file if specified. @@ -172,13 +169,6 @@ func (s *Scanner) enrichAndIgnoreVulnerabilities(response []models.Package, igno } } -// stopSpinner stops the spinner if it was started. -func (s *Scanner) stopSpinner(spinner *spinner.Spinner) { - util.DoIf(s.Output != "json", func() { - spinner.Stop() - }) -} - // processResults handles the final processing and output of scan results. func (s *Scanner) processResults(scanned []models.ScannedFile, licenses []string, response []models.Package) { log.Println("Building severity summary") diff --git a/lib/scanner_test.go b/lib/scanner_test.go index a2c192e..b117eb9 100644 --- a/lib/scanner_test.go +++ b/lib/scanner_test.go @@ -4,59 +4,41 @@ package lib import ( "testing" + "github.com/spf13/afero" "github.com/stretchr/testify/assert" ) -func TestSetupSpinner(t *testing.T) { - // Create a mock Scanner instance +func Test_detectEcosystems(t *testing.T) { scanner := Scanner{} - // Call the setupSpinner function - spinner := scanner.setupSpinner([]string{"ecosystem1", "ecosystem2"}, []string{"package1", "package2"}) + purls := []string{ + "pkg:golang/github.com/test/test1@v1.19.0", + "pkg:npm/github.com/test/test2@v1.19.0", + "invalid_url", // This should be ignored + } - // Assert that the returned spinner is not nil - assert.NotNil(t, spinner, "Expected non-nil spinner, got nil") -} - -// func TestExitWithCodeIfRequired(t *testing.T) { - -// _ = os.Exit - -// // Create a mock Scanner instance -// scanner := &Scanner{ -// ExitCode: true, -// } + result := scanner.detectEcosystems(purls) -// // Mock results with a specific severity -// severitySummary := models.Summary{ -// Unspecified: 1, -// Low: 2, -// Moderate: 3, -// High: 4, -// Critical: 5, -// } + assert.ElementsMatch(t, []string{"golang", "npm"}, result, "Detected ecosystems do not match expected result") +} -// results := models.Results{ -// Summary: severitySummary, -// } +func TestScanner_loadIgnoreData(t *testing.T) { + afs := &afero.Afero{Fs: afero.NewMemMapFs()} -// // Mock the log.Printf function -// var logOutput string -// log.SetOutput(&mockLogger{&logOutput}) + err := afs.WriteFile("/.bomber.ignore", []byte("CVE-2022-31163"), 0644) + assert.NoError(t, err) -// // Call the exitWithCodeIfRequired method -// scanner.exitWithCodeIfRequired(results) + scanner := Scanner{} + results, err := scanner.loadIgnoreData(afs, "/.bomber.ignore") -// // Assert the log output contains the expected message -// require.Contains(t, logOutput, "fail severity: 5", "Log output does not contain expected message") -// } + assert.NoError(t, err) + assert.Len(t, results, 1) + assert.Equal(t, results[0], "CVE-2022-31163") -// // mockLogger is a simple implementation of io.Writer to capture log output -// type mockLogger struct { -// output *string -// } + _, err = scanner.loadIgnoreData(afs, "test") + assert.Error(t, err) -// func (m *mockLogger) Write(p []byte) (n int, err error) { -// *m.output += string(p) -// return len(p), nil -// } + results, err = scanner.loadIgnoreData(afs, "") + assert.NoError(t, err) + assert.Len(t, results, 0) +} From 7bc5c187549bbe63119048a499c4a3bebb1ae62d Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Thu, 16 Nov 2023 17:17:24 -0700 Subject: [PATCH 04/20] Batches EPSS calls for each componet's slice of vulns, increasing speed --- .hookz.yaml | 2 +- cmd/root.go | 1 - lib/enrichment/epss.go | 67 +++++++++++++++++++++++-------- lib/loader.go | 81 +++++++++++++++++++++++++++----------- renderers/html/html.go | 2 +- renderers/stdout/stdout.go | 6 ++- 6 files changed, 116 insertions(+), 43 deletions(-) diff --git a/.hookz.yaml b/.hookz.yaml index 79d5285..9ef1873 100644 --- a/.hookz.yaml +++ b/.hookz.yaml @@ -31,7 +31,7 @@ args: ["./..."] - name: "gocyclo: Check cyclomatic complexities" exec: gocyclo - args: ["-over", "11", "."] + args: ["-over", "9", "."] - name: Hinge exec: hinge args: ["."] diff --git a/cmd/root.go b/cmd/root.go index bae7c43..6c44b01 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -41,7 +41,6 @@ var ( fmt.Println("https://github.com/devops-kung-fu/bomber") fmt.Printf("Version: %s\n", version) fmt.Println() - latestVersion, _ := github.LatestReleaseTag("devops-kung-fu", "bomber") if !strings.Contains(latestVersion, version) { color.Yellow.Printf("A newer version of bomber is available (%s)\n\n", latestVersion) diff --git a/lib/enrichment/epss.go b/lib/enrichment/epss.go index 7594b29..f1eff3a 100644 --- a/lib/enrichment/epss.go +++ b/lib/enrichment/epss.go @@ -1,4 +1,4 @@ -// Package enrichment contains functionality to enrich vulnerability data from other sources +// Package enrichment provides functionality to enrich vulnerabilities with epss data. package enrichment import ( @@ -12,17 +12,61 @@ import ( "github.com/devops-kung-fu/bomber/models" ) -const epssBaseURL = "https://api.first.org/data/v1/epss?cve=" +const ( + epssBaseURL = "https://api.first.org/data/v1/epss?cve=" + pageSize = 150 +) + +// TODO: this needs to be refactored so we can batch the scanning and de-duplicate. Each component has it's own list of []models.Vulnerability and this function is called multiple times. At least the implementation here reduces the calls by batching per component. -// Enrich adds epss score data to vulnerabilities +// Enrich adds epss score data to vulnerabilities. func Enrich(vulnerabilities []models.Vulnerability) ([]models.Vulnerability, error) { + var enrichedVulnerabilities []models.Vulnerability + + for i := 0; i < len(vulnerabilities); i += pageSize { + endIndex := i + pageSize + + if endIndex > len(vulnerabilities) { + endIndex = len(vulnerabilities) + } + + cvesBatch := getCveBatch(vulnerabilities[i:endIndex]) + + epss, err := fetchEpssData(cvesBatch) + if err != nil { + return nil, err + } + + log.Printf("EPSS response total: %v", epss.Total) + + for i, v := range vulnerabilities { + for _, sv := range epss.Scores { + if sv.Cve == v.Cve { + vulnerabilities[i].Epss = sv + } + } + } + + enrichedVulnerabilities = append(enrichedVulnerabilities, vulnerabilities...) + } + + return enrichedVulnerabilities, nil +} + +func getCveBatch(vulnerabilities []models.Vulnerability) []string { identifiers := make([]string, len(vulnerabilities)) for i, v := range vulnerabilities { identifiers[i] = v.Cve } + return identifiers +} +func fetchEpssData(cves []string) (models.Epss, error) { req := HttpRequest.NewRequest() - resp, _ := req.JSON().Get(fmt.Sprintf("%s%s", epssBaseURL, strings.Join(identifiers, ","))) + resp, err := req.JSON().Get(fmt.Sprintf("%s%s", epssBaseURL, strings.Join(cves, ","))) + if err != nil { + return models.Epss{}, err + } defer func() { _ = resp.Close() }() @@ -33,18 +77,9 @@ func Enrich(vulnerabilities []models.Vulnerability) ([]models.Vulnerability, err if resp.StatusCode() == 200 { var epss models.Epss if err := json.Unmarshal(body, &epss); err != nil { - return nil, err - } - log.Println("EPSS response total:", epss.Total) - - for i, v := range vulnerabilities { - for _, sv := range epss.Scores { - if sv.Cve == v.Cve { - vulnerabilities[i].Epss = sv - } - } + return models.Epss{}, err } - return vulnerabilities, nil + return epss, nil } - return nil, nil + return models.Epss{}, fmt.Errorf("EPSS API request failed with status code: %d", resp.StatusCode()) } diff --git a/lib/loader.go b/lib/loader.go index bbf63ca..105798b 100644 --- a/lib/loader.go +++ b/lib/loader.go @@ -62,49 +62,66 @@ func loadFolderPurls(afs *afero.Afero, arg string) (scanned []models.ScannedFile } return } - func loadFilePurls(afs *afero.Afero, arg string) (scanned []models.ScannedFile, purls []string, licenses []string, err error) { - - var b []byte - - if arg == "-" { - log.Printf("Reading from stdin") - b, err = io.ReadAll(bufio.NewReader(os.Stdin)) - } else { - log.Printf("Reading: %v", arg) - b, err = afs.ReadFile(arg) + b, err := readFile(afs, arg) + if err != nil { + return scanned, nil, nil, err } + scanned = append(scanned, models.ScannedFile{ Name: arg, SHA256: fmt.Sprintf("%x", sha256.Sum256(b)), }) - if err != nil { - return scanned, nil, nil, err - } - if bytes.Contains(b, []byte("xmlns")) && bytes.Contains(b, []byte("CycloneDX")) { + if isCycloneDXXML(b) { log.Println("Detected CycloneDX XML") return processCycloneDX(b, scanned, xml.Unmarshal) - } else if bytes.Contains(b, []byte("bomFormat")) && bytes.Contains(b, []byte("CycloneDX")) { + } else if isCycloneDXJSON(b) { log.Println("Detected CycloneDX JSON") return processCycloneDX(b, scanned, json.Unmarshal) - } else if bytes.Contains(b, []byte("SPDXRef-DOCUMENT")) { + } else if isSPDX(b) { log.Println("Detected SPDX") var sbom spdx.BOM if err = json.Unmarshal(b, &sbom); err == nil { return scanned, sbom.Purls(), sbom.Licenses(), err } - } else if bytes.Contains(b, []byte("https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-")) { + } else if isSyft(b) { log.Println("Detected Syft") var sbom syft.BOM if err = json.Unmarshal(b, &sbom); err == nil { return scanned, sbom.Purls(), sbom.Licenses(), err } } + log.Printf("WARNING: %v isn't a valid SBOM", arg) return scanned, nil, nil, fmt.Errorf("%v is not a SBOM recognized by bomber", arg) } +func readFile(afs *afero.Afero, arg string) ([]byte, error) { + if arg == "-" { + log.Printf("Reading from stdin") + return io.ReadAll(bufio.NewReader(os.Stdin)) + } + log.Printf("Reading: %v", arg) + return afs.ReadFile(arg) +} + +func isCycloneDXXML(b []byte) bool { + return bytes.Contains(b, []byte("xmlns")) && bytes.Contains(b, []byte("CycloneDX")) +} + +func isCycloneDXJSON(b []byte) bool { + return bytes.Contains(b, []byte("bomFormat")) && bytes.Contains(b, []byte("CycloneDX")) +} + +func isSPDX(b []byte) bool { + return bytes.Contains(b, []byte("SPDXRef-DOCUMENT")) +} + +func isSyft(b []byte) bool { + return bytes.Contains(b, []byte("https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-")) +} + func processCycloneDX(b []byte, s []models.ScannedFile, unmarshal func([]byte, interface{}) error) (scanned []models.ScannedFile, purls []string, licenses []string, err error) { var sbom cyclone.BOM if err = unmarshal(b, &sbom); err == nil { @@ -113,19 +130,37 @@ func processCycloneDX(b []byte, s []models.ScannedFile, unmarshal func([]byte, i return } -// LoadIgnore loads a list of CVEs entered one on each line from the filename provided +// LoadIgnore loads a list of CVEs entered one on each line from the filename func LoadIgnore(afs *afero.Afero, ignoreFile string) (cves []string, err error) { f, err := afs.Open(ignoreFile) if err != nil { log.Printf("error opening ignore: %v\n", err) return } - r := bufio.NewReader(f) - line, _, e := r.ReadLine() - for e == nil { - cves = append(cves, string(line)) - line, _, e = r.ReadLine() + defer func() { + _ = f.Close() + }() + + scanner := bufio.NewScanner(f) + for scanner.Scan() { + cves = append(cves, scanner.Text()) } return } + +// func LoadIgnore(afs *afero.Afero, ignoreFile string) (cves []string, err error) { +// f, err := afs.Open(ignoreFile) +// if err != nil { +// log.Printf("error opening ignore: %v\n", err) +// return +// } +// r := bufio.NewReader(f) +// line, _, e := r.ReadLine() +// for e == nil { +// cves = append(cves, string(line)) +// line, _, e = r.ReadLine() +// } + +// return +// } diff --git a/renderers/html/html.go b/renderers/html/html.go index 1cbb75b..2659b06 100644 --- a/renderers/html/html.go +++ b/renderers/html/html.go @@ -3,12 +3,12 @@ package html import ( "fmt" + "html/template" "log" "math" "path/filepath" "strconv" "strings" - "text/template" "time" "github.com/devops-kung-fu/common/util" diff --git a/renderers/stdout/stdout.go b/renderers/stdout/stdout.go index bc12b0f..bdd8ce1 100644 --- a/renderers/stdout/stdout.go +++ b/renderers/stdout/stdout.go @@ -75,6 +75,11 @@ func (Renderer) Render(results models.Results) (err error) { t.Style().Options.SeparateRows = true t.Render() } + renderFooter(vulnCount, results) + return +} + +func renderFooter(vulnCount int, results models.Results) { if vulnCount > 0 { fmt.Println() color.Red.Printf("Total vulnerabilities found: %v\n", vulnCount) @@ -96,7 +101,6 @@ func (Renderer) Render(results models.Results) (err error) { fmt.Println("not mean that there are no vulnerabilities. Please try the other providers that bomber") fmt.Println("supports (osv, ossindex)") } - return } func renderSeveritySummary(summary models.Summary) { From e8204108dfb45450e1ad2388933d7d61ca2cb3fc Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Fri, 17 Nov 2023 10:38:14 -0700 Subject: [PATCH 05/20] More test cases and hardening --- cmd/scan.go | 6 ++++-- lib/loader.go | 17 +--------------- lib/scanner.go | 49 +++++++++++++++++++++++++++------------------ lib/scanner_test.go | 43 ++++++++++++++++++++++++++++++++++++++- lib/util.go | 32 +++++++++++++++++++++++++++++ lib/util_test.go | 34 +++++++++++++++++++++++++++++-- 6 files changed, 140 insertions(+), 41 deletions(-) diff --git a/cmd/scan.go b/cmd/scan.go index 1dfaa58..5a00fa0 100644 --- a/cmd/scan.go +++ b/cmd/scan.go @@ -39,13 +39,15 @@ var ( Run: func(cmd *cobra.Command, args []string) { scanner.Version = version scanner.Output = output - if err := scanner.Scan(Afs, args); err != nil { + scanner.Afs = Afs + code, err := scanner.Scan(args) + if err != nil { util.PrintErr(err) os.Exit(1) } log.Println("Finished") - os.Exit(0) + os.Exit(code) }, } ) diff --git a/lib/loader.go b/lib/loader.go index 105798b..d3fc016 100644 --- a/lib/loader.go +++ b/lib/loader.go @@ -62,6 +62,7 @@ func loadFolderPurls(afs *afero.Afero, arg string) (scanned []models.ScannedFile } return } + func loadFilePurls(afs *afero.Afero, arg string) (scanned []models.ScannedFile, purls []string, licenses []string, err error) { b, err := readFile(afs, arg) if err != nil { @@ -148,19 +149,3 @@ func LoadIgnore(afs *afero.Afero, ignoreFile string) (cves []string, err error) return } - -// func LoadIgnore(afs *afero.Afero, ignoreFile string) (cves []string, err error) { -// f, err := afs.Open(ignoreFile) -// if err != nil { -// log.Printf("error opening ignore: %v\n", err) -// return -// } -// r := bufio.NewReader(f) -// line, _, e := r.ReadLine() -// for e == nil { -// cves = append(cves, string(line)) -// line, _, e = r.ReadLine() -// } - -// return -// } diff --git a/lib/scanner.go b/lib/scanner.go index 5dba3f7..2c4b229 100644 --- a/lib/scanner.go +++ b/lib/scanner.go @@ -4,7 +4,6 @@ package lib import ( "fmt" "log" - "os" "slices" "strings" "time" @@ -35,9 +34,8 @@ type Scanner struct { } // Scan performs the vulnerability scan. -func (s *Scanner) Scan(afs *afero.Afero, args []string) (err error) { +func (s *Scanner) Scan(args []string) (exitCode int, err error) { // Load packages and associated data - s.Afs = afs scanned, purls, licenses, err := Load(s.Afs, args) if err != nil { log.Print(err) @@ -53,28 +51,29 @@ func (s *Scanner) Scan(afs *afero.Afero, args []string) (err error) { // Perform the package scan response, err := s.scanPackages(purls) if err != nil { - return err + return 1, err } // Process and output the scan results - s.processResults(scanned, licenses, response) - return + return s.processResults(scanned, licenses, response), nil } // scanPackages performs the core logic of scanning packages. -func (s *Scanner) scanPackages(purls []string) ([]models.Package, error) { +func (s *Scanner) scanPackages(purls []string) (response []models.Package, err error) { // Detect and print information about ecosystems ecosystems := s.detectEcosystems(purls) spinner := spinner.New(spinner.CharSets[9], 100*time.Millisecond) // Sanitize package URLs and handle initial console output purls, issues := filters.Sanitize(purls) - s.printInitialInfo(len(purls), ecosystems, issues, spinner) + s.printHeader(len(purls), ecosystems, issues, spinner) // Perform the actual scan with the selected provider - response, err := s.Provider.Scan(purls, &s.Credentials) - if err != nil { - return nil, err + if s.Provider != nil { + response, err = s.Provider.Scan(purls, &s.Credentials) + if err != nil { + return nil, err + } } // Load ignore data if specified @@ -106,8 +105,8 @@ func (s *Scanner) detectEcosystems(purls []string) []string { return ecosystems } -// printInitialInfo prints initial information about the scan. -func (s *Scanner) printInitialInfo(purlCount int, ecosystems []string, issues []models.Issue, spinner *spinner.Spinner) { +// printHeader prints initial information about the scan. +func (s *Scanner) printHeader(purlCount int, ecosystems []string, issues []models.Issue, spinner *spinner.Spinner) { if s.Output != "json" { util.PrintInfo("Ecosystems detected:", strings.Join(ecosystems, ",")) @@ -116,7 +115,7 @@ func (s *Scanner) printInitialInfo(purlCount int, ecosystems []string, issues [] } util.PrintInfof("Scanning %v packages for vulnerabilities...\n", purlCount) - util.PrintInfo("Vulnerability Provider:", s.Provider.Info(), "\n") + util.PrintInfo("Vulnerability Provider:", s.getProviderInfo(), "\n") if s.Severity != "" { util.PrintInfof("Showing vulnerabilities with a severity of %s or higher", strings.ToUpper(s.Severity)) @@ -128,6 +127,13 @@ func (s *Scanner) printInitialInfo(purlCount int, ecosystems []string, issues [] } } +func (s *Scanner) getProviderInfo() string { + if s.Provider == nil { + return "N/A" // or any other default value or message + } + return s.Provider.Info() +} + // loadIgnoreData loads the ignore data from a file if specified. func (s *Scanner) loadIgnoreData(afs *afero.Afero, ignoreFile string) ([]string, error) { if ignoreFile != "" { @@ -170,7 +176,7 @@ func (s *Scanner) enrichAndIgnoreVulnerabilities(response []models.Package, igno } // processResults handles the final processing and output of scan results. -func (s *Scanner) processResults(scanned []models.ScannedFile, licenses []string, response []models.Package) { +func (s *Scanner) processResults(scanned []models.ScannedFile, licenses []string, response []models.Package) int { log.Println("Building severity summary") for _, r := range response { for _, v := range r.Vulnerabilities { @@ -182,19 +188,22 @@ func (s *Scanner) processResults(scanned []models.ScannedFile, licenses []string results := models.NewResults(response, s.SeveritySummary, scanned, licenses, s.Version, s.ProviderName) // Render results using the specified renderer - if err := s.Renderer.Render(results); err != nil { - log.Println(err) + if s.Renderer != nil { + if err := s.Renderer.Render(results); err != nil { + log.Println(err) + } } // Exit with code if required - s.exitWithCodeIfRequired(results) + return s.exitWithCodeIfRequired(results) } // exitWithCodeIfRequired exits the program with the appropriate code based on severity. -func (s *Scanner) exitWithCodeIfRequired(results models.Results) { +func (s *Scanner) exitWithCodeIfRequired(results models.Results) int { if s.ExitCode { code := HighestSeverityExitCode(FlattenVulnerabilities(results.Packages)) log.Printf("fail severity: %d", code) - os.Exit(code) + return code } + return 0 } diff --git a/lib/scanner_test.go b/lib/scanner_test.go index b117eb9..acc3327 100644 --- a/lib/scanner_test.go +++ b/lib/scanner_test.go @@ -4,8 +4,12 @@ package lib import ( "testing" + "github.com/devops-kung-fu/common/util" "github.com/spf13/afero" "github.com/stretchr/testify/assert" + + cyclonedx "github.com/devops-kung-fu/bomber/formats/cyclonedx" + "github.com/devops-kung-fu/bomber/models" ) func Test_detectEcosystems(t *testing.T) { @@ -22,7 +26,7 @@ func Test_detectEcosystems(t *testing.T) { assert.ElementsMatch(t, []string{"golang", "npm"}, result, "Detected ecosystems do not match expected result") } -func TestScanner_loadIgnoreData(t *testing.T) { +func Test_loadIgnoreData(t *testing.T) { afs := &afero.Afero{Fs: afero.NewMemMapFs()} err := afs.WriteFile("/.bomber.ignore", []byte("CVE-2022-31163"), 0644) @@ -42,3 +46,40 @@ func TestScanner_loadIgnoreData(t *testing.T) { assert.NoError(t, err) assert.Len(t, results, 0) } + +func TestScanner_Scan(t *testing.T) { + output := util.CaptureOutput(func() { + afs := &afero.Afero{Fs: afero.NewMemMapFs()} + + err := afs.WriteFile("/test-cyclonedx.json", cyclonedx.TestBytes(), 0644) + assert.NoError(t, err) + + scanner := Scanner{ + Output: "json", + Afs: afs, + } + + code, err := scanner.Scan([]string{"/test-cyclonedx.json"}) + assert.NoError(t, err) + assert.Equal(t, 0, code) + + scanner.Output = "stdout" + code, err = scanner.Scan([]string{"/test-cyclonedx.json"}) + assert.NoError(t, err) + assert.Equal(t, 0, code) + }) + + assert.NotNil(t, output) +} + +func TestScanner_exitWithCodeIfRequired(t *testing.T) { + scanner := Scanner{ + ExitCode: false, + } + code := scanner.exitWithCodeIfRequired(models.Results{}) + assert.Equal(t, 0, code) + + scanner.ExitCode = true + code = scanner.exitWithCodeIfRequired(models.Results{}) + assert.Equal(t, 10, code) +} diff --git a/lib/util.go b/lib/util.go index ebcc6ec..58461b3 100644 --- a/lib/util.go +++ b/lib/util.go @@ -1,6 +1,7 @@ package lib import ( + "reflect" "strings" "github.com/devops-kung-fu/bomber/models" @@ -83,6 +84,7 @@ func HighestSeverityExitCode(vulnerabilities []models.Vulnerability) int { return severityExitCodes[highestSeverity] } +// FlattenVulnerabilities flattens all vulnerabilities for a package func FlattenVulnerabilities(packages []models.Package) []models.Vulnerability { var flattenedVulnerabilities []models.Vulnerability @@ -92,3 +94,33 @@ func FlattenVulnerabilities(packages []models.Package) []models.Vulnerability { return flattenedVulnerabilities } + +// UniqueFieldValues returns a slice of unique field values from a slice of structs given the property +func UniqueFieldValues[T any](input []T, fieldName string) []interface{} { + // Use a map to store unique field values + fieldValuesMap := make(map[interface{}]struct{}) + + // Iterate through the input slice + for _, item := range input { + // Use reflection to get the struct's value + value := reflect.ValueOf(item) + + // Check if the struct has the specified field + if fieldValue := value.FieldByName(fieldName); fieldValue.IsValid() { + // If the field exists, add its value to the map + fieldValuesMap[fieldValue.Interface()] = struct{}{} + } + // If the field doesn't exist, do nothing + + } + + // Create a slice to store unique field values + var uniqueFieldValuesSlice []interface{} + + // Iterate through the map keys and add them to the slice + for fieldValue := range fieldValuesMap { + uniqueFieldValuesSlice = append(uniqueFieldValuesSlice, fieldValue) + } + + return uniqueFieldValuesSlice +} diff --git a/lib/util_test.go b/lib/util_test.go index 1ac5fa8..605b921 100644 --- a/lib/util_test.go +++ b/lib/util_test.go @@ -8,7 +8,7 @@ import ( "github.com/devops-kung-fu/bomber/models" ) -func TestRating(t *testing.T) { +func Test_Rating(t *testing.T) { rating := 0.0 result := Rating(rating) assert.Equal(t, "UNSPECIFIED", result) @@ -28,6 +28,10 @@ func TestRating(t *testing.T) { rating = 9.0 result = Rating(rating) assert.Equal(t, "CRITICAL", result) + + rating = 19.0 + result = Rating(rating) + assert.Equal(t, "UNSPECIFIED", result) } func TestAdjustSummary(t *testing.T) { @@ -78,7 +82,7 @@ func TestParseSeverity(t *testing.T) { assert.Equal(t, expected, result) }) - t.Run("Invalid severity: undefined", func(t *testing.T) { + t.Run("Invalid severity: invalid", func(t *testing.T) { severity := "invalid" expected := 0 result := ParseSeverity(severity) @@ -91,6 +95,13 @@ func TestParseSeverity(t *testing.T) { result := ParseSeverity(severity) assert.Equal(t, expected, result) }) + + t.Run("Valid severity: undefined", func(t *testing.T) { + severity := "undefined" + expected := 10 + result := ParseSeverity(severity) + assert.Equal(t, expected, result) + }) } func TestHighestSeverityExitCode(t *testing.T) { @@ -144,3 +155,22 @@ func TestFlattenVulnerabilities(t *testing.T) { // Check if the actual result matches the expected result using assert.ElementsMatch assert.ElementsMatch(t, expectedVulnerabilities, flattenedVulnerabilities) } + +func Test_UniqueFieldValues(t *testing.T) { + type TestStruct struct { + CVE string + // other properties... + } + structs := []TestStruct{ + {CVE: "CVE-2021-1234"}, + {CVE: "CVE-2021-5678"}, + {CVE: "CVE-2021-1234"}, // Duplicate + } + + // Get unique CVEs using the function + uniqueCVEs := UniqueFieldValues(structs, "CVE") + assert.Len(t, uniqueCVEs, 2) + + shouldBeNothing := UniqueFieldValues(structs, "ABC") + assert.Len(t, shouldBeNothing, 0) +} From 41bf90bc4e0bf7e993d93ffaff726ad638820883 Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Mon, 20 Nov 2023 12:43:42 -0700 Subject: [PATCH 06/20] More test coverage --- lib/scanner_test.go | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/lib/scanner_test.go b/lib/scanner_test.go index acc3327..1a5a4e4 100644 --- a/lib/scanner_test.go +++ b/lib/scanner_test.go @@ -83,3 +83,40 @@ func TestScanner_exitWithCodeIfRequired(t *testing.T) { code = scanner.exitWithCodeIfRequired(models.Results{}) assert.Equal(t, 10, code) } + +func Test_FilterVulngerabilities(t *testing.T) { + // Create a sample Scanner instance with a severity filter + scanner := Scanner{Severity: "HIGH"} + + // Create a sample response with vulnerabilities + response := []models.Package{ + { + Purl: "sample/package", + Vulnerabilities: []models.Vulnerability{ + {Severity: "LOW"}, + {Severity: "MODERATE"}, + {Severity: "HIGH"}, + {Severity: "CRITICAL"}, + }, + }, + { + Purl: "another/package", + Vulnerabilities: []models.Vulnerability{ + {Severity: "LOW"}, + {Severity: "HIGH"}, + {Severity: "CRITICAL"}, + }, + }, + } + + // Call the filterVulnerabilities method + scanner.filterVulnerabilities(response) + + // Check if the vulnerabilities have been filtered correctly + assert.Equal(t, "HIGH", response[0].Vulnerabilities[0].Severity) + assert.Equal(t, 2, len(response[0].Vulnerabilities)) // Expecting other severities to be filtered out + + assert.Equal(t, "HIGH", response[1].Vulnerabilities[0].Severity) + assert.Equal(t, "CRITICAL", response[1].Vulnerabilities[1].Severity) + assert.Equal(t, 0, len(response[1].Vulnerabilities)-2) // Expecting LOW severity to be filtered out +} From a3fa2d353c3112695474e82e0b41ff2274b5c502 Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Mon, 20 Nov 2023 15:32:20 -0700 Subject: [PATCH 07/20] More test cases --- lib/scanner_test.go | 86 +++++++++++++++++++++++++++++++++++-- renderers/html/html.go | 63 +++++++++++++++------------ renderers/html/html_test.go | 27 ++++++++++++ 3 files changed, 145 insertions(+), 31 deletions(-) diff --git a/lib/scanner_test.go b/lib/scanner_test.go index 1a5a4e4..fdb0dc3 100644 --- a/lib/scanner_test.go +++ b/lib/scanner_test.go @@ -12,6 +12,18 @@ import ( "github.com/devops-kung-fu/bomber/models" ) +// MockProvider is a mock implementation of the Provider interface for testing purposes +type MockProvider struct{} + +func (mp MockProvider) Scan(purls []string, credentials *models.Credentials) (packages []models.Package, err error) { + return []models.Package{}, nil +} + +// Info returns a mock provider info string +func (mp MockProvider) Info() string { + return "MockProviderInfo" +} + func Test_detectEcosystems(t *testing.T) { scanner := Scanner{} @@ -47,7 +59,7 @@ func Test_loadIgnoreData(t *testing.T) { assert.Len(t, results, 0) } -func TestScanner_Scan(t *testing.T) { +func Test_Scanner_Scan(t *testing.T) { output := util.CaptureOutput(func() { afs := &afero.Afero{Fs: afero.NewMemMapFs()} @@ -59,7 +71,11 @@ func TestScanner_Scan(t *testing.T) { Afs: afs, } - code, err := scanner.Scan([]string{"/test-cyclonedx.json"}) + code, err := scanner.Scan([]string{}) + assert.NoError(t, err) + assert.Equal(t, 0, code) + + code, err = scanner.Scan([]string{"/test-cyclonedx.json"}) assert.NoError(t, err) assert.Equal(t, 0, code) @@ -72,7 +88,7 @@ func TestScanner_Scan(t *testing.T) { assert.NotNil(t, output) } -func TestScanner_exitWithCodeIfRequired(t *testing.T) { +func Test_Scanner_exitWithCodeIfRequired(t *testing.T) { scanner := Scanner{ ExitCode: false, } @@ -84,7 +100,53 @@ func TestScanner_exitWithCodeIfRequired(t *testing.T) { assert.Equal(t, 10, code) } -func Test_FilterVulngerabilities(t *testing.T) { +func Test_Scanner_enrichAndIgnoreVulnerabilities(t *testing.T) { + t.Run("EnrichVulnerabilities", func(t *testing.T) { + // Create a sample Scanner instance + scanner := Scanner{} + + // Create a sample response with vulnerabilities + response := []models.Package{ + { + Purl: "sample/package", + Vulnerabilities: []models.Vulnerability{ + {ID: "1", Title: "Vuln1"}, + {ID: "2", Title: "Vuln2"}, + }, + }, + } + + scanner.enrichAndIgnoreVulnerabilities(response, nil) + + assert.Equal(t, "", response[0].Vulnerabilities[0].Description) + assert.Equal(t, "", response[0].Vulnerabilities[1].Description) + }) + + t.Run("IgnoreVulnerabilities", func(t *testing.T) { + // Create a sample Scanner instance + scanner := Scanner{} + + // Create a sample response with vulnerabilities + response := []models.Package{ + { + Purl: "sample/package", + Vulnerabilities: []models.Vulnerability{ + {ID: "1", Title: "Vuln1"}, + {ID: "2", Title: "Vuln2"}, + }, + }, + } + + // Call the enrichAndIgnoreVulnerabilities method with ignoredCVE + scanner.enrichAndIgnoreVulnerabilities(response, []string{"1"}) + + // Check if the specified vulnerabilities have been ignored + assert.Len(t, response[0].Vulnerabilities, 1) + assert.Equal(t, "Vuln2", response[0].Vulnerabilities[0].Title) + }) +} + +func Test_FilterVulnerabilities(t *testing.T) { // Create a sample Scanner instance with a severity filter scanner := Scanner{Severity: "HIGH"} @@ -120,3 +182,19 @@ func Test_FilterVulngerabilities(t *testing.T) { assert.Equal(t, "CRITICAL", response[1].Vulnerabilities[1].Severity) assert.Equal(t, 0, len(response[1].Vulnerabilities)-2) // Expecting LOW severity to be filtered out } + +func Test_ScannerGetProviderInfo(t *testing.T) { + t.Run("WithMockProvider", func(t *testing.T) { + scanner := Scanner{Provider: MockProvider{}} + result := scanner.getProviderInfo() + + assert.Equal(t, "MockProviderInfo", result) + }) + + t.Run("WithNilProvider", func(t *testing.T) { + scanner := Scanner{Provider: nil} + result := scanner.getProviderInfo() + + assert.Equal(t, "N/A", result) + }) +} diff --git a/renderers/html/html.go b/renderers/html/html.go index 2659b06..a658fdb 100644 --- a/renderers/html/html.go +++ b/renderers/html/html.go @@ -19,54 +19,44 @@ import ( "github.com/devops-kung-fu/bomber/models" ) -// Renderer contains methods to render results to an HTMLfile +// Renderer contains methods to render results to an HTML file type Renderer struct{} // Render renders results to an HTML file -func (Renderer) Render(results models.Results) (err error) { +func (Renderer) Render(results models.Results) error { var afs *afero.Afero - //This is sort of hacky, but since this output writes a file, test cases need to write the output in memory. + if results.Meta.Provider == "test" { afs = &afero.Afero{Fs: afero.NewMemMapFs()} } else { afs = &afero.Afero{Fs: afero.NewOsFs()} } - t := time.Now() - r := strings.NewReplacer("-", "", " ", "-", ":", "-") - filename := t.Format("2006-01-02 15:04:05") - filename, _ = filepath.Abs(fmt.Sprintf("./%s-bomber-results.html", r.Replace(filename))) + filename := generateFilename() util.PrintInfo("Writing filename:", filename) - err = writeTemplate(afs, filename, results) + + err := writeTemplate(afs, filename, results) if err != nil { log.Println(err) - return } - return + return err } -func writeTemplate(afs *afero.Afero, filename string, results models.Results) (err error) { - for i, p := range results.Packages { - percentageString := "N/A" - for vi, v := range p.Vulnerabilities { - per, err := strconv.ParseFloat(v.Epss.Percentile, 64) - if err != nil { - log.Println(err) - } else { - percentage := math.Round(per * 100) - if percentage > 0 { - percentageString = fmt.Sprintf("%d%%", uint64(percentage)) - } - } - results.Packages[i].Vulnerabilities[vi].Epss.Percentile = percentageString - } - } +func generateFilename() string { + t := time.Now() + r := strings.NewReplacer("-", "", " ", "-", ":", "-") + return filepath.Join(".", fmt.Sprintf("%s-bomber-results.html", r.Replace(t.Format("2006-01-02 15:04:05")))) +} + +func writeTemplate(afs *afero.Afero, filename string, results models.Results) error { + processPercentiles(results) file, err := afs.Create(filename) if err != nil { log.Println(err) return err } + markdownToHTML(results) template := genTemplate("output") @@ -75,13 +65,32 @@ func writeTemplate(afs *afero.Afero, filename string, results models.Results) (e log.Println(err) return err } + err = afs.Fs.Chmod(filename, 0777) if err != nil { log.Println(err) return err } - return + return nil +} + +func processPercentiles(results models.Results) { + for i, p := range results.Packages { + for vi, v := range p.Vulnerabilities { + per, err := strconv.ParseFloat(v.Epss.Percentile, 64) + if err != nil { + log.Println(err) + } else { + percentage := math.Round(per * 100) + if percentage > 0 { + results.Packages[i].Vulnerabilities[vi].Epss.Percentile = fmt.Sprintf("%d%%", uint64(percentage)) + } else { + results.Packages[i].Vulnerabilities[vi].Epss.Percentile = "N/A" + } + } + } + } } func markdownToHTML(results models.Results) { diff --git a/renderers/html/html_test.go b/renderers/html/html_test.go index dcb0094..b513623 100644 --- a/renderers/html/html_test.go +++ b/renderers/html/html_test.go @@ -45,6 +45,33 @@ func TestRenderer_Render(t *testing.T) { assert.NotNil(t, output) } +func Test_processPercentiles(t *testing.T) { + // Create a sample Results struct for testing + results := models.Results{ + Packages: []models.Package{ + { + Vulnerabilities: []models.Vulnerability{ + { + Epss: models.EpssScore{Percentile: "0.75"}, + }, + { + Epss: models.EpssScore{Percentile: "invalid"}, // Simulate an invalid percentile + }, + { + Epss: models.EpssScore{Percentile: "0"}, // Simulate a zero percentile + }, + }, + }, + }, + } + + processPercentiles(results) + + assert.Equal(t, "75%", results.Packages[0].Vulnerabilities[0].Epss.Percentile, "Expected 75% percentile") + assert.Equal(t, "invalid", results.Packages[0].Vulnerabilities[1].Epss.Percentile, "Expected invalid for invalid percentile") + assert.Equal(t, "N/A", results.Packages[0].Vulnerabilities[2].Epss.Percentile, "Expected N/A for zero percentile") +} + func Test_markdownToHTML(t *testing.T) { packages := []models.Package{ { From c86509a93fd016356a268aa2fd1298a04df316bc Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Mon, 20 Nov 2023 15:59:01 -0700 Subject: [PATCH 08/20] More test cases --- renderers/html/html.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renderers/html/html.go b/renderers/html/html.go index a658fdb..efa0e6b 100644 --- a/renderers/html/html.go +++ b/renderers/html/html.go @@ -3,12 +3,12 @@ package html import ( "fmt" - "html/template" "log" "math" "path/filepath" "strconv" "strings" + "text/template" "time" "github.com/devops-kung-fu/common/util" From 089c0850daad2762a6df140071317516ab3ece36 Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Mon, 20 Nov 2023 16:17:37 -0700 Subject: [PATCH 09/20] logging --- lib/enrichment/epss.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/enrichment/epss.go b/lib/enrichment/epss.go index f1eff3a..1cd5bb8 100644 --- a/lib/enrichment/epss.go +++ b/lib/enrichment/epss.go @@ -37,7 +37,7 @@ func Enrich(vulnerabilities []models.Vulnerability) ([]models.Vulnerability, err return nil, err } - log.Printf("EPSS response total: %v", epss.Total) + log.Printf("%v EPSS responses for %v vulnerabilities", epss.Total, len(vulnerabilities)) for i, v := range vulnerabilities { for _, sv := range epss.Scores { @@ -57,6 +57,7 @@ func getCveBatch(vulnerabilities []models.Vulnerability) []string { identifiers := make([]string, len(vulnerabilities)) for i, v := range vulnerabilities { identifiers[i] = v.Cve + } return identifiers } From 169e2ca95f53ba1ab9d31a1a58cc8a67b47bc542 Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Mon, 20 Nov 2023 16:22:15 -0700 Subject: [PATCH 10/20] Documentation --- main.go | 1 + 1 file changed, 1 insertion(+) diff --git a/main.go b/main.go index 6ea7e34..82334fc 100644 --- a/main.go +++ b/main.go @@ -1,3 +1,4 @@ +// Package main is the entry point for the bomber CLI. package main import ( From 425c791c67e587360eb2ddc38941bdb8754d0532 Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Mon, 20 Nov 2023 16:27:06 -0700 Subject: [PATCH 11/20] Code commenting --- lib/enrichment/epss.go | 19 ++++++++++++++++++- renderers/html/html.go | 14 ++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/lib/enrichment/epss.go b/lib/enrichment/epss.go index 1cd5bb8..85b9ce4 100644 --- a/lib/enrichment/epss.go +++ b/lib/enrichment/epss.go @@ -53,34 +53,51 @@ func Enrich(vulnerabilities []models.Vulnerability) ([]models.Vulnerability, err return enrichedVulnerabilities, nil } +// getCveBatch extracts CVE identifiers from a slice of Vulnerability models +// and returns a new slice containing only the CVE identifiers. func getCveBatch(vulnerabilities []models.Vulnerability) []string { identifiers := make([]string, len(vulnerabilities)) for i, v := range vulnerabilities { identifiers[i] = v.Cve - } return identifiers } +// fetchEpssData retrieves EPSS (Exploit Prediction Scoring System) data for +// a batch of CVEs from the EPSS API. It sends a GET request to the API with +// the specified CVEs, parses the JSON response, and returns an Epss model +// containing the fetched data. If the request or parsing fails, an error is returned. func fetchEpssData(cves []string) (models.Epss, error) { + // Create a new HTTP request. req := HttpRequest.NewRequest() + + // Send a GET request to the EPSS API with the concatenated CVEs. resp, err := req.JSON().Get(fmt.Sprintf("%s%s", epssBaseURL, strings.Join(cves, ","))) if err != nil { return models.Epss{}, err } defer func() { + // Close the response body when done. _ = resp.Close() }() + // Log the response status. log.Println("EPSS Response Status:", resp.StatusCode()) + // Retrieve the response body. body, _ := resp.Body() + + // Check if the request was successful (status code 200). if resp.StatusCode() == 200 { var epss models.Epss + + // Unmarshal the JSON response into the Epss model. if err := json.Unmarshal(body, &epss); err != nil { return models.Epss{}, err } return epss, nil } + + // If the request was not successful, return an error with the status code. return models.Epss{}, fmt.Errorf("EPSS API request failed with status code: %d", resp.StatusCode()) } diff --git a/renderers/html/html.go b/renderers/html/html.go index efa0e6b..fe6ba59 100644 --- a/renderers/html/html.go +++ b/renderers/html/html.go @@ -42,12 +42,20 @@ func (Renderer) Render(results models.Results) error { return err } +// generateFilename generates a unique filename based on the current timestamp +// in the format "2006-01-02 15:04:05" and replaces certain characters to +// create a valid filename. The resulting filename is a combination of the +// timestamp and a fixed suffix. func generateFilename() string { t := time.Now() r := strings.NewReplacer("-", "", " ", "-", ":", "-") return filepath.Join(".", fmt.Sprintf("%s-bomber-results.html", r.Replace(t.Format("2006-01-02 15:04:05")))) } +// writeTemplate writes the results to a file with the specified filename, +// using the given Afero filesystem interface. It creates the file, processes +// percentiles in the results, converts Markdown to HTML, and writes the +// templated results to the file. It also sets file permissions to 0777. func writeTemplate(afs *afero.Afero, filename string, results models.Results) error { processPercentiles(results) @@ -75,6 +83,9 @@ func writeTemplate(afs *afero.Afero, filename string, results models.Results) er return nil } +// processPercentiles calculates and updates the percentile values for +// vulnerabilities in the given results. It converts the percentile from +// a decimal to a percentage and updates the results in place. func processPercentiles(results models.Results) { for i, p := range results.Packages { for vi, v := range p.Vulnerabilities { @@ -93,6 +104,9 @@ func processPercentiles(results models.Results) { } } +// markdownToHTML converts the Markdown descriptions of vulnerabilities in +// the given results to HTML. It uses the Blackfriday library to perform the +// conversion and sanitizes the HTML using Bluemonday. func markdownToHTML(results models.Results) { for i := range results.Packages { for ii := range results.Packages[i].Vulnerabilities { From 9ae3cb13b16f4cc87daea31586de0bfb9d7b88a0 Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Tue, 21 Nov 2023 14:26:15 -0700 Subject: [PATCH 12/20] Uses the CycloneDX provided decoder --- .vscode/launch.json | 8 + _TESTDATA_/sbom/merged.json | 37196 ++++++++++++++++++++++++++++++++++ cmd/root.go | 5 +- lib/loader.go | 13 +- lib/scanner.go | 24 +- lib/scanner_test.go | 18 + lib/util.go | 24 +- lib/util_test.go | 18 - 8 files changed, 37256 insertions(+), 50 deletions(-) create mode 100644 _TESTDATA_/sbom/merged.json diff --git a/.vscode/launch.json b/.vscode/launch.json index 8c18b06..d1d8c89 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -108,6 +108,14 @@ "program": "${workspaceFolder}/main.go", "args": ["--debug=true", "--output=html", "scan", "./_TESTDATA_/sbom/juiceshop.cyclonedx.json"] }, + { + "name": "Debug File (ossindex - merged)", + "type": "go", + "request": "launch", + "mode": "auto", + "program": "${workspaceFolder}/main.go", + "args": ["--provider=ossindex", "--debug=true", "scan", "./_TESTDATA_/sbom/merged.json"] + }, { "name": "Debug File (ossindex - railsgoat)", "type": "go", diff --git a/_TESTDATA_/sbom/merged.json b/_TESTDATA_/sbom/merged.json new file mode 100644 index 0000000..8b28ae2 --- /dev/null +++ b/_TESTDATA_/sbom/merged.json @@ -0,0 +1,37196 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "serialNumber": "urn:uuid:5fe416ab-9c49-4736-9f50-4a4cd2943ae1", + "version": 1, + "metadata": { + "tools": [ + { + "vendor": "CycloneDX", + "name": "Node.js module", + "version": "2.0.0" + }, + { + "vendor": "anchore", + "name": "syft", + "version": "[not provided]" + } + ], + "component": { + "type": "application", + "bom-ref": "test@1.1", + "name": "test", + "version": "1.1" + } + }, + "components": [ + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/juice-shop@11.1.2", + "name": "juice-shop", + "version": "11.1.2", + "description": "Probably the most modern and sophisticated insecure web application", + "licenses": [ + { + "expression": "(AFL-2.1 OR BSD-3-Clause)" + } + ], + "purl": "pkg:npm/juice-shop@11.1.2", + "externalReferences": [ + { + "url": "https://owasp-juice.shop", + "type": "website" + }, + { + "url": "https://github.com/bkimminich/juice-shop/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/bkimminich/juice-shop.git", + "type": "vcs" + } + ], + "components": [ + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/body-parser@1.19.0", + "name": "body-parser", + "version": "1.19.0", + "description": "Node.js body parsing middleware", + "hashes": [ + { + "alg": "SHA-1", + "content": "96b2709e57c9c4e09a6fd66a8fd979844f69f08a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/body-parser@1.19.0", + "externalReferences": [ + { + "url": "https://github.com/expressjs/body-parser#readme", + "type": "website" + }, + { + "url": "https://github.com/expressjs/body-parser/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/expressjs/body-parser.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/bytes@3.1.0", + "name": "bytes", + "version": "3.1.0", + "description": "Utility to parse a string bytes to bytes and vice-versa", + "hashes": [ + { + "alg": "SHA-1", + "content": "f6cf7933a360e0588fa9fde85651cdc7f805d1f6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bytes@3.1.0", + "externalReferences": [ + { + "url": "https://github.com/visionmedia/bytes.js#readme", + "type": "website" + }, + { + "url": "https://github.com/visionmedia/bytes.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/visionmedia/bytes.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/content-type@1.0.4", + "name": "content-type", + "version": "1.0.4", + "description": "Create and parse HTTP Content-Type header", + "hashes": [ + { + "alg": "SHA-1", + "content": "e138cc75e040c727b1966fe5e5f8c9aee256fe3b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/content-type@1.0.4", + "externalReferences": [ + { + "url": "https://github.com/jshttp/content-type#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/content-type/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/content-type.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/debug@2.6.9", + "name": "debug", + "version": "2.6.9", + "description": "small debugging utility", + "hashes": [ + { + "alg": "SHA-1", + "content": "5d128515df134ff327e90a4c93f4e077a536341f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@2.6.9", + "externalReferences": [ + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ms@2.0.0", + "name": "ms", + "version": "2.0.0", + "description": "Tiny millisecond conversion utility", + "hashes": [ + { + "alg": "SHA-1", + "content": "5608aeadfc00be6c2901df5f9861788de0d597c8" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/zeit/ms#readme", + "type": "website" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/zeit/ms.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/depd@1.1.2", + "name": "depd", + "version": "1.1.2", + "description": "Deprecate all the things", + "hashes": [ + { + "alg": "SHA-1", + "content": "9bcd52e14c097763e749b274c4346ed2e560b5a9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/depd@1.1.2", + "externalReferences": [ + { + "url": "https://github.com/dougwilson/nodejs-depd#readme", + "type": "website" + }, + { + "url": "https://github.com/dougwilson/nodejs-depd/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/dougwilson/nodejs-depd.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/http-errors@1.7.2", + "name": "http-errors", + "version": "1.7.2", + "description": "Create HTTP error objects", + "hashes": [ + { + "alg": "SHA-1", + "content": "4f5029cf13239f31036e5b2e55292bcfbcc85c8f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http-errors@1.7.2", + "externalReferences": [ + { + "url": "https://github.com/jshttp/http-errors#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/http-errors/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/http-errors.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/inherits@2.0.3", + "name": "inherits", + "version": "2.0.3", + "description": "Browser-friendly inheritance fully compatible with standard node.js inherits()", + "hashes": [ + { + "alg": "SHA-1", + "content": "633c2c83e3da42a502f52466022480f4208261de" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inherits@2.0.3", + "externalReferences": [ + { + "url": "https://github.com/isaacs/inherits#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/inherits/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/isaacs/inherits.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/setprototypeof@1.1.1", + "name": "setprototypeof", + "version": "1.1.1", + "description": "A small polyfill for Object.setprototypeof", + "hashes": [ + { + "alg": "SHA-1", + "content": "7e95acb24aa92f5885e0abef5ba131330d4ae683" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/setprototypeof@1.1.1", + "externalReferences": [ + { + "url": "https://github.com/wesleytodd/setprototypeof", + "type": "website" + }, + { + "url": "https://github.com/wesleytodd/setprototypeof/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/wesleytodd/setprototypeof.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/statuses@1.5.0", + "name": "statuses", + "version": "1.5.0", + "description": "HTTP status utility", + "hashes": [ + { + "alg": "SHA-1", + "content": "161c7dac177659fd9811f43771fa99381478628c" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/statuses@1.5.0", + "externalReferences": [ + { + "url": "https://github.com/jshttp/statuses#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/statuses/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/statuses.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/toidentifier@1.0.0", + "name": "toidentifier", + "version": "1.0.0", + "description": "Convert a string of words to a JavaScript identifier", + "hashes": [ + { + "alg": "SHA-1", + "content": "7e1be3470f1e77948bc43d94a3c8f4d7752ba553" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/toidentifier@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/component/toidentifier#readme", + "type": "website" + }, + { + "url": "https://github.com/component/toidentifier/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/component/toidentifier.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/iconv-lite@0.4.24", + "name": "iconv-lite", + "version": "0.4.24", + "description": "Convert character encodings in pure javascript.", + "hashes": [ + { + "alg": "SHA-1", + "content": "2022b4b25fbddc21d2f524974a474aafe733908b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/iconv-lite@0.4.24", + "externalReferences": [ + { + "url": "https://github.com/ashtuchkin/iconv-lite", + "type": "website" + }, + { + "url": "https://github.com/ashtuchkin/iconv-lite/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/ashtuchkin/iconv-lite.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/safer-buffer@2.1.2", + "name": "safer-buffer", + "version": "2.1.2", + "description": "Modern Buffer API polyfill without footguns", + "hashes": [ + { + "alg": "SHA-1", + "content": "44fa161b0187b9549dd84bb91802f9bd8385cd6a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safer-buffer@2.1.2", + "externalReferences": [ + { + "url": "https://github.com/ChALkeR/safer-buffer#readme", + "type": "website" + }, + { + "url": "https://github.com/ChALkeR/safer-buffer/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/ChALkeR/safer-buffer.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/on-finished@2.3.0", + "name": "on-finished", + "version": "2.3.0", + "description": "Execute a callback when a request closes, finishes, or errors", + "hashes": [ + { + "alg": "SHA-1", + "content": "20f1336481b083cd75337992a16971aa2d906947" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/on-finished@2.3.0", + "externalReferences": [ + { + "url": "https://github.com/jshttp/on-finished#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/on-finished/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/on-finished.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ee-first@1.1.1", + "name": "ee-first", + "version": "1.1.1", + "description": "return the first event in a set of ee/event pairs", + "hashes": [ + { + "alg": "SHA-1", + "content": "590c61156b0ae2f4f0255732a158b266bc56b21d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ee-first@1.1.1", + "externalReferences": [ + { + "url": "https://github.com/jonathanong/ee-first#readme", + "type": "website" + }, + { + "url": "https://github.com/jonathanong/ee-first/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonathanong/ee-first.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/qs@6.7.0", + "name": "qs", + "version": "6.7.0", + "description": "A querystring parser that supports nesting and arrays, with a depth limit", + "hashes": [ + { + "alg": "SHA-1", + "content": "41dc1a015e3d581f1621776be31afb2876a9b1bc" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/qs@6.7.0", + "externalReferences": [ + { + "url": "https://github.com/ljharb/qs", + "type": "website" + }, + { + "url": "https://github.com/ljharb/qs/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/ljharb/qs.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/raw-body@2.4.0", + "name": "raw-body", + "version": "2.4.0", + "description": "Get and validate the raw body of a readable stream.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a1ce6fb9c9bc356ca52e89256ab59059e13d0332" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/raw-body@2.4.0", + "externalReferences": [ + { + "url": "https://github.com/stream-utils/raw-body#readme", + "type": "website" + }, + { + "url": "https://github.com/stream-utils/raw-body/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/stream-utils/raw-body.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/unpipe@1.0.0", + "name": "unpipe", + "version": "1.0.0", + "description": "Unpipe a stream from all destinations", + "hashes": [ + { + "alg": "SHA-1", + "content": "b2bf4ee8514aae6165b4817829d21b2ef49904ec" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/unpipe@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/stream-utils/unpipe#readme", + "type": "website" + }, + { + "url": "https://github.com/stream-utils/unpipe/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/stream-utils/unpipe.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/type-is@1.6.18", + "name": "type-is", + "version": "1.6.18", + "description": "Infer the content-type of a request.", + "hashes": [ + { + "alg": "SHA-1", + "content": "4e552cd05df09467dcbc4ef739de89f2cf37c131" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-is@1.6.18", + "externalReferences": [ + { + "url": "https://github.com/jshttp/type-is#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/type-is/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/type-is.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/media-typer@0.3.0", + "name": "media-typer", + "version": "0.3.0", + "description": "Simple RFC 6838 media type parser and formatter", + "hashes": [ + { + "alg": "SHA-1", + "content": "8710d7af0aa626f8fffa1ce00168545263255748" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/media-typer@0.3.0", + "externalReferences": [ + { + "url": "https://github.com/jshttp/media-typer#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/media-typer/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/media-typer.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/mime-types@2.1.27", + "name": "mime-types", + "version": "2.1.27", + "description": "The ultimate javascript content-type utility.", + "hashes": [ + { + "alg": "SHA-1", + "content": "47949f98e279ea53119f5722e0f34e529bec009f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime-types@2.1.27", + "externalReferences": [ + { + "url": "https://github.com/jshttp/mime-types#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/mime-types/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/mime-types.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/mime-db@1.44.0", + "name": "mime-db", + "version": "1.44.0", + "description": "Media Type Database", + "hashes": [ + { + "alg": "SHA-1", + "content": "fa11c5eb0aca1334b4233cb4d52f10c5a6272f92" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime-db@1.44.0", + "externalReferences": [ + { + "url": "https://github.com/jshttp/mime-db#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/mime-db/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/mime-db.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/check-dependencies@1.1.0", + "name": "check-dependencies", + "version": "1.1.0", + "description": "Checks if currently installed npm/bower dependencies are installed in the exact same versions that are specified in package.json/bower.json", + "hashes": [ + { + "alg": "SHA-1", + "content": "3aa2df4061770179d8e88e8bf9315c53722ddff4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/check-dependencies@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/mgol/check-dependencies", + "type": "website" + }, + { + "url": "https://github.com/mgol/check-dependencies/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mgol/check-dependencies.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/bower-config@1.4.3", + "name": "bower-config", + "version": "1.4.3", + "description": "The Bower config reader and writer.", + "hashes": [ + { + "alg": "SHA-1", + "content": "3454fecdc5f08e7aa9cc6d556e492be0669689ae" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bower-config@1.4.3", + "externalReferences": [ + { + "url": "http://bower.io", + "type": "website" + }, + { + "url": "https://github.com/bower/bower/tree/master/packages/bower-config", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/graceful-fs@4.2.4", + "name": "graceful-fs", + "version": "4.2.4", + "description": "A drop-in replacement for fs, making various improvements.", + "hashes": [ + { + "alg": "SHA-1", + "content": "2256bde14d3632958c465ebc96dc467ca07a29fb" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.2.4", + "externalReferences": [ + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/isaacs/node-graceful-fs.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/minimist@0.2.1", + "name": "minimist", + "version": "0.2.1", + "description": "parse argument options", + "hashes": [ + { + "alg": "SHA-1", + "content": "827ba4e7593464e7c221e8c5bed930904ee2c455" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minimist@0.2.1", + "externalReferences": [ + { + "url": "https://github.com/substack/minimist", + "type": "website" + }, + { + "url": "https://github.com/substack/minimist/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/substack/minimist.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/mout@1.2.2", + "name": "mout", + "version": "1.2.2", + "description": "Modular Utilities", + "hashes": [ + { + "alg": "SHA-1", + "content": "c9b718a499806a0632cede178e80f436259e777d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mout@1.2.2", + "externalReferences": [ + { + "url": "http://moutjs.com/", + "type": "website" + }, + { + "url": "https://github.com/mout/mout/issues/", + "type": "issue-tracker" + }, + { + "url": "git://github.com/mout/mout.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/osenv@0.1.5", + "name": "osenv", + "version": "0.1.5", + "description": "Look up environment settings specific to different operating systems", + "hashes": [ + { + "alg": "SHA-1", + "content": "85cdfafaeb28e8677f416e287592b5f3f49ea410" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/osenv@0.1.5", + "externalReferences": [ + { + "url": "https://github.com/npm/osenv#readme", + "type": "website" + }, + { + "url": "https://github.com/npm/osenv/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/npm/osenv.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/os-homedir@1.0.2", + "name": "os-homedir", + "version": "1.0.2", + "description": "Node.js 4 \u0060os.homedir()\u0060 ponyfill", + "hashes": [ + { + "alg": "SHA-1", + "content": "ffbc4988336e0e833de0c168c7ef152121aa7fb3" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/os-homedir@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/os-homedir#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/os-homedir/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/os-homedir.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/os-tmpdir@1.0.2", + "name": "os-tmpdir", + "version": "1.0.2", + "description": "Node.js os.tmpdir() ponyfill", + "hashes": [ + { + "alg": "SHA-1", + "content": "bbe67406c79aa85c5cfec766fe5734555dfa1274" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/os-tmpdir@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/os-tmpdir#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/os-tmpdir/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/os-tmpdir.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/untildify@2.1.0", + "name": "untildify", + "version": "2.1.0", + "description": "Convert a tilde path to an absolute path: ~/dev =\u003E /Users/sindresorhus/dev", + "hashes": [ + { + "alg": "SHA-1", + "content": "17eb2807987f76952e9c0485fc311d06a826a2e0" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/untildify@2.1.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/untildify#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/untildify/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/untildify.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/wordwrap@0.0.3", + "name": "wordwrap", + "version": "0.0.3", + "description": "Wrap those words. Show them at what columns to start and stop.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a3d5da6cd5c0bc0008d37234bbaf1bed63059107" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wordwrap@0.0.3", + "externalReferences": [ + { + "url": "https://github.com/substack/node-wordwrap#readme", + "type": "website" + }, + { + "url": "https://github.com/substack/node-wordwrap/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/substack/node-wordwrap.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/chalk@2.4.2", + "name": "chalk", + "version": "2.4.2", + "description": "Terminal string styling done right", + "hashes": [ + { + "alg": "SHA-1", + "content": "cd42541677a54333cf541a49108c1432b44c9424" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@2.4.2", + "externalReferences": [ + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/chalk/chalk.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ansi-styles@3.2.1", + "name": "ansi-styles", + "version": "3.2.1", + "description": "ANSI escape codes for styling strings in the terminal", + "hashes": [ + { + "alg": "SHA-1", + "content": "41fbb20243e50b12be0f04b8dedbf07520ce841d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@3.2.1", + "externalReferences": [ + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/chalk/ansi-styles.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/color-convert@1.9.3", + "name": "color-convert", + "version": "1.9.3", + "description": "Plain color conversion functions", + "hashes": [ + { + "alg": "SHA-1", + "content": "bb71850690e1f136567de629d2d5471deda4c1e8" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@1.9.3", + "externalReferences": [ + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/Qix-/color-convert.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/color-name@1.1.3", + "name": "color-name", + "version": "1.1.3", + "description": "A list of color names and its values", + "hashes": [ + { + "alg": "SHA-1", + "content": "a7d0558bd89c42f795dd42328f740831ca53bc25" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.3", + "externalReferences": [ + { + "url": "https://github.com/dfcreative/color-name", + "type": "website" + }, + { + "url": "https://github.com/dfcreative/color-name/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/dfcreative/color-name.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/escape-string-regexp@1.0.5", + "name": "escape-string-regexp", + "version": "1.0.5", + "description": "Escape RegExp special characters", + "hashes": [ + { + "alg": "SHA-1", + "content": "1b61c0562190a8dff6ae3bb2cf0200ca130b86d4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/escape-string-regexp#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/supports-color@5.5.0", + "name": "supports-color", + "version": "5.5.0", + "description": "Detect whether a terminal supports color", + "hashes": [ + { + "alg": "SHA-1", + "content": "e2e69a44ac8772f78a1ec0b35b689df6530efc8f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@5.5.0", + "externalReferences": [ + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/chalk/supports-color.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/has-flag@3.0.0", + "name": "has-flag", + "version": "3.0.0", + "description": "Check if argv has a specific flag", + "hashes": [ + { + "alg": "SHA-1", + "content": "b5d454dc2199ae225699f3467e5a07f3b955bafd" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-flag@3.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/has-flag#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/has-flag/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/has-flag.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/findup-sync@2.0.0", + "name": "findup-sync", + "version": "2.0.0", + "description": "Find the first file matching a given pattern in the current directory or the nearest ancestor directory.", + "hashes": [ + { + "alg": "SHA-1", + "content": "9326b1488c22d1a6088650a86901b2d9a90a2cbc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/findup-sync@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/js-cli/node-findup-sync#readme", + "type": "website" + }, + { + "url": "https://github.com/js-cli/node-findup-sync/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/js-cli/node-findup-sync.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/detect-file@1.0.0", + "name": "detect-file", + "version": "1.0.0", + "description": "Detects if a file exists and returns the resolved filepath.", + "hashes": [ + { + "alg": "SHA-1", + "content": "f0d66d03672a825cb1b73bdb3fe62310c8e552b7" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/detect-file@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/doowb/detect-file", + "type": "website" + }, + { + "url": "https://github.com/doowb/detect-file/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/doowb/detect-file.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-glob@3.1.0", + "name": "is-glob", + "version": "3.1.0", + "description": "Returns \u0060true\u0060 if the given string looks like a glob pattern or an extglob pattern. This makes it easy to create code that only uses external modules like node-glob when necessary, resulting in much faster code execution and initialization time, and a better user experience.", + "hashes": [ + { + "alg": "SHA-1", + "content": "7ba5ae24217804ac70707b96922567486cc3e84a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-glob@3.1.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/is-glob", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/is-glob/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/is-glob.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-extglob@2.1.1", + "name": "is-extglob", + "version": "2.1.1", + "description": "Returns true if a string has an extglob.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a88c02535791f02ed37c76a1b9ea9773c833f8c2" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-extglob@2.1.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/is-extglob", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/is-extglob/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/is-extglob.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/micromatch@3.1.10", + "name": "micromatch", + "version": "3.1.10", + "description": "Glob matching for javascript/node.js. A drop-in replacement and faster alternative to minimatch and multimatch.", + "hashes": [ + { + "alg": "SHA-1", + "content": "70859bc95c9840952f359a068a3fc49f9ecfac23" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/micromatch@3.1.10", + "externalReferences": [ + { + "url": "https://github.com/micromatch/micromatch", + "type": "website" + }, + { + "url": "https://github.com/micromatch/micromatch/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/micromatch/micromatch.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/arr-diff@4.0.0", + "name": "arr-diff", + "version": "4.0.0", + "description": "Returns an array with only the unique values from the first array, by excluding all values from additional arrays using strict equality for comparisons.", + "hashes": [ + { + "alg": "SHA-1", + "content": "d6461074febfec71e7e15235761a329a5dc7c520" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arr-diff@4.0.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/arr-diff", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/arr-diff/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/arr-diff.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/array-unique@0.3.2", + "name": "array-unique", + "version": "0.3.2", + "description": "Remove duplicate values from an array. Fastest ES5 implementation.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a894b75d4bc4f6cd679ef3244a9fd8f46ae2d428" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-unique@0.3.2", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/array-unique", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/array-unique/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/array-unique.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/braces@2.3.2", + "name": "braces", + "version": "2.3.2", + "description": "Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.", + "hashes": [ + { + "alg": "SHA-1", + "content": "5979fd3f14cd531565e5fa2df1abfff1dfaee729" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/braces@2.3.2", + "externalReferences": [ + { + "url": "https://github.com/micromatch/braces", + "type": "website" + }, + { + "url": "https://github.com/micromatch/braces/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/micromatch/braces.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/arr-flatten@1.1.0", + "name": "arr-flatten", + "version": "1.1.0", + "description": "Recursively flatten an array or arrays.", + "hashes": [ + { + "alg": "SHA-1", + "content": "36048bbff4e7b47e136644316c99669ea5ae91f1" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arr-flatten@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/arr-flatten", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/arr-flatten/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/arr-flatten.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/extend-shallow@2.0.1", + "name": "extend-shallow", + "version": "2.0.1", + "description": "Extend an object with the properties of additional objects. node.js/javascript util.", + "hashes": [ + { + "alg": "SHA-1", + "content": "51af7d614ad9a9f610ea1bafbb989d6b1c56890f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/extend-shallow@2.0.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/extend-shallow", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/extend-shallow/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/extend-shallow.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-extendable@0.1.1", + "name": "is-extendable", + "version": "0.1.1", + "description": "Returns true if a value is any of the object types: array, regexp, plain object, function or date. This is useful for determining if a value can be extended, e.g. \u0022can the value have keys?\u0022", + "hashes": [ + { + "alg": "SHA-1", + "content": "62b110e289a471418e3ec36a617d472e301dfc89" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-extendable@0.1.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/is-extendable", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/is-extendable/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/is-extendable.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/fill-range@4.0.0", + "name": "fill-range", + "version": "4.0.0", + "description": "Fill in a range of numbers or letters, optionally passing an increment or \u0060step\u0060 to use, or create a regex-compatible range with \u0060options.toRegex\u0060", + "hashes": [ + { + "alg": "SHA-1", + "content": "d544811d428f98eb06a63dc402d2403c328c38f7" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fill-range@4.0.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/fill-range", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/fill-range/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/fill-range.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-number@3.0.0", + "name": "is-number", + "version": "3.0.0", + "description": "Returns true if the value is a number. comprehensive tests.", + "hashes": [ + { + "alg": "SHA-1", + "content": "24fd6201a4782cf50561c810276afc7d12d71195" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-number@3.0.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/is-number", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/is-number/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/is-number.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/kind-of@3.2.2", + "name": "kind-of", + "version": "3.2.2", + "description": "Get the native type of a value.", + "hashes": [ + { + "alg": "SHA-1", + "content": "31ea21a734bab9bbb0f32466d893aea51e4a3c64" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kind-of@3.2.2", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/kind-of", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/kind-of/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/kind-of.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-buffer@1.1.6", + "name": "is-buffer", + "version": "1.1.6", + "description": "Determine if an object is a Buffer", + "hashes": [ + { + "alg": "SHA-1", + "content": "efaa2ea9daa0d7ab2ea13a97b2b8ad51fefbe8be" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-buffer@1.1.6", + "externalReferences": [ + { + "url": "https://github.com/feross/is-buffer#readme", + "type": "website" + }, + { + "url": "https://github.com/feross/is-buffer/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/feross/is-buffer.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/repeat-string@1.6.1", + "name": "repeat-string", + "version": "1.6.1", + "description": "Repeat the given string n times. Fastest implementation for repeating a string.", + "hashes": [ + { + "alg": "SHA-1", + "content": "8dcae470e1c88abc2d600fff4a776286da75e637" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/repeat-string@1.6.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/repeat-string", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/repeat-string/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/repeat-string.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/to-regex-range@2.1.1", + "name": "to-regex-range", + "version": "2.1.1", + "description": "Pass two numbers, get a regex-compatible source string for matching ranges. Validated against more than 2.78 million test assertions.", + "hashes": [ + { + "alg": "SHA-1", + "content": "7c80c17b9dfebe599e27367e0d4dd5590141db38" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-regex-range@2.1.1", + "externalReferences": [ + { + "url": "https://github.com/micromatch/to-regex-range", + "type": "website" + }, + { + "url": "https://github.com/micromatch/to-regex-range/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/micromatch/to-regex-range.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/isobject@3.0.1", + "name": "isobject", + "version": "3.0.1", + "description": "Returns true if the value is an object and not an array or null.", + "hashes": [ + { + "alg": "SHA-1", + "content": "4e431e92b11a9731636aa1f9c8d1ccbcfdab78df" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/isobject@3.0.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/isobject", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/isobject/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/isobject.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/repeat-element@1.1.3", + "name": "repeat-element", + "version": "1.1.3", + "description": "Create an array by repeating the given value n times.", + "hashes": [ + { + "alg": "SHA-1", + "content": "782e0d825c0c5a3bb39731f84efee6b742e6b1ce" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/repeat-element@1.1.3", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/repeat-element", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/repeat-element/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/repeat-element.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/snapdragon@0.8.2", + "name": "snapdragon", + "version": "0.8.2", + "description": "Fast, pluggable and easy-to-use parser-renderer factory.", + "hashes": [ + { + "alg": "SHA-1", + "content": "64922e7c565b0e14204ba1aa7d6964278d25182d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/snapdragon@0.8.2", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/snapdragon", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/snapdragon/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/snapdragon.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/base@0.11.2", + "name": "base", + "version": "0.11.2", + "description": "base is the foundation for creating modular, unit testable and highly pluggable node.js applications, starting with a handful of common methods, like \u0060set\u0060, \u0060get\u0060, \u0060del\u0060 and \u0060use\u0060.", + "hashes": [ + { + "alg": "SHA-1", + "content": "7bde5ced145b6d551a90db87f83c558b4eb48a8f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/base@0.11.2", + "externalReferences": [ + { + "url": "https://github.com/node-base/base", + "type": "website" + }, + { + "url": "https://github.com/node-base/base/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/node-base/base.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/cache-base@1.0.1", + "name": "cache-base", + "version": "1.0.1", + "description": "Basic object cache with \u0060get\u0060, \u0060set\u0060, \u0060del\u0060, and \u0060has\u0060 methods for node.js/javascript projects.", + "hashes": [ + { + "alg": "SHA-1", + "content": "0a7f46416831c8b662ee36fe4e7c59d76f666ab2" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cache-base@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/cache-base", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/cache-base/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/cache-base.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/collection-visit@1.0.0", + "name": "collection-visit", + "version": "1.0.0", + "description": "Visit a method over the items in an object, or map visit over the objects in an array.", + "hashes": [ + { + "alg": "SHA-1", + "content": "4bc0373c164bc3291b4d368c829cf1a80a59dca0" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/collection-visit@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/collection-visit", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/collection-visit/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/collection-visit.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/map-visit@1.0.0", + "name": "map-visit", + "version": "1.0.0", + "description": "Map \u0060visit\u0060 over an array of objects.", + "hashes": [ + { + "alg": "SHA-1", + "content": "ecdca8f13144e660f1b5bd41f12f3479d98dfb8f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/map-visit@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/map-visit", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/map-visit/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/map-visit.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/object-visit@1.0.1", + "name": "object-visit", + "version": "1.0.1", + "description": "Call a specified method on each value in the given object.", + "hashes": [ + { + "alg": "SHA-1", + "content": "f79c4493af0c5377b59fe39d395e41042dd045bb" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-visit@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/object-visit", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/object-visit/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/object-visit.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/component-emitter@1.3.0", + "name": "component-emitter", + "version": "1.3.0", + "description": "Event emitter", + "hashes": [ + { + "alg": "SHA-1", + "content": "16e4070fba8ae29b679f2215853ee181ab2eabc0" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/component-emitter@1.3.0", + "externalReferences": [ + { + "url": "https://github.com/component/emitter#readme", + "type": "website" + }, + { + "url": "https://github.com/component/emitter/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/component/emitter.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/get-value@2.0.6", + "name": "get-value", + "version": "2.0.6", + "description": "Use property paths (\u0060a.b.c\u0060) to get a nested value from an object.", + "hashes": [ + { + "alg": "SHA-1", + "content": "dc15ca1c672387ca76bd37ac0a395ba2042a2c28" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-value@2.0.6", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/get-value", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/get-value/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/get-value.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/has-value@1.0.0", + "name": "has-value", + "version": "1.0.0", + "description": "Returns true if a value exists, false if empty. Works with deeply nested values using object paths.", + "hashes": [ + { + "alg": "SHA-1", + "content": "18b281da585b1c5c51def24c930ed29a0be6b177" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-value@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/has-value", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/has-value/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/has-value.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/has-values@1.0.0", + "name": "has-values", + "version": "1.0.0", + "description": "Returns true if any values exist, false if empty. Works for booleans, functions, numbers, strings, nulls, objects and arrays. ", + "hashes": [ + { + "alg": "SHA-1", + "content": "95b0b63fec2146619a6fe57fe75628d5a39efe4f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-values@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/has-values", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/has-values/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/has-values.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/kind-of@4.0.0", + "name": "kind-of", + "version": "4.0.0", + "description": "Get the native type of a value.", + "hashes": [ + { + "alg": "SHA-1", + "content": "20813df3d712928b207378691a45066fae72dd57" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kind-of@4.0.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/kind-of", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/kind-of/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/kind-of.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/set-value@2.0.1", + "name": "set-value", + "version": "2.0.1", + "description": "Create nested values and any intermediaries using dot notation (\u0060\u0027a.b.c\u0027\u0060) paths.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a18d40530e6f07de4228c7defe4227af8cad005b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/set-value@2.0.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/set-value", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/set-value/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/set-value.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-plain-object@2.0.4", + "name": "is-plain-object", + "version": "2.0.4", + "description": "Returns true if an object was created by the \u0060Object\u0060 constructor.", + "hashes": [ + { + "alg": "SHA-1", + "content": "2c163b3fafb1b606d9d17928f05c2a1c38e07677" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-plain-object@2.0.4", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/is-plain-object", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/is-plain-object/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/is-plain-object.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/split-string@3.1.0", + "name": "split-string", + "version": "3.1.0", + "description": "Split a string on a character except when the character is escaped.", + "hashes": [ + { + "alg": "SHA-1", + "content": "7cb09dda3a86585705c64b39a6466038682e8fe2" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/split-string@3.1.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/split-string", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/split-string/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/split-string.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/extend-shallow@3.0.2", + "name": "extend-shallow", + "version": "3.0.2", + "description": "Extend an object with the properties of additional objects. node.js/javascript util.", + "hashes": [ + { + "alg": "SHA-1", + "content": "26a71aaf073b39fb2127172746131c2704028db8" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/extend-shallow@3.0.2", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/extend-shallow", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/extend-shallow/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/extend-shallow.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/assign-symbols@1.0.0", + "name": "assign-symbols", + "version": "1.0.0", + "description": "Assign the enumerable es6 Symbol properties from an object (or objects) to the first object passed on the arguments. Can be used as a supplement to other extend, assign or merge methods as a polyfill for the Symbols part of the es6 Object.assign method.", + "hashes": [ + { + "alg": "SHA-1", + "content": "59667f41fadd4f20ccbc2bb96b8d4f7f78ec0367" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/assign-symbols@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/assign-symbols", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/assign-symbols/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/assign-symbols.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-extendable@1.0.1", + "name": "is-extendable", + "version": "1.0.1", + "description": "Returns true if a value is a plain object, array or function.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a7470f9e426733d81bd81e1155264e3a3507cab4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-extendable@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/is-extendable", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/is-extendable/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/is-extendable.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/to-object-path@0.3.0", + "name": "to-object-path", + "version": "0.3.0", + "description": "Create an object path from a list or array of strings.", + "hashes": [ + { + "alg": "SHA-1", + "content": "297588b7b0e7e0ac08e04e672f85c1f4999e17af" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-object-path@0.3.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/to-object-path", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/to-object-path/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/to-object-path.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/union-value@1.0.1", + "name": "union-value", + "version": "1.0.1", + "description": "Set an array of unique values as the property of an object. Supports setting deeply nested properties using using object-paths/dot notation.", + "hashes": [ + { + "alg": "SHA-1", + "content": "0b6fe7b835aecda61c6ea4d4f02c14221e109847" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/union-value@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/union-value", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/union-value/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/union-value.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/arr-union@3.1.0", + "name": "arr-union", + "version": "3.1.0", + "description": "Combines a list of arrays, returning a single array with unique values, using strict equality for comparisons.", + "hashes": [ + { + "alg": "SHA-1", + "content": "e39b09aea9def866a8f206e288af63919bae39c4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arr-union@3.1.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/arr-union", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/arr-union/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/arr-union.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/unset-value@1.0.0", + "name": "unset-value", + "version": "1.0.0", + "description": "Delete nested properties from an object using dot notation.", + "hashes": [ + { + "alg": "SHA-1", + "content": "8376873f7d2335179ffb1e6fc3a8ed0dfc8ab559" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/unset-value@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/unset-value", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/unset-value/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/unset-value.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/has-value@0.3.1", + "name": "has-value", + "version": "0.3.1", + "description": "Returns true if a value exists, false if empty. Works with deeply nested values using object paths.", + "hashes": [ + { + "alg": "SHA-1", + "content": "7b1f58bada62ca827ec0a2078025654845995e1f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-value@0.3.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/has-value", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/has-value/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/has-value.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/has-values@0.1.4", + "name": "has-values", + "version": "0.1.4", + "description": "Returns true if any values exist, false if empty. Works for booleans, functions, numbers, strings, nulls, objects and arrays. ", + "hashes": [ + { + "alg": "SHA-1", + "content": "6d61de95d91dfca9b9a02089ad384bff8f62b771" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-values@0.1.4", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/has-values", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/has-values/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/has-values.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/isobject@2.1.0", + "name": "isobject", + "version": "2.1.0", + "description": "Returns true if the value is an object and not an array or null.", + "hashes": [ + { + "alg": "SHA-1", + "content": "f065561096a3f1da2ef46272f815c840d87e0c89" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/isobject@2.1.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/isobject", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/isobject/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/isobject.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/isarray@1.0.0", + "name": "isarray", + "version": "1.0.0", + "description": "Array#isArray for older browsers", + "hashes": [ + { + "alg": "SHA-1", + "content": "bb935d48582cba168c06834957a54a3e07124f11" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/isarray@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/juliangruber/isarray", + "type": "website" + }, + { + "url": "https://github.com/juliangruber/isarray/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/juliangruber/isarray.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/class-utils@0.3.6", + "name": "class-utils", + "version": "0.3.6", + "description": "Utils for working with JavaScript classes and prototype methods.", + "hashes": [ + { + "alg": "SHA-1", + "content": "f93369ae8b9a7ce02fd41faad0ca83033190c463" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/class-utils@0.3.6", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/class-utils", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/class-utils/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/class-utils.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/define-property@0.2.5", + "name": "define-property", + "version": "0.2.5", + "description": "Define a non-enumerable property on an object.", + "hashes": [ + { + "alg": "SHA-1", + "content": "c35b1ef918ec3c990f9a5bc57be04aacec5c8116" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-property@0.2.5", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/define-property", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/define-property/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/define-property.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-descriptor@0.1.6", + "name": "is-descriptor", + "version": "0.1.6", + "description": "Returns true if a value has the characteristics of a valid JavaScript descriptor. Works for data descriptors and accessor descriptors.", + "hashes": [ + { + "alg": "SHA-1", + "content": "366d8240dde487ca51823b1ab9f07a10a78251ca" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-descriptor@0.1.6", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/is-descriptor", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/is-descriptor/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/is-descriptor.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-accessor-descriptor@0.1.6", + "name": "is-accessor-descriptor", + "version": "0.1.6", + "description": "Returns true if a value has the characteristics of a valid JavaScript accessor descriptor.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a9e12cb3ae8d876727eeef3843f8a0897b5c98d6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-accessor-descriptor@0.1.6", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/is-accessor-descriptor", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/is-accessor-descriptor/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/is-accessor-descriptor.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-data-descriptor@0.1.4", + "name": "is-data-descriptor", + "version": "0.1.4", + "description": "Returns true if a value has the characteristics of a valid JavaScript data descriptor.", + "hashes": [ + { + "alg": "SHA-1", + "content": "0b5ee648388e2c860282e793f1856fec3f301b56" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-data-descriptor@0.1.4", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/is-data-descriptor", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/is-data-descriptor/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/is-data-descriptor.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/kind-of@5.1.0", + "name": "kind-of", + "version": "5.1.0", + "description": "Get the native type of a value.", + "hashes": [ + { + "alg": "SHA-1", + "content": "729c91e2d857b7a419a1f9aa65685c4c33f5845d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kind-of@5.1.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/kind-of", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/kind-of/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/kind-of.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/static-extend@0.1.2", + "name": "static-extend", + "version": "0.1.2", + "description": "Adds a static \u0060extend\u0060 method to a class, to simplify inheritance. Extends the static properties, prototype properties, and descriptors from a \u0060Parent\u0060 constructor onto \u0060Child\u0060 constructors.", + "hashes": [ + { + "alg": "SHA-1", + "content": "60809c39cbff55337226fd5e0b520f341f1fb5c6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/static-extend@0.1.2", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/static-extend", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/static-extend/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/static-extend.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/object-copy@0.1.0", + "name": "object-copy", + "version": "0.1.0", + "description": "Copy static properties, prototype properties, and descriptors from one object to another.", + "hashes": [ + { + "alg": "SHA-1", + "content": "7e7d858b781bd7c991a41ba975ed3812754e998c" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-copy@0.1.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/object-copy", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/object-copy/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/object-copy.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/copy-descriptor@0.1.1", + "name": "copy-descriptor", + "version": "0.1.1", + "description": "Copy a descriptor from object A to object B", + "hashes": [ + { + "alg": "SHA-1", + "content": "676f6eb3c39997c2ee1ac3a924fd6124748f578d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/copy-descriptor@0.1.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/copy-descriptor", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/copy-descriptor/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/copy-descriptor.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/define-property@1.0.0", + "name": "define-property", + "version": "1.0.0", + "description": "Define a non-enumerable property on an object.", + "hashes": [ + { + "alg": "SHA-1", + "content": "769ebaaf3f4a63aad3af9e8d304c9bbe79bfb0e6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-property@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/define-property", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/define-property/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/define-property.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-descriptor@1.0.2", + "name": "is-descriptor", + "version": "1.0.2", + "description": "Returns true if a value has the characteristics of a valid JavaScript descriptor. Works for data descriptors and accessor descriptors.", + "hashes": [ + { + "alg": "SHA-1", + "content": "3b159746a66604b04f8c81524ba365c5f14d86ec" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-descriptor@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/is-descriptor", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/is-descriptor/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/is-descriptor.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-accessor-descriptor@1.0.0", + "name": "is-accessor-descriptor", + "version": "1.0.0", + "description": "Returns true if a value has the characteristics of a valid JavaScript accessor descriptor.", + "hashes": [ + { + "alg": "SHA-1", + "content": "169c2f6d3df1f992618072365c9b0ea1f6878656" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-accessor-descriptor@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/is-accessor-descriptor", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/is-accessor-descriptor/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/is-accessor-descriptor.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/kind-of@6.0.3", + "name": "kind-of", + "version": "6.0.3", + "description": "Get the native type of a value.", + "hashes": [ + { + "alg": "SHA-1", + "content": "07c05034a6c349fa06e24fa35aa76db4580ce4dd" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kind-of@6.0.3", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/kind-of", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/kind-of/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/kind-of.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-data-descriptor@1.0.0", + "name": "is-data-descriptor", + "version": "1.0.0", + "description": "Returns true if a value has the characteristics of a valid JavaScript data descriptor.", + "hashes": [ + { + "alg": "SHA-1", + "content": "d84876321d0e7add03990406abbbbd36ba9268c7" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-data-descriptor@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/is-data-descriptor", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/is-data-descriptor/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/is-data-descriptor.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/mixin-deep@1.3.2", + "name": "mixin-deep", + "version": "1.3.2", + "description": "Deeply mix the properties of objects into the first object. Like merge-deep, but doesn\u0027t clone.", + "hashes": [ + { + "alg": "SHA-1", + "content": "1120b43dc359a785dce65b55b82e257ccf479566" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mixin-deep@1.3.2", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/mixin-deep", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/mixin-deep/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/mixin-deep.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/for-in@1.0.2", + "name": "for-in", + "version": "1.0.2", + "description": "Iterate over the own and inherited enumerable properties of an object, and return an object with properties that evaluate to true from the callback. Exit early by returning \u0060false\u0060. JavaScript/Node.js", + "hashes": [ + { + "alg": "SHA-1", + "content": "81068d295a8142ec0ac726c6e2200c30fb6d5e80" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/for-in@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/for-in", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/for-in/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/for-in.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pascalcase@0.1.1", + "name": "pascalcase", + "version": "0.1.1", + "description": "Convert a string to pascal-case.", + "hashes": [ + { + "alg": "SHA-1", + "content": "b363e55e8006ca6fe21784d2db22bd15d7917f14" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pascalcase@0.1.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/pascalcase", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/pascalcase/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/pascalcase.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/map-cache@0.2.2", + "name": "map-cache", + "version": "0.2.2", + "description": "Basic cache object for storing key-value pairs.", + "hashes": [ + { + "alg": "SHA-1", + "content": "c32abd0bd6525d9b051645bb4f26ac5dc98a0dbf" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/map-cache@0.2.2", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/map-cache", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/map-cache/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/map-cache.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/source-map@0.5.7", + "name": "source-map", + "version": "0.5.7", + "description": "Generates and consumes source maps", + "hashes": [ + { + "alg": "SHA-1", + "content": "8a039d2d1021d22d1ea14c80d8ea468ba2ef3fcc" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/source-map@0.5.7", + "externalReferences": [ + { + "url": "https://github.com/mozilla/source-map", + "type": "website" + }, + { + "url": "https://github.com/mozilla/source-map/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/mozilla/source-map.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/source-map-resolve@0.5.3", + "name": "source-map-resolve", + "version": "0.5.3", + "description": "Resolve the source map and/or sources for a generated file.", + "hashes": [ + { + "alg": "SHA-1", + "content": "190866bece7553e1f8f267a2ee82c606b5509a1a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/source-map-resolve@0.5.3", + "externalReferences": [ + { + "url": "https://github.com/lydell/source-map-resolve#readme", + "type": "website" + }, + { + "url": "https://github.com/lydell/source-map-resolve/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/lydell/source-map-resolve.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/atob@2.1.2", + "name": "atob", + "version": "2.1.2", + "description": "atob for Node.JS and Linux / Mac / Windows CLI (it\u0027s a one-liner)", + "hashes": [ + { + "alg": "SHA-1", + "content": "6d9517eb9e030d2436666651e86bd9f6f13533c9" + } + ], + "licenses": [ + { + "license": { + "name": "(MIT OR Apache-2.0)" + } + } + ], + "purl": "pkg:npm/atob@2.1.2", + "externalReferences": [ + { + "url": "https://git.coolaj86.com/coolaj86/atob.js.git", + "type": "website" + }, + { + "url": "git://git.coolaj86.com/coolaj86/atob.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/decode-uri-component@0.2.0", + "name": "decode-uri-component", + "version": "0.2.0", + "description": "A better decodeURIComponent", + "hashes": [ + { + "alg": "SHA-1", + "content": "eb3913333458775cb84cd1a1fae062106bb87545" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decode-uri-component@0.2.0", + "externalReferences": [ + { + "url": "https://github.com/SamVerschueren/decode-uri-component#readme", + "type": "website" + }, + { + "url": "https://github.com/SamVerschueren/decode-uri-component/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/SamVerschueren/decode-uri-component.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/resolve-url@0.2.1", + "name": "resolve-url", + "version": "0.2.1", + "description": "Like Node.js\u2019 \u0060path.resolve\u0060/\u0060url.resolve\u0060 for the browser.", + "hashes": [ + { + "alg": "SHA-1", + "content": "2c637fe77c893afd2a663fe21aa9080068e2052a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-url@0.2.1", + "externalReferences": [ + { + "url": "https://github.com/lydell/resolve-url#readme", + "type": "website" + }, + { + "url": "https://github.com/lydell/resolve-url/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/lydell/resolve-url.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/source-map-url@0.4.0", + "name": "source-map-url", + "version": "0.4.0", + "description": "Tools for working with sourceMappingURL comments.", + "hashes": [ + { + "alg": "SHA-1", + "content": "3e935d7ddd73631b97659956d55128e87b5084a3" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/source-map-url@0.4.0", + "externalReferences": [ + { + "url": "https://github.com/lydell/source-map-url#readme", + "type": "website" + }, + { + "url": "https://github.com/lydell/source-map-url/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/lydell/source-map-url.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/urix@0.1.0", + "name": "urix", + "version": "0.1.0", + "description": "Makes Windows-style paths more unix and URI friendly.", + "hashes": [ + { + "alg": "SHA-1", + "content": "da937f7a62e21fec1fd18d49b35c2935067a6c72" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/urix@0.1.0", + "externalReferences": [ + { + "url": "https://github.com/lydell/urix#readme", + "type": "website" + }, + { + "url": "https://github.com/lydell/urix/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/lydell/urix.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/use@3.1.1", + "name": "use", + "version": "3.1.1", + "description": "Easily add plugin support to your node.js application.", + "hashes": [ + { + "alg": "SHA-1", + "content": "d50c8cac79a19fbc20f2911f56eb973f4e10070f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/use@3.1.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/use", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/use/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/use.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/snapdragon-node@2.1.1", + "name": "snapdragon-node", + "version": "2.1.1", + "description": "Snapdragon utility for creating a new AST node in custom code, such as plugins.", + "hashes": [ + { + "alg": "SHA-1", + "content": "6c175f86ff14bdb0724563e8f3c1b021a286853b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/snapdragon-node@2.1.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/snapdragon-node", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/snapdragon-node/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/snapdragon-node.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/snapdragon-util@3.0.1", + "name": "snapdragon-util", + "version": "3.0.1", + "description": "Utilities for the snapdragon parser/compiler.", + "hashes": [ + { + "alg": "SHA-1", + "content": "f956479486f2acd79700693f6f7b805e45ab56e2" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/snapdragon-util@3.0.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/snapdragon-util", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/snapdragon-util/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/snapdragon-util.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/to-regex@3.0.2", + "name": "to-regex", + "version": "3.0.2", + "description": "Generate a regex from a string or array of strings.", + "hashes": [ + { + "alg": "SHA-1", + "content": "13cfdd9b336552f30b51f33a8ae1b42a7a7599ce" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-regex@3.0.2", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/to-regex", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/to-regex/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/to-regex.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/define-property@2.0.2", + "name": "define-property", + "version": "2.0.2", + "description": "Define a non-enumerable property on an object. Uses Reflect.defineProperty when available, otherwise Object.defineProperty.", + "hashes": [ + { + "alg": "SHA-1", + "content": "d459689e8d654ba77e02a817f8710d702cb16e9d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-property@2.0.2", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/define-property", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/define-property/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/define-property.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/regex-not@1.0.2", + "name": "regex-not", + "version": "1.0.2", + "description": "Create a javascript regular expression for matching everything except for the given string.", + "hashes": [ + { + "alg": "SHA-1", + "content": "1f4ece27e00b0b65e0247a6810e6a85d83a5752c" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/regex-not@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/regex-not", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/regex-not/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/regex-not.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/safe-regex@1.1.0", + "name": "safe-regex", + "version": "1.1.0", + "description": "detect possibly catastrophic, exponential-time regular expressions", + "hashes": [ + { + "alg": "SHA-1", + "content": "40a3669f3b077d1e943d44629e157dd48023bf2e" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-regex@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/substack/safe-regex", + "type": "website" + }, + { + "url": "https://github.com/substack/safe-regex/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/substack/safe-regex.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ret@0.1.15", + "name": "ret", + "version": "0.1.15", + "description": "Tokenizes a string that represents a regular expression.", + "hashes": [ + { + "alg": "SHA-1", + "content": "b8a4825d5bdb1fc3f6f53c2bc33f81388681c7bc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ret@0.1.15", + "externalReferences": [ + { + "url": "https://github.com/fent/ret.js#readme", + "type": "website" + }, + { + "url": "https://github.com/fent/ret.js/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/fent/ret.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/extglob@2.0.4", + "name": "extglob", + "version": "2.0.4", + "description": "Extended glob support for JavaScript. Adds (almost) the expressive power of regular expressions to glob patterns.", + "hashes": [ + { + "alg": "SHA-1", + "content": "ad00fe4dc612a9232e8718711dc5cb5ab0285543" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/extglob@2.0.4", + "externalReferences": [ + { + "url": "https://github.com/micromatch/extglob", + "type": "website" + }, + { + "url": "https://github.com/micromatch/extglob/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/micromatch/extglob.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/expand-brackets@2.1.4", + "name": "expand-brackets", + "version": "2.1.4", + "description": "Expand POSIX bracket expressions (character classes) in glob patterns.", + "hashes": [ + { + "alg": "SHA-1", + "content": "b77735e315ce30f6b6eff0f83b04151a22449622" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expand-brackets@2.1.4", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/expand-brackets", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/expand-brackets/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/expand-brackets.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/posix-character-classes@0.1.1", + "name": "posix-character-classes", + "version": "0.1.1", + "description": "POSIX character classes for creating regular expressions.", + "hashes": [ + { + "alg": "SHA-1", + "content": "01eac0fe3b5af71a2a6c02feabb8c1fef7e00eab" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/posix-character-classes@0.1.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/posix-character-classes", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/posix-character-classes/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/posix-character-classes.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/fragment-cache@0.2.1", + "name": "fragment-cache", + "version": "0.2.1", + "description": "A cache for managing namespaced sub-caches", + "hashes": [ + { + "alg": "SHA-1", + "content": "4290fad27f13e89be7f33799c6bc5a0abfff0d19" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fragment-cache@0.2.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/fragment-cache", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/fragment-cache/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/fragment-cache.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/nanomatch@1.2.13", + "name": "nanomatch", + "version": "1.2.13", + "description": "Fast, minimal glob matcher for node.js. Similar to micromatch, minimatch and multimatch, but complete Bash 4.3 wildcard support only (no support for exglobs, posix brackets or braces)", + "hashes": [ + { + "alg": "SHA-1", + "content": "b87a8aa4fc0de8fe6be88895b38983ff265bd119" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nanomatch@1.2.13", + "externalReferences": [ + { + "url": "https://github.com/micromatch/nanomatch", + "type": "website" + }, + { + "url": "https://github.com/micromatch/nanomatch/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/micromatch/nanomatch.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-windows@1.0.2", + "name": "is-windows", + "version": "1.0.2", + "description": "Returns true if the platform is windows. UMD module, works with node.js, commonjs, browser, AMD, electron, etc.", + "hashes": [ + { + "alg": "SHA-1", + "content": "d1850eb9791ecd18e6182ce12a30f396634bb19d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-windows@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/is-windows", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/is-windows/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/is-windows.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/object.pick@1.3.0", + "name": "object.pick", + "version": "1.3.0", + "description": "Returns a filtered copy of an object with only the specified keys, similar to \u0060_.pick\u0060 from lodash / underscore.", + "hashes": [ + { + "alg": "SHA-1", + "content": "87a10ac4c1694bd2e1cbf53591a66141fb5dd747" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object.pick@1.3.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/object.pick", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/object.pick/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/object.pick.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/resolve-dir@1.0.1", + "name": "resolve-dir", + "version": "1.0.1", + "description": "Resolve a directory that is either local, global or in the user\u0027s home directory.", + "hashes": [ + { + "alg": "SHA-1", + "content": "79a40644c362be82f26effe739c9bb5382046f43" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve-dir@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/resolve-dir", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/resolve-dir/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/resolve-dir.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/expand-tilde@2.0.2", + "name": "expand-tilde", + "version": "2.0.2", + "description": "Bash-like tilde expansion for node.js. Expands a leading tilde in a file path to the user home directory, or \u0060~\u002B\u0060 to the cwd.", + "hashes": [ + { + "alg": "SHA-1", + "content": "97e801aa052df02454de46b02bf621642cdc8502" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/expand-tilde@2.0.2", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/expand-tilde", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/expand-tilde/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/expand-tilde.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/homedir-polyfill@1.0.3", + "name": "homedir-polyfill", + "version": "1.0.3", + "description": "Node.js os.homedir polyfill for older versions of node.js.", + "hashes": [ + { + "alg": "SHA-1", + "content": "743298cef4e5af3e194161fbadcc2151d3a058e8" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/homedir-polyfill@1.0.3", + "externalReferences": [ + { + "url": "https://github.com/doowb/homedir-polyfill", + "type": "website" + }, + { + "url": "https://github.com/doowb/homedir-polyfill/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/doowb/homedir-polyfill.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/parse-passwd@1.0.0", + "name": "parse-passwd", + "version": "1.0.0", + "description": "Parse a passwd file into a list of users.", + "hashes": [ + { + "alg": "SHA-1", + "content": "6d5b934a456993b23d37f40a382d6f1666a8e5c6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-passwd@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/doowb/parse-passwd", + "type": "website" + }, + { + "url": "https://github.com/doowb/parse-passwd/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/doowb/parse-passwd.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/global-modules@1.0.0", + "name": "global-modules", + "version": "1.0.0", + "description": "The directory used by npm for globally installed npm modules.", + "hashes": [ + { + "alg": "SHA-1", + "content": "6d770f0eb523ac78164d72b5e71a8877265cc3ea" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/global-modules@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/global-modules", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/global-modules/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/global-modules.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/global-prefix@1.0.2", + "name": "global-prefix", + "version": "1.0.2", + "description": "Get the npm global path prefix.", + "hashes": [ + { + "alg": "SHA-1", + "content": "dbf743c6c14992593c655568cb66ed32c0122ebe" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/global-prefix@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/global-prefix", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/global-prefix/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/global-prefix.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ini@1.3.5", + "name": "ini", + "version": "1.3.5", + "description": "An ini encoder/decoder for node", + "hashes": [ + { + "alg": "SHA-1", + "content": "eee25f56db1c9ec6085e0c22778083f596abf927" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ini@1.3.5", + "externalReferences": [ + { + "url": "https://github.com/isaacs/ini#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/ini/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/isaacs/ini.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/which@1.3.1", + "name": "which", + "version": "1.3.1", + "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a45043d54f5805316da8d62f9f50918d3da70b0a" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which@1.3.1", + "externalReferences": [ + { + "url": "https://github.com/isaacs/node-which#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/node-which/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/isaacs/node-which.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/isexe@2.0.0", + "name": "isexe", + "version": "2.0.0", + "description": "Minimal module to check if a file is executable.", + "hashes": [ + { + "alg": "SHA-1", + "content": "e8fbf374dc556ff8947a10dcb0572d633f2cfa10" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/isexe@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/isaacs/isexe#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/isexe/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/isaacs/isexe.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/lodash.camelcase@4.3.0", + "name": "lodash.camelcase", + "version": "4.3.0", + "description": "The lodash method \u0060_.camelCase\u0060 exported as a module.", + "hashes": [ + { + "alg": "SHA-1", + "content": "b28aa6288a2b9fc651035c7711f65ab6190331a6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.camelcase@4.3.0", + "externalReferences": [ + { + "url": "https://lodash.com/", + "type": "website" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/lodash/lodash.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/minimist@1.2.5", + "name": "minimist", + "version": "1.2.5", + "description": "parse argument options", + "hashes": [ + { + "alg": "SHA-1", + "content": "67d66014b66a6a8aaa0c083c5fd58df4e4e97602" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minimist@1.2.5", + "externalReferences": [ + { + "url": "https://github.com/substack/minimist", + "type": "website" + }, + { + "url": "https://github.com/substack/minimist/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/substack/minimist.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/semver@5.7.1", + "name": "semver", + "version": "5.7.1", + "description": "The semantic version parser used by npm.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a954f931aeba508d307bbf069eff0c01c96116f7" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@5.7.1", + "externalReferences": [ + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/npm/node-semver.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/clarinet@0.12.4", + "name": "clarinet", + "version": "0.12.4", + "description": "SAX based evented streaming JSON parser in JavaScript (browser and node)", + "hashes": [ + { + "alg": "SHA-1", + "content": "5d7196a2b2347ff283db2e2bf1ef615c0aa6afdb" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/clarinet@0.12.4", + "externalReferences": [ + { + "url": "https://github.com/dscape/clarinet", + "type": "website" + }, + { + "url": "http://github.com/dscape/clarinet/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/dscape/clarinet.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/colors@1.4.0", + "name": "colors", + "version": "1.4.0", + "description": "get colors in your node.js console", + "hashes": [ + { + "alg": "SHA-1", + "content": "c50491479d4c1bdaed2c9ced32cf7c7dc2360f78" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/colors@1.4.0", + "externalReferences": [ + { + "url": "https://github.com/Marak/colors.js", + "type": "website" + }, + { + "url": "https://github.com/Marak/colors.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/Marak/colors.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/compression@1.7.4", + "name": "compression", + "version": "1.7.4", + "description": "Node.js compression middleware", + "hashes": [ + { + "alg": "SHA-1", + "content": "95523eff170ca57c29a0ca41e6fe131f41e5bb8f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/compression@1.7.4", + "externalReferences": [ + { + "url": "https://github.com/expressjs/compression#readme", + "type": "website" + }, + { + "url": "https://github.com/expressjs/compression/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/expressjs/compression.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/accepts@1.3.7", + "name": "accepts", + "version": "1.3.7", + "description": "Higher-level content negotiation", + "hashes": [ + { + "alg": "SHA-1", + "content": "531bc726517a3b2b41f850021c6cc15eaab507cd" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/accepts@1.3.7", + "externalReferences": [ + { + "url": "https://github.com/jshttp/accepts#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/accepts/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/accepts.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/negotiator@0.6.2", + "name": "negotiator", + "version": "0.6.2", + "description": "HTTP content negotiation", + "hashes": [ + { + "alg": "SHA-1", + "content": "feacf7ccf525a77ae9634436a64883ffeca346fb" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/negotiator@0.6.2", + "externalReferences": [ + { + "url": "https://github.com/jshttp/negotiator#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/negotiator/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/negotiator.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/bytes@3.0.0", + "name": "bytes", + "version": "3.0.0", + "description": "Utility to parse a string bytes to bytes and vice-versa", + "hashes": [ + { + "alg": "SHA-1", + "content": "d32815404d689699f85a4ea4fa8755dd13a96048" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bytes@3.0.0", + "externalReferences": [ + { + "url": "https://github.com/visionmedia/bytes.js#readme", + "type": "website" + }, + { + "url": "https://github.com/visionmedia/bytes.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/visionmedia/bytes.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/compressible@2.0.18", + "name": "compressible", + "version": "2.0.18", + "description": "Compressible Content-Type / mime checking", + "hashes": [ + { + "alg": "SHA-1", + "content": "af53cca6b070d4c3c0750fbd77286a6d7cc46fba" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/compressible@2.0.18", + "externalReferences": [ + { + "url": "https://github.com/jshttp/compressible#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/compressible/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/compressible.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/on-headers@1.0.2", + "name": "on-headers", + "version": "1.0.2", + "description": "Execute a listener when a response is about to write headers", + "hashes": [ + { + "alg": "SHA-1", + "content": "772b0ae6aaa525c399e489adfad90c403eb3c28f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/on-headers@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/jshttp/on-headers#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/on-headers/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/on-headers.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/safe-buffer@5.1.2", + "name": "safe-buffer", + "version": "5.1.2", + "description": "Safer Node.js Buffer API", + "hashes": [ + { + "alg": "SHA-1", + "content": "991ec69d296e0313747d59bdfd2b745c35f8828d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/safe-buffer@5.1.2", + "externalReferences": [ + { + "url": "https://github.com/feross/safe-buffer", + "type": "website" + }, + { + "url": "https://github.com/feross/safe-buffer/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/feross/safe-buffer.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/vary@1.1.2", + "name": "vary", + "version": "1.1.2", + "description": "Manipulate the HTTP Vary header", + "hashes": [ + { + "alg": "SHA-1", + "content": "2299f02c6ded30d4a5961b0b9f74524a18f634fc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/vary@1.1.2", + "externalReferences": [ + { + "url": "https://github.com/jshttp/vary#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/vary/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/vary.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/concurrently@5.2.0", + "name": "concurrently", + "version": "5.2.0", + "description": "Run commands concurrently", + "hashes": [ + { + "alg": "SHA-1", + "content": "ead55121d08a0fc817085584c123cedec2e08975" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/concurrently@5.2.0", + "externalReferences": [ + { + "url": "https://github.com/kimmobrunfeldt/concurrently#readme", + "type": "website" + }, + { + "url": "https://github.com/kimmobrunfeldt/concurrently/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/kimmobrunfeldt/concurrently.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/date-fns@2.14.0", + "name": "date-fns", + "version": "2.14.0", + "description": "Modern JavaScript date utility library", + "hashes": [ + { + "alg": "SHA-1", + "content": "359a87a265bb34ef2e38f93ecf63ac453f9bc7ba" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/date-fns@2.14.0", + "externalReferences": [ + { + "url": "https://github.com/date-fns/date-fns#readme", + "type": "website" + }, + { + "url": "https://github.com/date-fns/date-fns/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/date-fns/date-fns.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/lodash@4.17.19", + "name": "lodash", + "version": "4.17.19", + "description": "Lodash modular utilities.", + "hashes": [ + { + "alg": "SHA-1", + "content": "e48ddedbe30b3321783c5b4301fbd353bc1e4a4b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash@4.17.19", + "externalReferences": [ + { + "url": "https://lodash.com/", + "type": "website" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/lodash/lodash.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/read-pkg@4.0.1", + "name": "read-pkg", + "version": "4.0.1", + "description": "Read a package.json file", + "hashes": [ + { + "alg": "SHA-1", + "content": "963625378f3e1c4d48c85872b5a6ec7d5d093237" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg@4.0.1", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/read-pkg#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/read-pkg/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/read-pkg.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/normalize-package-data@2.5.0", + "name": "normalize-package-data", + "version": "2.5.0", + "description": "Normalizes data that can be found in package.json files.", + "hashes": [ + { + "alg": "SHA-1", + "content": "e66db1838b200c1dfc233225d12cb36520e234a8" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@2.5.0", + "externalReferences": [ + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website" + }, + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/npm/normalize-package-data.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/hosted-git-info@2.8.8", + "name": "hosted-git-info", + "version": "2.8.8", + "description": "Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab", + "hashes": [ + { + "alg": "SHA-1", + "content": "7539bd4bc1e0e0a895815a2e0262420b12858488" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@2.8.8", + "externalReferences": [ + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website" + }, + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/npm/hosted-git-info.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/resolve@1.17.0", + "name": "resolve", + "version": "1.17.0", + "description": "resolve like require.resolve() on behalf of files asynchronously and synchronously", + "hashes": [ + { + "alg": "SHA-1", + "content": "b25941b54968231cc2d1bb76a79cb7f2c0bf8444" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve@1.17.0", + "externalReferences": [ + { + "url": "https://github.com/browserify/resolve#readme", + "type": "website" + }, + { + "url": "https://github.com/browserify/resolve/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/browserify/resolve.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/path-parse@1.0.6", + "name": "path-parse", + "version": "1.0.6", + "description": "Node.js path.parse() ponyfill", + "hashes": [ + { + "alg": "SHA-1", + "content": "d62dbb5679405d72c4737ec58600e9ddcf06d24c" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-parse@1.0.6", + "externalReferences": [ + { + "url": "https://github.com/jbgutierrez/path-parse#readme", + "type": "website" + }, + { + "url": "https://github.com/jbgutierrez/path-parse/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jbgutierrez/path-parse.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/validate-npm-package-license@3.0.4", + "name": "validate-npm-package-license", + "version": "3.0.4", + "description": "Give me a string and I\u0027ll tell you if it\u0027s a valid npm package license string", + "hashes": [ + { + "alg": "SHA-1", + "content": "fc91f6b9c7ba15c857f4cb2c5defeec39d4f410a" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/validate-npm-package-license@3.0.4", + "externalReferences": [ + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/spdx-correct@3.1.1", + "name": "spdx-correct", + "version": "3.1.1", + "description": "correct invalid SPDX expressions", + "hashes": [ + { + "alg": "SHA-1", + "content": "dece81ac9c1e6713e5f7d1b6f17d468fa53d89a9" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@3.1.1", + "externalReferences": [ + { + "url": "https://github.com/jslicense/spdx-correct.js#readme", + "type": "website" + }, + { + "url": "https://github.com/jslicense/spdx-correct.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jslicense/spdx-correct.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/spdx-expression-parse@3.0.1", + "name": "spdx-expression-parse", + "version": "3.0.1", + "description": "parse SPDX license expressions", + "hashes": [ + { + "alg": "SHA-1", + "content": "cf70f50482eefdc98e3ce0a6833e4a53ceeba679" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spdx-expression-parse@3.0.1", + "externalReferences": [ + { + "url": "https://github.com/jslicense/spdx-expression-parse.js#readme", + "type": "website" + }, + { + "url": "https://github.com/jslicense/spdx-expression-parse.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jslicense/spdx-expression-parse.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/spdx-exceptions@2.3.0", + "name": "spdx-exceptions", + "version": "2.3.0", + "description": "list of SPDX standard license exceptions", + "hashes": [ + { + "alg": "SHA-1", + "content": "3f28ce1a77a00372683eade4a433183527a2163d" + } + ], + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@2.3.0", + "externalReferences": [ + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/spdx-license-ids@3.0.5", + "name": "spdx-license-ids", + "version": "3.0.5", + "description": "A list of SPDX license identifiers", + "hashes": [ + { + "alg": "SHA-1", + "content": "3694b5804567a458d3c8045842a6358632f62654" + } + ], + "licenses": [ + { + "license": { + "id": "CC0-1.0" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@3.0.5", + "externalReferences": [ + { + "url": "https://github.com/shinnn/spdx-license-ids#readme", + "type": "website" + }, + { + "url": "https://github.com/shinnn/spdx-license-ids/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/shinnn/spdx-license-ids.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/parse-json@4.0.0", + "name": "parse-json", + "version": "4.0.0", + "description": "Parse JSON with more helpful errors", + "hashes": [ + { + "alg": "SHA-1", + "content": "be35f5425be1f7f6c747184f98a788cb99477ee0" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@4.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/parse-json#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/parse-json.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/error-ex@1.3.2", + "name": "error-ex", + "version": "1.3.2", + "description": "Easy error subclassing and stack customization", + "hashes": [ + { + "alg": "SHA-1", + "content": "b4ac40648107fdcdcfae242f428bea8a14d4f1bf" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/error-ex@1.3.2", + "externalReferences": [ + { + "url": "https://github.com/qix-/node-error-ex#readme", + "type": "website" + }, + { + "url": "https://github.com/qix-/node-error-ex/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/qix-/node-error-ex.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-arrayish@0.2.1", + "name": "is-arrayish", + "version": "0.2.1", + "description": "Determines if an object can be used as an array", + "hashes": [ + { + "alg": "SHA-1", + "content": "77c99840527aa8ecb1a8ba697b80645a7a926a9d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.2.1", + "externalReferences": [ + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website" + }, + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/qix-/node-is-arrayish.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/json-parse-better-errors@1.0.2", + "name": "json-parse-better-errors", + "version": "1.0.2", + "description": "JSON.parse with context information on error", + "hashes": [ + { + "alg": "SHA-1", + "content": "bb867cfb3450e69107c131d1c514bab3dc8bcaa9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-parse-better-errors@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/zkat/json-parse-better-errors#readme", + "type": "website" + }, + { + "url": "https://github.com/zkat/json-parse-better-errors/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/zkat/json-parse-better-errors.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pify@3.0.0", + "name": "pify", + "version": "3.0.0", + "description": "Promisify a callback-style function", + "hashes": [ + { + "alg": "SHA-1", + "content": "e5a4acd2c101fdf3d9a4d07f0dbc4db49dd28176" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pify@3.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/pify#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/pify/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/pify.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/rxjs@6.6.0", + "name": "rxjs", + "version": "6.6.0", + "description": "Reactive Extensions for modern JavaScript", + "hashes": [ + { + "alg": "SHA-1", + "content": "af2901eedf02e3a83ffa7f886240ff9018bbec84" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/rxjs@6.6.0", + "externalReferences": [ + { + "url": "https://github.com/ReactiveX/RxJS", + "type": "website" + }, + { + "url": "https://github.com/ReactiveX/RxJS/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/reactivex/rxjs.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/tslib@1.13.0", + "name": "tslib", + "version": "1.13.0", + "description": "Runtime library for TypeScript helper functions", + "hashes": [ + { + "alg": "SHA-1", + "content": "c881e13cc7015894ed914862d276436fa9a47043" + } + ], + "licenses": [ + { + "license": { + "id": "0BSD" + } + } + ], + "purl": "pkg:npm/tslib@1.13.0", + "externalReferences": [ + { + "url": "https://www.typescriptlang.org/", + "type": "website" + }, + { + "url": "https://github.com/Microsoft/TypeScript/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/Microsoft/tslib.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/spawn-command@0.0.2-1", + "name": "spawn-command", + "version": "0.0.2-1", + "description": "Spawn commands like \u0060child_process.exec\u0060 does but return a \u0060ChildProcess\u0060", + "hashes": [ + { + "alg": "SHA-1", + "content": "62f5e9466981c1b796dc5929937e11c9c6921bd0" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/spawn-command@0.0.2-1", + "externalReferences": [ + { + "url": "https://github.com/mmalecki/spawn-command#readme", + "type": "website" + }, + { + "url": "https://github.com/mmalecki/spawn-command/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mmalecki/spawn-command.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/supports-color@6.1.0", + "name": "supports-color", + "version": "6.1.0", + "description": "Detect whether a terminal supports color", + "hashes": [ + { + "alg": "SHA-1", + "content": "0764abc69c63d5ac842dd4867e8d025e880df8f3" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@6.1.0", + "externalReferences": [ + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/chalk/supports-color.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/tree-kill@1.2.2", + "name": "tree-kill", + "version": "1.2.2", + "description": "kill trees of processes", + "hashes": [ + { + "alg": "SHA-1", + "content": "4ca09a9092c88b73a7cdc5e8a01b507b0790a0cc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tree-kill@1.2.2", + "externalReferences": [ + { + "url": "https://github.com/pkrumins/node-tree-kill", + "type": "website" + }, + { + "url": "https://github.com/pkrumins/node-tree-kill/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/pkrumins/node-tree-kill.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/yargs@13.3.2", + "name": "yargs", + "version": "13.3.2", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "hashes": [ + { + "alg": "SHA-1", + "content": "ad7ffefec1aa59565ac915f82dccb38a9c31a2dd" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@13.3.2", + "externalReferences": [ + { + "url": "https://yargs.js.org/", + "type": "website" + }, + { + "url": "https://github.com/yargs/yargs/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/yargs/yargs.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/cliui@5.0.0", + "name": "cliui", + "version": "5.0.0", + "description": "easily create complex multi-column command-line-interfaces", + "hashes": [ + { + "alg": "SHA-1", + "content": "deefcfdb2e800784aa34f46fa08e06851c7bbbc5" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@5.0.0", + "externalReferences": [ + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/yargs/cliui.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/string-width@3.1.0", + "name": "string-width", + "version": "3.1.0", + "description": "Get the visual width of a string - the number of columns required to display it", + "hashes": [ + { + "alg": "SHA-1", + "content": "22767be21b62af1081574306f69ac51b62203961" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@3.1.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/string-width.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/emoji-regex@7.0.3", + "name": "emoji-regex", + "version": "7.0.3", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "hashes": [ + { + "alg": "SHA-1", + "content": "933a04052860c85e83c122479c4748a8e4c72156" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@7.0.3", + "externalReferences": [ + { + "url": "https://mths.be/emoji-regex", + "type": "website" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-fullwidth-code-point@2.0.0", + "name": "is-fullwidth-code-point", + "version": "2.0.0", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "hashes": [ + { + "alg": "SHA-1", + "content": "a3b30a5c4f199183167aaab93beefae3ddfb654f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/strip-ansi@5.2.0", + "name": "strip-ansi", + "version": "5.2.0", + "description": "Strip ANSI escape codes from a string", + "hashes": [ + { + "alg": "SHA-1", + "content": "8c9a536feb6afc962bdfa5b104a5091c1ad9c0ae" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@5.2.0", + "externalReferences": [ + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/chalk/strip-ansi.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ansi-regex@4.1.0", + "name": "ansi-regex", + "version": "4.1.0", + "description": "Regular expression for matching ANSI escape codes", + "hashes": [ + { + "alg": "SHA-1", + "content": "8b9f8f08cf1acb843756a839ca8c7e3168c51997" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@4.1.0", + "externalReferences": [ + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/chalk/ansi-regex.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/wrap-ansi@5.1.0", + "name": "wrap-ansi", + "version": "5.1.0", + "description": "Wordwrap a string with ANSI escape codes", + "hashes": [ + { + "alg": "SHA-1", + "content": "1fd1f67235d5b6d0fee781056001bfb694c03b09" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@5.1.0", + "externalReferences": [ + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/chalk/wrap-ansi.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/find-up@3.0.0", + "name": "find-up", + "version": "3.0.0", + "description": "Find a file or directory by walking up parent directories", + "hashes": [ + { + "alg": "SHA-1", + "content": "49169f1d7993430646da61ecc5ae355c21c97b73" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@3.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/find-up.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/locate-path@3.0.0", + "name": "locate-path", + "version": "3.0.0", + "description": "Get the first path that exists on disk of multiple paths", + "hashes": [ + { + "alg": "SHA-1", + "content": "dbec3b3ab759758071b58fe59fc41871af21400e" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@3.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/locate-path.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/p-locate@3.0.0", + "name": "p-locate", + "version": "3.0.0", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "hashes": [ + { + "alg": "SHA-1", + "content": "322d69a05c0264b25997d9f40cd8a891ab0064a4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@3.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/p-locate.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/p-limit@2.3.0", + "name": "p-limit", + "version": "2.3.0", + "description": "Run multiple promise-returning \u0026 async functions with limited concurrency", + "hashes": [ + { + "alg": "SHA-1", + "content": "3dd33c647a214fdfffd835933eb086da0dc21db1" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-limit@2.3.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/p-limit#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/p-limit/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/p-limit.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/p-try@2.2.0", + "name": "p-try", + "version": "2.2.0", + "description": "\u0060Start a promise chain", + "hashes": [ + { + "alg": "SHA-1", + "content": "cb2868540e313d61de58fafbe35ce9004d5540e6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-try@2.2.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/p-try#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/p-try/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/p-try.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/path-exists@3.0.0", + "name": "path-exists", + "version": "3.0.0", + "description": "Check if a path exists", + "hashes": [ + { + "alg": "SHA-1", + "content": "ce0ebeaa5f78cb18925ea7d810d7b59b010fd515" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-exists@3.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/path-exists#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/path-exists/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/path-exists.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/get-caller-file@2.0.5", + "name": "get-caller-file", + "version": "2.0.5", + "description": "[![Build Status](https://travis-ci.org/stefanpenner/get-caller-file.svg?branch=master)](https://travis-ci.org/stefanpenner/get-caller-file) [![Build status](https://ci.appveyor.com/api/projects/status/ol2q94g1932cy14a/branch/master?svg=true)](https://ci.appveyor.com/project/embercli/get-caller-file/branch/master)", + "hashes": [ + { + "alg": "SHA-1", + "content": "4f94412a82db32f36e3b0b9741f8a97feb031f7e" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/get-caller-file@2.0.5", + "externalReferences": [ + { + "url": "https://github.com/stefanpenner/get-caller-file#readme", + "type": "website" + }, + { + "url": "https://github.com/stefanpenner/get-caller-file/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/stefanpenner/get-caller-file.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/require-directory@2.1.1", + "name": "require-directory", + "version": "2.1.1", + "description": "Recursively iterates over specified directory, require()\u0027ing each file, and returning a nested hash structure containing those modules.", + "hashes": [ + { + "alg": "SHA-1", + "content": "8c64ad5fd30dab1c976e2344ffe7f792a6a6df42" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/require-directory@2.1.1", + "externalReferences": [ + { + "url": "https://github.com/troygoode/node-require-directory/", + "type": "website" + }, + { + "url": "http://github.com/troygoode/node-require-directory/issues/", + "type": "issue-tracker" + }, + { + "url": "git://github.com/troygoode/node-require-directory.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/require-main-filename@2.0.0", + "name": "require-main-filename", + "version": "2.0.0", + "description": "shim for require.main.filename() that works in as many environments as possible", + "hashes": [ + { + "alg": "SHA-1", + "content": "d0b329ecc7cc0f61649f62215be69af54aa8989b" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/require-main-filename@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/yargs/require-main-filename#readme", + "type": "website" + }, + { + "url": "https://github.com/yargs/require-main-filename/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/yargs/require-main-filename.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/set-blocking@2.0.0", + "name": "set-blocking", + "version": "2.0.0", + "description": "set blocking stdio and stderr ensuring that terminal output does not truncate", + "hashes": [ + { + "alg": "SHA-1", + "content": "045f9782d011ae9a6803ddd382b24392b3d890f7" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/set-blocking@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/yargs/set-blocking#readme", + "type": "website" + }, + { + "url": "https://github.com/yargs/set-blocking/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/yargs/set-blocking.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/which-module@2.0.0", + "name": "which-module", + "version": "2.0.0", + "description": "Find the module object for something that was require()d", + "hashes": [ + { + "alg": "SHA-1", + "content": "d9ef07dce77b9902b8a3a8fa4b31c3e3f7e6e87a" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/which-module@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/nexdrew/which-module#readme", + "type": "website" + }, + { + "url": "https://github.com/nexdrew/which-module/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/nexdrew/which-module.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/y18n@4.0.0", + "name": "y18n", + "version": "4.0.0", + "description": "the bare-bones internationalization library used by yargs", + "hashes": [ + { + "alg": "SHA-1", + "content": "95ef94f85ecc81d007c264e190a120f0a3c8566b" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/y18n@4.0.0", + "externalReferences": [ + { + "url": "https://github.com/yargs/y18n", + "type": "website" + }, + { + "url": "https://github.com/yargs/y18n/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/yargs/y18n.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/yargs-parser@13.1.2", + "name": "yargs-parser", + "version": "13.1.2", + "description": "the mighty option parser used by yargs", + "hashes": [ + { + "alg": "SHA-1", + "content": "130f09702ebaeef2650d54ce6e3e5706f7a4fb38" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@13.1.2", + "externalReferences": [ + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/yargs/yargs-parser.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/camelcase@5.3.1", + "name": "camelcase", + "version": "5.3.1", + "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: \u0060foo-bar\u0060 \u2192 \u0060fooBar\u0060", + "hashes": [ + { + "alg": "SHA-1", + "content": "e3c9b31569e106811df242f715725a1f4c494320" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@5.3.1", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/camelcase.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/decamelize@1.2.0", + "name": "decamelize", + "version": "1.2.0", + "description": "Convert a camelized string into a lowercased one with a custom separator: unicornRainbow \u2192 unicorn_rainbow", + "hashes": [ + { + "alg": "SHA-1", + "content": "f6534d15148269b20352e7bee26f501f9a191290" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decamelize@1.2.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/decamelize#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/decamelize/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/decamelize.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/config@3.3.1", + "name": "config", + "version": "3.3.1", + "description": "Configuration control for production node deployments", + "hashes": [ + { + "alg": "SHA-1", + "content": "b6a70e2908a43b98ed20be7e367edf0cc8ed5a19" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/config@3.3.1", + "externalReferences": [ + { + "url": "http://lorenwest.github.com/node-config", + "type": "website" + }, + { + "url": "https://github.com/lorenwest/node-config/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/lorenwest/node-config.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/json5@2.1.3", + "name": "json5", + "version": "2.1.3", + "description": "JSON for humans.", + "hashes": [ + { + "alg": "SHA-1", + "content": "c9b0f7fa9233bfe5807fe66fcf3a5617ed597d43" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json5@2.1.3", + "externalReferences": [ + { + "url": "http://json5.org/", + "type": "website" + }, + { + "url": "https://github.com/json5/json5/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/json5/json5.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/cookie-parser@1.4.5", + "name": "cookie-parser", + "version": "1.4.5", + "description": "Parse HTTP request cookies", + "hashes": [ + { + "alg": "SHA-1", + "content": "3e572d4b7c0c80f9c61daf604e4336831b5d1d49" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cookie-parser@1.4.5", + "externalReferences": [ + { + "url": "https://github.com/expressjs/cookie-parser#readme", + "type": "website" + }, + { + "url": "https://github.com/expressjs/cookie-parser/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/expressjs/cookie-parser.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/cookie@0.4.0", + "name": "cookie", + "version": "0.4.0", + "description": "HTTP server cookie parsing and serialization", + "hashes": [ + { + "alg": "SHA-1", + "content": "beb437e7022b3b6d49019d088665303ebe9c14ba" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cookie@0.4.0", + "externalReferences": [ + { + "url": "https://github.com/jshttp/cookie#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/cookie/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/cookie.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/cookie-signature@1.0.6", + "name": "cookie-signature", + "version": "1.0.6", + "description": "Sign and unsign cookies", + "hashes": [ + { + "alg": "SHA-1", + "content": "e303a882b342cc3ee8ca513a79999734dab3ae2c" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cookie-signature@1.0.6", + "externalReferences": [ + { + "url": "https://github.com/visionmedia/node-cookie-signature#readme", + "type": "website" + }, + { + "url": "https://github.com/visionmedia/node-cookie-signature/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/visionmedia/node-cookie-signature.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/cors@2.8.5", + "name": "cors", + "version": "2.8.5", + "description": "Node.js CORS middleware", + "hashes": [ + { + "alg": "SHA-1", + "content": "eac11da51592dd86b9f06f6e7ac293b3df875d29" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cors@2.8.5", + "externalReferences": [ + { + "url": "https://github.com/expressjs/cors#readme", + "type": "website" + }, + { + "url": "https://github.com/expressjs/cors/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/expressjs/cors.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/object-assign@4.1.1", + "name": "object-assign", + "version": "4.1.1", + "description": "ES2015 \u0060Object.assign()\u0060 ponyfill", + "hashes": [ + { + "alg": "SHA-1", + "content": "2109adc7965887cfc05cbbd442cac8bfbb360863" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-assign@4.1.1", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/object-assign#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/object-assign/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/object-assign.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/dottie@2.0.2", + "name": "dottie", + "version": "2.0.2", + "description": "Fast and safe nested object access and manipulation in JavaScript", + "hashes": [ + { + "alg": "SHA-1", + "content": "cc91c0726ce3a054ebf11c55fbc92a7f266dd154" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dottie@2.0.2", + "externalReferences": [ + { + "url": "https://github.com/mickhansen/dottie.js#readme", + "type": "website" + }, + { + "url": "https://github.com/mickhansen/dottie.js/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/mickhansen/dottie.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/download@7.1.0", + "name": "download", + "version": "7.1.0", + "description": "Download and extract files", + "hashes": [ + { + "alg": "SHA-1", + "content": "9059aa9d70b503ee76a132897be6dec8e5587233" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/download@7.1.0", + "externalReferences": [ + { + "url": "https://github.com/kevva/download#readme", + "type": "website" + }, + { + "url": "https://github.com/kevva/download/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/kevva/download.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/archive-type@4.0.0", + "name": "archive-type", + "version": "4.0.0", + "description": "Detect the archive type of a Buffer/Uint8Array", + "hashes": [ + { + "alg": "SHA-1", + "content": "f92e72233056dfc6969472749c267bdb046b1d70" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/archive-type@4.0.0", + "externalReferences": [ + { + "url": "https://github.com/kevva/archive-type#readme", + "type": "website" + }, + { + "url": "https://github.com/kevva/archive-type/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/kevva/archive-type.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/file-type@4.4.0", + "name": "file-type", + "version": "4.4.0", + "description": "Detect the file type of a Buffer/Uint8Array", + "hashes": [ + { + "alg": "SHA-1", + "content": "1b600e5fca1fbdc6e80c0a70c71c8dba5f7906c5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/file-type@4.4.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/file-type#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/file-type/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/file-type.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/caw@2.0.1", + "name": "caw", + "version": "2.0.1", + "description": "Construct HTTP/HTTPS agents for tunneling proxies", + "hashes": [ + { + "alg": "SHA-1", + "content": "6c3ca071fc194720883c2dc5da9b074bfc7e9e95" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/caw@2.0.1", + "externalReferences": [ + { + "url": "https://github.com/kevva/caw#readme", + "type": "website" + }, + { + "url": "https://github.com/kevva/caw/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/kevva/caw.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/get-proxy@2.1.0", + "name": "get-proxy", + "version": "2.1.0", + "description": "Get configured proxy", + "hashes": [ + { + "alg": "SHA-1", + "content": "349f2b4d91d44c4d4d4e9cba2ad90143fac5ef93" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-proxy@2.1.0", + "externalReferences": [ + { + "url": "https://github.com/kevva/get-proxy#readme", + "type": "website" + }, + { + "url": "https://github.com/kevva/get-proxy/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/kevva/get-proxy.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/npm-conf@1.1.3", + "name": "npm-conf", + "version": "1.1.3", + "description": "Get the npm config", + "hashes": [ + { + "alg": "SHA-1", + "content": "256cc47bd0e218c259c4e9550bf413bc2192aff9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/npm-conf@1.1.3", + "externalReferences": [ + { + "url": "https://github.com/kevva/npm-conf#readme", + "type": "website" + }, + { + "url": "https://github.com/kevva/npm-conf/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/kevva/npm-conf.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/config-chain@1.1.12", + "name": "config-chain", + "version": "1.1.12", + "description": "HANDLE CONFIGURATION ONCE AND FOR ALL", + "hashes": [ + { + "alg": "SHA-1", + "content": "0fde8d091200eb5e808caf25fe618c02f48e4efa" + } + ], + "purl": "pkg:npm/config-chain@1.1.12", + "externalReferences": [ + { + "url": "http://github.com/dominictarr/config-chain", + "type": "website" + }, + { + "url": "https://github.com/dominictarr/config-chain/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/dominictarr/config-chain.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/proto-list@1.2.4", + "name": "proto-list", + "version": "1.2.4", + "description": "A utility for managing a prototype chain", + "hashes": [ + { + "alg": "SHA-1", + "content": "212d5bfe1318306a420f6402b8e26ff39647a849" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/proto-list@1.2.4", + "externalReferences": [ + { + "url": "https://github.com/isaacs/proto-list#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/proto-list/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/isaacs/proto-list.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/isurl@1.0.0", + "name": "isurl", + "version": "1.0.0", + "description": "Checks whether a value is a WHATWG URL.", + "hashes": [ + { + "alg": "SHA-1", + "content": "b27f4f49f3cdaa3ea44a0a5b7f3462e6edc39d67" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/isurl@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/stevenvachon/isurl#readme", + "type": "website" + }, + { + "url": "https://github.com/stevenvachon/isurl/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/stevenvachon/isurl.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/has-to-string-tag-x@1.4.1", + "name": "has-to-string-tag-x", + "version": "1.4.1", + "description": "Tests if ES6 @@toStringTag is supported.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a045ab383d7b4b2012a00148ab0aa5f290044d4d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-to-string-tag-x@1.4.1", + "externalReferences": [ + { + "url": "https://github.com/Xotic750/has-to-string-tag-x", + "type": "website" + }, + { + "url": "https://github.com/Xotic750/has-to-string-tag-x/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/Xotic750/has-to-string-tag-x.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/has-symbol-support-x@1.4.2", + "name": "has-symbol-support-x", + "version": "1.4.2", + "description": "Tests if ES6 Symbol is supported.", + "hashes": [ + { + "alg": "SHA-1", + "content": "1409f98bc00247da45da67cee0a36f282ff26455" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-symbol-support-x@1.4.2", + "externalReferences": [ + { + "url": "https://github.com/Xotic750/has-symbol-support-x", + "type": "website" + }, + { + "url": "https://github.com/Xotic750/has-symbol-support-x/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/Xotic750/has-symbol-support-x.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-object@1.0.1", + "name": "is-object", + "version": "1.0.1", + "description": "Checks whether a value is an object", + "hashes": [ + { + "alg": "SHA-1", + "content": "8952688c5ec2ffd6b03ecc85e769e02903083470" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-object@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/ljharb/is-object", + "type": "website" + }, + { + "url": "https://github.com/ljharb/is-object/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/ljharb/is-object.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/tunnel-agent@0.6.0", + "name": "tunnel-agent", + "version": "0.6.0", + "description": "HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.", + "hashes": [ + { + "alg": "SHA-1", + "content": "27a5dea06b36b04a0a9966774b290868f0fc40fd" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/tunnel-agent@0.6.0", + "externalReferences": [ + { + "url": "https://github.com/mikeal/tunnel-agent#readme", + "type": "website" + }, + { + "url": "https://github.com/mikeal/tunnel-agent/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mikeal/tunnel-agent.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/url-to-options@1.0.1", + "name": "url-to-options", + "version": "1.0.1", + "description": "Convert a WHATWG URL to an http(s).request options object.", + "hashes": [ + { + "alg": "SHA-1", + "content": "1505a03a289a48cbd7a434efbaeec5055f5633a9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/url-to-options@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/stevenvachon/url-to-options#readme", + "type": "website" + }, + { + "url": "https://github.com/stevenvachon/url-to-options/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/stevenvachon/url-to-options.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/content-disposition@0.5.3", + "name": "content-disposition", + "version": "0.5.3", + "description": "Create and parse Content-Disposition header", + "hashes": [ + { + "alg": "SHA-1", + "content": "e130caf7e7279087c5616c2007d0485698984fbd" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/content-disposition@0.5.3", + "externalReferences": [ + { + "url": "https://github.com/jshttp/content-disposition#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/content-disposition/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/content-disposition.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/decompress@4.2.1", + "name": "decompress", + "version": "4.2.1", + "description": "Extracting archives made easy", + "hashes": [ + { + "alg": "SHA-1", + "content": "007f55cc6a62c055afa37c07eb6a4ee1b773f118" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decompress@4.2.1", + "externalReferences": [ + { + "url": "https://github.com/kevva/decompress#readme", + "type": "website" + }, + { + "url": "https://github.com/kevva/decompress/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/kevva/decompress.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/decompress-tar@4.1.1", + "name": "decompress-tar", + "version": "4.1.1", + "description": "decompress tar plugin", + "hashes": [ + { + "alg": "SHA-1", + "content": "718cbd3fcb16209716e70a26b84e7ba4592e5af1" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decompress-tar@4.1.1", + "externalReferences": [ + { + "url": "https://github.com/kevva/decompress-tar#readme", + "type": "website" + }, + { + "url": "https://github.com/kevva/decompress-tar/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/kevva/decompress-tar.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/file-type@5.2.0", + "name": "file-type", + "version": "5.2.0", + "description": "Detect the file type of a Buffer/Uint8Array", + "hashes": [ + { + "alg": "SHA-1", + "content": "2ddbea7c73ffe36368dfae49dc338c058c2b8ad6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/file-type@5.2.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/file-type#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/file-type/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/file-type.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-stream@1.1.0", + "name": "is-stream", + "version": "1.1.0", + "description": "Check if something is a Node.js stream", + "hashes": [ + { + "alg": "SHA-1", + "content": "12d4a3dd4e68e0b79ceb8dbc84173ae80d91ca44" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-stream@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/is-stream#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/is-stream/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/is-stream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/tar-stream@1.6.2", + "name": "tar-stream", + "version": "1.6.2", + "description": "tar-stream is a streaming tar parser and generator and nothing else. It is streams2 and operates purely using streams which means you can easily extract/parse tarballs without ever hitting the file system.", + "hashes": [ + { + "alg": "SHA-1", + "content": "8ea55dab37972253d9a9af90fdcd559ae435c555" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tar-stream@1.6.2", + "externalReferences": [ + { + "url": "https://github.com/mafintosh/tar-stream", + "type": "website" + }, + { + "url": "https://github.com/mafintosh/tar-stream/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mafintosh/tar-stream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/bl@1.2.2", + "name": "bl", + "version": "1.2.2", + "description": "Buffer List: collect buffers and access with a standard readable Buffer interface, streamable too!", + "hashes": [ + { + "alg": "SHA-1", + "content": "a160911717103c07410cef63ef51b397c025af9c" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bl@1.2.2", + "externalReferences": [ + { + "url": "https://github.com/rvagg/bl", + "type": "website" + }, + { + "url": "https://github.com/rvagg/bl/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/rvagg/bl.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/readable-stream@2.3.7", + "name": "readable-stream", + "version": "2.3.7", + "description": "Streams3, a user-land copy of the stream library from Node.js", + "hashes": [ + { + "alg": "SHA-1", + "content": "1eca1cf711aef814c04f62252a36a62f6cb23b57" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@2.3.7", + "externalReferences": [ + { + "url": "https://github.com/nodejs/readable-stream#readme", + "type": "website" + }, + { + "url": "https://github.com/nodejs/readable-stream/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/nodejs/readable-stream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/core-util-is@1.0.2", + "name": "core-util-is", + "version": "1.0.2", + "description": "The \u0060util.is*\u0060 functions introduced in Node v0.12.", + "hashes": [ + { + "alg": "SHA-1", + "content": "b5fd54220aa2bc5ab57aab7140c940754503c1a7" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/core-util-is@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/isaacs/core-util-is#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/core-util-is/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/isaacs/core-util-is.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/process-nextick-args@2.0.1", + "name": "process-nextick-args", + "version": "2.0.1", + "description": "process.nextTick but always with args", + "hashes": [ + { + "alg": "SHA-1", + "content": "7820d9b16120cc55ca9ae7792680ae7dba6d7fe2" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/process-nextick-args@2.0.1", + "externalReferences": [ + { + "url": "https://github.com/calvinmetcalf/process-nextick-args", + "type": "website" + }, + { + "url": "https://github.com/calvinmetcalf/process-nextick-args/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/calvinmetcalf/process-nextick-args.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/string_decoder@1.1.1", + "name": "string_decoder", + "version": "1.1.1", + "description": "The string_decoder module from Node core", + "hashes": [ + { + "alg": "SHA-1", + "content": "9cf1611ba62685d7030ae9e4ba34149c3af03fc8" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string_decoder@1.1.1", + "externalReferences": [ + { + "url": "https://github.com/nodejs/string_decoder", + "type": "website" + }, + { + "url": "https://github.com/nodejs/string_decoder/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/nodejs/string_decoder.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/util-deprecate@1.0.2", + "name": "util-deprecate", + "version": "1.0.2", + "description": "The Node.js \u0060util.deprecate()\u0060 function with browser support", + "hashes": [ + { + "alg": "SHA-1", + "content": "450d4dc9fa70de732762fbd2d4a28981419a0ccf" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/util-deprecate@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/TooTallNate/util-deprecate", + "type": "website" + }, + { + "url": "https://github.com/TooTallNate/util-deprecate/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/TooTallNate/util-deprecate.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/buffer-alloc@1.2.0", + "name": "buffer-alloc", + "version": "1.2.0", + "description": "A [ponyfill](https://ponyfill.com) for \u0060Buffer.alloc\u0060.", + "hashes": [ + { + "alg": "SHA-1", + "content": "890dd90d923a873e08e10e5fd51a57e5b7cce0ec" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/buffer-alloc@1.2.0", + "externalReferences": [ + { + "url": "https://github.com/LinusU/buffer-alloc#readme", + "type": "website" + }, + { + "url": "https://github.com/LinusU/buffer-alloc/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/LinusU/buffer-alloc.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/buffer-alloc-unsafe@1.1.0", + "name": "buffer-alloc-unsafe", + "version": "1.1.0", + "description": "A [ponyfill](https://ponyfill.com) for \u0060Buffer.allocUnsafe\u0060.", + "hashes": [ + { + "alg": "SHA-1", + "content": "bd7dc26ae2972d0eda253be061dba992349c19f0" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/buffer-alloc-unsafe@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/LinusU/buffer-alloc-unsafe#readme", + "type": "website" + }, + { + "url": "https://github.com/LinusU/buffer-alloc-unsafe/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/LinusU/buffer-alloc-unsafe.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/buffer-fill@1.0.0", + "name": "buffer-fill", + "version": "1.0.0", + "description": "A [ponyfill](https://ponyfill.com) for \u0060Buffer.fill\u0060.", + "hashes": [ + { + "alg": "SHA-1", + "content": "f8f78b76789888ef39f205cd637f68e702122b2c" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/buffer-fill@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/LinusU/buffer-fill#readme", + "type": "website" + }, + { + "url": "https://github.com/LinusU/buffer-fill/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/LinusU/buffer-fill.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/end-of-stream@1.4.4", + "name": "end-of-stream", + "version": "1.4.4", + "description": "Call a callback when a readable/writable/duplex stream has completed or failed.", + "hashes": [ + { + "alg": "SHA-1", + "content": "5ae64a5f45057baf3626ec14da0ca5e4b2431eb0" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/end-of-stream@1.4.4", + "externalReferences": [ + { + "url": "https://github.com/mafintosh/end-of-stream", + "type": "website" + }, + { + "url": "https://github.com/mafintosh/end-of-stream/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/mafintosh/end-of-stream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/once@1.4.0", + "name": "once", + "version": "1.4.0", + "description": "Run a function exactly one time", + "hashes": [ + { + "alg": "SHA-1", + "content": "583b1aa775961d4b113ac17d9c50baef9dd76bd1" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/once@1.4.0", + "externalReferences": [ + { + "url": "https://github.com/isaacs/once#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/once/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/isaacs/once.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/wrappy@1.0.2", + "name": "wrappy", + "version": "1.0.2", + "description": "Callback wrapping utility", + "hashes": [ + { + "alg": "SHA-1", + "content": "b5243d8f3ec1aa35f1364605bc0d1036e30ab69f" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/wrappy@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/npm/wrappy", + "type": "website" + }, + { + "url": "https://github.com/npm/wrappy/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/npm/wrappy.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/fs-constants@1.0.0", + "name": "fs-constants", + "version": "1.0.0", + "description": "Require constants across node and the browser", + "hashes": [ + { + "alg": "SHA-1", + "content": "6be0de9be998ce16af8afc24497b9ee9b7ccd9ad" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fs-constants@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/mafintosh/fs-constants", + "type": "website" + }, + { + "url": "https://github.com/mafintosh/fs-constants/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mafintosh/fs-constants.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/to-buffer@1.1.1", + "name": "to-buffer", + "version": "1.1.1", + "description": "Pass in a string, get a buffer back. Pass in a buffer, get the same buffer back", + "hashes": [ + { + "alg": "SHA-1", + "content": "493bd48f62d7c43fcded313a03dcadb2e1213a80" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-buffer@1.1.1", + "externalReferences": [ + { + "url": "https://github.com/mafintosh/to-buffer", + "type": "website" + }, + { + "url": "https://github.com/mafintosh/to-buffer/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mafintosh/to-buffer.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/xtend@4.0.2", + "name": "xtend", + "version": "4.0.2", + "description": "extend like a boss", + "hashes": [ + { + "alg": "SHA-1", + "content": "bb72779f5fa465186b1f438f674fa347fdb5db54" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/xtend@4.0.2", + "externalReferences": [ + { + "url": "https://github.com/Raynos/xtend", + "type": "website" + }, + { + "url": "https://github.com/Raynos/xtend/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/Raynos/xtend.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/decompress-tarbz2@4.1.1", + "name": "decompress-tarbz2", + "version": "4.1.1", + "description": "decompress tar.bz2 plugin", + "hashes": [ + { + "alg": "SHA-1", + "content": "3082a5b880ea4043816349f378b56c516be1a39b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decompress-tarbz2@4.1.1", + "externalReferences": [ + { + "url": "https://github.com/kevva/decompress-tarbz2#readme", + "type": "website" + }, + { + "url": "https://github.com/kevva/decompress-tarbz2/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/kevva/decompress-tarbz2.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/file-type@6.2.0", + "name": "file-type", + "version": "6.2.0", + "description": "Detect the file type of a Buffer/Uint8Array", + "hashes": [ + { + "alg": "SHA-1", + "content": "e50cd75d356ffed4e306dc4f5bcf52a79903a919" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/file-type@6.2.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/file-type#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/file-type/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/file-type.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/seek-bzip@1.0.5", + "name": "seek-bzip", + "version": "1.0.5", + "description": "a pure-JavaScript Node.JS module for random-access decoding bzip2 data", + "hashes": [ + { + "alg": "SHA-1", + "content": "cfe917cb3d274bcffac792758af53173eb1fabdc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/seek-bzip@1.0.5", + "externalReferences": [ + { + "url": "https://github.com/cscott/seek-bzip#readme", + "type": "website" + }, + { + "url": "https://github.com/cscott/seek-bzip/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/cscott/seek-bzip.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/commander@2.8.1", + "name": "commander", + "version": "2.8.1", + "description": "the complete solution for node.js command-line programs", + "hashes": [ + { + "alg": "SHA-1", + "content": "06be367febfda0c330aa1e2a072d3dc9762425d4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@2.8.1", + "externalReferences": [ + { + "url": "https://github.com/tj/commander.js#readme", + "type": "website" + }, + { + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/tj/commander.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/graceful-readlink@1.0.1", + "name": "graceful-readlink", + "version": "1.0.1", + "description": "graceful fs.readlink", + "hashes": [ + { + "alg": "SHA-1", + "content": "4cafad76bc62f02fa039b2f94e9a3dd3a391a725" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/graceful-readlink@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/zhiyelee/graceful-readlink", + "type": "website" + }, + { + "url": "https://github.com/zhiyelee/graceful-readlink/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/zhiyelee/graceful-readlink.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/unbzip2-stream@1.4.3", + "name": "unbzip2-stream", + "version": "1.4.3", + "description": "streaming unbzip2 implementation in pure javascript for node and browsers", + "hashes": [ + { + "alg": "SHA-1", + "content": "b0da04c4371311df771cdc215e87f2130991ace7" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/unbzip2-stream@1.4.3", + "externalReferences": [ + { + "url": "https://github.com/regular/unbzip2-stream#readme", + "type": "website" + }, + { + "url": "https://github.com/regular/unbzip2-stream/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/regular/unbzip2-stream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/buffer@5.6.0", + "name": "buffer", + "version": "5.6.0", + "description": "Node.js Buffer API, for the browser", + "hashes": [ + { + "alg": "SHA-1", + "content": "a31749dc7d81d84db08abf937b6b8c4033f62786" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/buffer@5.6.0", + "externalReferences": [ + { + "url": "https://github.com/feross/buffer", + "type": "website" + }, + { + "url": "https://github.com/feross/buffer/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/feross/buffer.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/base64-js@1.3.1", + "name": "base64-js", + "version": "1.3.1", + "description": "Base64 encoding/decoding in pure JS", + "hashes": [ + { + "alg": "SHA-1", + "content": "58ece8cb75dd07e71ed08c736abc5fac4dbf8df1" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/base64-js@1.3.1", + "externalReferences": [ + { + "url": "https://github.com/beatgammit/base64-js", + "type": "website" + }, + { + "url": "https://github.com/beatgammit/base64-js/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/beatgammit/base64-js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ieee754@1.1.13", + "name": "ieee754", + "version": "1.1.13", + "description": "Read/write IEEE754 floating point numbers from/to a Buffer or array-like object", + "hashes": [ + { + "alg": "SHA-1", + "content": "ec168558e95aa181fd87d37f55c32bbcb6708b84" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/ieee754@1.1.13", + "externalReferences": [ + { + "url": "https://github.com/feross/ieee754#readme", + "type": "website" + }, + { + "url": "https://github.com/feross/ieee754/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/feross/ieee754.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/through@2.3.8", + "name": "through", + "version": "2.3.8", + "description": "simplified stream construction", + "hashes": [ + { + "alg": "SHA-1", + "content": "0dd4c9ffaabc357960b1b724115d7e0e86a2e1f5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/through@2.3.8", + "externalReferences": [ + { + "url": "https://github.com/dominictarr/through", + "type": "website" + }, + { + "url": "https://github.com/dominictarr/through/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/dominictarr/through.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/decompress-targz@4.1.1", + "name": "decompress-targz", + "version": "4.1.1", + "description": "decompress tar.gz plugin", + "hashes": [ + { + "alg": "SHA-1", + "content": "c09bc35c4d11f3de09f2d2da53e9de23e7ce1eee" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decompress-targz@4.1.1", + "externalReferences": [ + { + "url": "https://github.com/kevva/decompress-targz#readme", + "type": "website" + }, + { + "url": "https://github.com/kevva/decompress-targz/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/kevva/decompress-targz.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/decompress-unzip@4.0.1", + "name": "decompress-unzip", + "version": "4.0.1", + "description": "decompress zip plugin", + "hashes": [ + { + "alg": "SHA-1", + "content": "deaaccdfd14aeaf85578f733ae8210f9b4848f69" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decompress-unzip@4.0.1", + "externalReferences": [ + { + "url": "https://github.com/kevva/decompress-unzip#readme", + "type": "website" + }, + { + "url": "https://github.com/kevva/decompress-unzip/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/kevva/decompress-unzip.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/file-type@3.9.0", + "name": "file-type", + "version": "3.9.0", + "description": "Detect the file type of a Buffer/Uint8Array", + "hashes": [ + { + "alg": "SHA-1", + "content": "257a078384d1db8087bc449d107d52a52672b9e9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/file-type@3.9.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/file-type#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/file-type/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/file-type.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/get-stream@2.3.1", + "name": "get-stream", + "version": "2.3.1", + "description": "Get a stream as a string, buffer, or array", + "hashes": [ + { + "alg": "SHA-1", + "content": "5f38f93f346009666ee0150a054167f91bdd95de" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-stream@2.3.1", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/get-stream#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/get-stream/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/get-stream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pinkie-promise@2.0.1", + "name": "pinkie-promise", + "version": "2.0.1", + "description": "ES2015 Promise ponyfill", + "hashes": [ + { + "alg": "SHA-1", + "content": "2135d6dfa7a358c069ac9b178776288228450ffa" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pinkie-promise@2.0.1", + "externalReferences": [ + { + "url": "https://github.com/floatdrop/pinkie-promise#readme", + "type": "website" + }, + { + "url": "https://github.com/floatdrop/pinkie-promise/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/floatdrop/pinkie-promise.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pinkie@2.0.4", + "name": "pinkie", + "version": "2.0.4", + "description": "Itty bitty little widdle twinkie pinkie ES2015 Promise implementation", + "hashes": [ + { + "alg": "SHA-1", + "content": "72556b80cfa0d48a974e80e77248e80ed4f7f870" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pinkie@2.0.4", + "externalReferences": [ + { + "url": "https://github.com/floatdrop/pinkie#readme", + "type": "website" + }, + { + "url": "https://github.com/floatdrop/pinkie/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/floatdrop/pinkie.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pify@2.3.0", + "name": "pify", + "version": "2.3.0", + "description": "Promisify a callback-style function", + "hashes": [ + { + "alg": "SHA-1", + "content": "ed141a6ac043a849ea588498e7dca8b15330e90c" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pify@2.3.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/pify#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/pify/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/pify.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/yauzl@2.10.0", + "name": "yauzl", + "version": "2.10.0", + "description": "yet another unzip library for node", + "hashes": [ + { + "alg": "SHA-1", + "content": "c7eb17c93e112cb1086fa6d8e51fb0667b79a5f9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yauzl@2.10.0", + "externalReferences": [ + { + "url": "https://github.com/thejoshwolfe/yauzl", + "type": "website" + }, + { + "url": "https://github.com/thejoshwolfe/yauzl/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/thejoshwolfe/yauzl.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/buffer-crc32@0.2.13", + "name": "buffer-crc32", + "version": "0.2.13", + "description": "A pure javascript CRC32 algorithm that plays nice with binary data", + "hashes": [ + { + "alg": "SHA-1", + "content": "0d333e3f00eac50aa1454abd30ef8c2a5d9a7242" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/buffer-crc32@0.2.13", + "externalReferences": [ + { + "url": "https://github.com/brianloveswords/buffer-crc32", + "type": "website" + }, + { + "url": "https://github.com/brianloveswords/buffer-crc32/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/brianloveswords/buffer-crc32.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/fd-slicer@1.1.0", + "name": "fd-slicer", + "version": "1.1.0", + "description": "safely create multiple ReadStream or WriteStream objects from the same file descriptor", + "hashes": [ + { + "alg": "SHA-1", + "content": "25c7c89cb1f9077f8891bbe61d8f390eae256f1e" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fd-slicer@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/andrewrk/node-fd-slicer#readme", + "type": "website" + }, + { + "url": "https://github.com/andrewrk/node-fd-slicer/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/andrewrk/node-fd-slicer.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pend@1.2.0", + "name": "pend", + "version": "1.2.0", + "description": "dead-simple optimistic async helper", + "hashes": [ + { + "alg": "SHA-1", + "content": "7a57eb550a6783f9115331fcf4663d5c8e007a50" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pend@1.2.0", + "externalReferences": [ + { + "url": "https://github.com/andrewrk/node-pend#readme", + "type": "website" + }, + { + "url": "https://github.com/andrewrk/node-pend/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/andrewrk/node-pend.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/make-dir@1.3.0", + "name": "make-dir", + "version": "1.3.0", + "description": "Make a directory and its parents if needed - Think \u0060mkdir -p\u0060", + "hashes": [ + { + "alg": "SHA-1", + "content": "79c1033b80515bd6d24ec9933e860ca75ee27f0c" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/make-dir@1.3.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/make-dir#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/make-dir/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/make-dir.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/strip-dirs@2.1.0", + "name": "strip-dirs", + "version": "2.1.0", + "description": "Remove leading directory components from a path, like tar\u0027s --strip-components option", + "hashes": [ + { + "alg": "SHA-1", + "content": "4987736264fc344cf20f6c34aca9d13d1d4ed6c5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-dirs@2.1.0", + "externalReferences": [ + { + "url": "https://github.com/shinnn/node-strip-dirs#readme", + "type": "website" + }, + { + "url": "https://github.com/shinnn/node-strip-dirs/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/shinnn/node-strip-dirs.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-natural-number@4.0.1", + "name": "is-natural-number", + "version": "4.0.1", + "description": "Check if a value is a natural number", + "hashes": [ + { + "alg": "SHA-1", + "content": "ab9d76e1db4ced51e35de0c72ebecf09f734cde8" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-natural-number@4.0.1", + "externalReferences": [ + { + "url": "https://github.com/shinnn/is-natural-number.js#readme", + "type": "website" + }, + { + "url": "https://github.com/shinnn/is-natural-number.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/shinnn/is-natural-number.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ext-name@5.0.0", + "name": "ext-name", + "version": "5.0.0", + "description": "Get the file extension and MIME type from a file", + "hashes": [ + { + "alg": "SHA-1", + "content": "70781981d183ee15d13993c8822045c506c8f0a6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ext-name@5.0.0", + "externalReferences": [ + { + "url": "https://github.com/kevva/ext-name#readme", + "type": "website" + }, + { + "url": "https://github.com/kevva/ext-name/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/kevva/ext-name.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ext-list@2.2.2", + "name": "ext-list", + "version": "2.2.2", + "description": "List of known file extensions and their MIME types", + "hashes": [ + { + "alg": "SHA-1", + "content": "0b98e64ed82f5acf0f2931babf69212ef52ddd37" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ext-list@2.2.2", + "externalReferences": [ + { + "url": "https://github.com/kevva/ext-list#readme", + "type": "website" + }, + { + "url": "https://github.com/kevva/ext-list/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/kevva/ext-list.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/sort-keys-length@1.0.1", + "name": "sort-keys-length", + "version": "1.0.1", + "description": "Sort objecy keys by length", + "hashes": [ + { + "alg": "SHA-1", + "content": "9cb6f4f4e9e48155a6aa0671edd336ff1479a188" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-keys-length@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/kevva/sort-keys-length#readme", + "type": "website" + }, + { + "url": "https://github.com/kevva/sort-keys-length/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/kevva/sort-keys-length.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/sort-keys@1.1.2", + "name": "sort-keys", + "version": "1.1.2", + "description": "Sort the keys of an object", + "hashes": [ + { + "alg": "SHA-1", + "content": "441b6d4d346798f1b4e49e8920adfba0e543f9ad" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-keys@1.1.2", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/sort-keys#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/sort-keys/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/sort-keys.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-plain-obj@1.1.0", + "name": "is-plain-obj", + "version": "1.1.0", + "description": "Check if a value is a plain object", + "hashes": [ + { + "alg": "SHA-1", + "content": "71a50c8429dfca773c92a390a4a03b39fcd51d3e" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-plain-obj@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/is-plain-obj#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/is-plain-obj/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/is-plain-obj.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/file-type@8.1.0", + "name": "file-type", + "version": "8.1.0", + "description": "Detect the file type of a Buffer/Uint8Array", + "hashes": [ + { + "alg": "SHA-1", + "content": "244f3b7ef641bbe0cca196c7276e4b332399f68c" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/file-type@8.1.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/file-type#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/file-type/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/file-type.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/filenamify@2.1.0", + "name": "filenamify", + "version": "2.1.0", + "description": "Convert a string to a valid safe filename", + "hashes": [ + { + "alg": "SHA-1", + "content": "88faf495fb1b47abfd612300002a16228c677ee9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/filenamify@2.1.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/filenamify#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/filenamify/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/filenamify.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/filename-reserved-regex@2.0.0", + "name": "filename-reserved-regex", + "version": "2.0.0", + "description": "Regular expression for matching reserved filename characters", + "hashes": [ + { + "alg": "SHA-1", + "content": "abf73dfab735d045440abfea2d91f389ebbfa229" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/filename-reserved-regex@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/filename-reserved-regex#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/filename-reserved-regex/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/filename-reserved-regex.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/strip-outer@1.0.1", + "name": "strip-outer", + "version": "1.0.1", + "description": "Strip a substring from the start/end of a string", + "hashes": [ + { + "alg": "SHA-1", + "content": "b2fd2abf6604b9d1e6013057195df836b8a9d631" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-outer@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/strip-outer#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/strip-outer/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/strip-outer.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/trim-repeated@1.0.0", + "name": "trim-repeated", + "version": "1.0.0", + "description": "Trim a consecutively repeated substring: foo--bar---baz \u2192 foo-bar-baz", + "hashes": [ + { + "alg": "SHA-1", + "content": "e3646a2ea4e891312bf7eace6cfb05380bc01c21" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/trim-repeated@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/trim-repeated#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/trim-repeated/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/trim-repeated.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/get-stream@3.0.0", + "name": "get-stream", + "version": "3.0.0", + "description": "Get a stream as a string, buffer, or array", + "hashes": [ + { + "alg": "SHA-1", + "content": "8e943d1358dc37555054ecbe2edb05aa174ede14" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/get-stream@3.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/get-stream#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/get-stream/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/get-stream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/got@8.3.2", + "name": "got", + "version": "8.3.2", + "description": "Simplified HTTP requests", + "hashes": [ + { + "alg": "SHA-1", + "content": "1d23f64390e97f776cac52e5b936e5f514d2e937" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/got@8.3.2", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/got#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/got/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/got.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/%40sindresorhus/is@0.7.0", + "group": "@sindresorhus", + "name": "is", + "version": "0.7.0", + "description": "Type check values: \u0060is.string(\u0027\uD83E\uDD84\u0027) //=\u003E true\u0060", + "hashes": [ + { + "alg": "SHA-1", + "content": "9a06f4f137ee84d7df0460c1fdb1135ffa6c50fd" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40sindresorhus/is@0.7.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/is#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/is/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/is.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/cacheable-request@2.1.4", + "name": "cacheable-request", + "version": "2.1.4", + "description": "Wrap native HTTP requests with RFC compliant cache support", + "hashes": [ + { + "alg": "SHA-1", + "content": "0d808801b6342ad33c91df9d0b44dc09b91e5c3d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cacheable-request@2.1.4", + "externalReferences": [ + { + "url": "https://github.com/lukechilds/cacheable-request", + "type": "website" + }, + { + "url": "https://github.com/lukechilds/cacheable-request/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/lukechilds/cacheable-request.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/clone-response@1.0.2", + "name": "clone-response", + "version": "1.0.2", + "description": "Clone a Node.js HTTP response stream", + "hashes": [ + { + "alg": "SHA-1", + "content": "d1dc973920314df67fbeb94223b4ee350239e96b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clone-response@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/lukechilds/clone-response", + "type": "website" + }, + { + "url": "https://github.com/lukechilds/clone-response/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/lukechilds/clone-response.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/mimic-response@1.0.1", + "name": "mimic-response", + "version": "1.0.1", + "description": "Mimic a Node.js HTTP response stream", + "hashes": [ + { + "alg": "SHA-1", + "content": "4923538878eef42063cb8a3e3b0798781487ab1b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-response@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/mimic-response#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/mimic-response/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/mimic-response.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/http-cache-semantics@3.8.1", + "name": "http-cache-semantics", + "version": "3.8.1", + "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies", + "hashes": [ + { + "alg": "SHA-1", + "content": "39b0e16add9b605bf0a9ef3d9daaf4843b4cacd2" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/http-cache-semantics@3.8.1", + "externalReferences": [ + { + "url": "https://github.com/pornel/http-cache-semantics#readme", + "type": "website" + }, + { + "url": "https://github.com/pornel/http-cache-semantics/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/pornel/http-cache-semantics.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/keyv@3.0.0", + "name": "keyv", + "version": "3.0.0", + "description": "Simple key-value storage with support for multiple backends", + "hashes": [ + { + "alg": "SHA-1", + "content": "44923ba39e68b12a7cec7df6c3268c031f2ef373" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/keyv@3.0.0", + "externalReferences": [ + { + "url": "https://github.com/lukechilds/keyv", + "type": "website" + }, + { + "url": "https://github.com/lukechilds/keyv/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/lukechilds/keyv.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/json-buffer@3.0.0", + "name": "json-buffer", + "version": "3.0.0", + "description": "JSON parse \u0026 stringify that supports binary via bops \u0026 base64", + "hashes": [ + { + "alg": "SHA-1", + "content": "5b1f397afc75d677bde8bcfc0e47e1f9a3d9a898" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-buffer@3.0.0", + "externalReferences": [ + { + "url": "https://github.com/dominictarr/json-buffer", + "type": "website" + }, + { + "url": "https://github.com/dominictarr/json-buffer/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/dominictarr/json-buffer.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/lowercase-keys@1.0.0", + "name": "lowercase-keys", + "version": "1.0.0", + "description": "Lowercase the keys of an object", + "hashes": [ + { + "alg": "SHA-1", + "content": "4e3366b39e7f5457e35f1324bdf6f88d0bfc7306" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lowercase-keys@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/lowercase-keys#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/lowercase-keys/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/lowercase-keys.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/normalize-url@2.0.1", + "name": "normalize-url", + "version": "2.0.1", + "description": "Normalize a URL", + "hashes": [ + { + "alg": "SHA-1", + "content": "835a9da1551fa26f70e92329069a23aa6574d7e6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/normalize-url@2.0.1", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/normalize-url#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/normalize-url/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/normalize-url.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/prepend-http@2.0.0", + "name": "prepend-http", + "version": "2.0.0", + "description": "Prepend \u0060http://\u0060 to humanized URLs like todomvc.com and localhost", + "hashes": [ + { + "alg": "SHA-1", + "content": "e92434bfa5ea8c19f41cdfd401d741a3c819d897" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prepend-http@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/prepend-http#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/prepend-http/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/prepend-http.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/query-string@5.1.1", + "name": "query-string", + "version": "5.1.1", + "description": "Parse and stringify URL query strings", + "hashes": [ + { + "alg": "SHA-1", + "content": "a78c012b71c17e05f2e3fa2319dd330682efb3cb" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/query-string@5.1.1", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/query-string#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/query-string/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/query-string.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/strict-uri-encode@1.1.0", + "name": "strict-uri-encode", + "version": "1.1.0", + "description": "A stricter URI encode adhering to RFC 3986", + "hashes": [ + { + "alg": "SHA-1", + "content": "279b225df1d582b1f54e65addd4352e18faa0713" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strict-uri-encode@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/kevva/strict-uri-encode#readme", + "type": "website" + }, + { + "url": "https://github.com/kevva/strict-uri-encode/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/kevva/strict-uri-encode.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/sort-keys@2.0.0", + "name": "sort-keys", + "version": "2.0.0", + "description": "Sort the keys of an object", + "hashes": [ + { + "alg": "SHA-1", + "content": "658535584861ec97d730d6cf41822e1f56684128" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sort-keys@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/sort-keys#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/sort-keys/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/sort-keys.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/responselike@1.0.2", + "name": "responselike", + "version": "1.0.2", + "description": "A response-like object for mocking a Node.js HTTP response stream", + "hashes": [ + { + "alg": "SHA-1", + "content": "918720ef3b631c5642be068f15ade5a46f4ba1e7" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/responselike@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/lukechilds/responselike#readme", + "type": "website" + }, + { + "url": "https://github.com/lukechilds/responselike/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/lukechilds/responselike.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/lowercase-keys@1.0.1", + "name": "lowercase-keys", + "version": "1.0.1", + "description": "Lowercase the keys of an object", + "hashes": [ + { + "alg": "SHA-1", + "content": "6f9e30b47084d971a7c820ff15a6c5167b74c26f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lowercase-keys@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/lowercase-keys#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/lowercase-keys/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/lowercase-keys.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/decompress-response@3.3.0", + "name": "decompress-response", + "version": "3.3.0", + "description": "Decompress a HTTP response if needed", + "hashes": [ + { + "alg": "SHA-1", + "content": "80a4dd323748384bfa248083622aedec982adff3" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decompress-response@3.3.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/decompress-response#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/decompress-response/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/decompress-response.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/duplexer3@0.1.4", + "name": "duplexer3", + "version": "0.1.4", + "description": "Like duplexer but using streams3", + "hashes": [ + { + "alg": "SHA-1", + "content": "ee01dd1cac0ed3cbc7fdbea37dc0a8f1ce002ce2" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/duplexer3@0.1.4", + "externalReferences": [ + { + "url": "https://github.com/floatdrop/duplexer3#readme", + "type": "website" + }, + { + "url": "https://github.com/floatdrop/duplexer3/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/floatdrop/duplexer3.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/into-stream@3.1.0", + "name": "into-stream", + "version": "3.1.0", + "description": "Convert a buffer/string/array/object/iterable/promise into a stream", + "hashes": [ + { + "alg": "SHA-1", + "content": "96fb0a936c12babd6ff1752a17d05616abd094c6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/into-stream@3.1.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/into-stream#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/into-stream/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/into-stream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/from2@2.3.0", + "name": "from2", + "version": "2.3.0", + "description": "Convenience wrapper for ReadableStream, with an API lifted from \u0022from\u0022 and \u0022through2\u0022", + "hashes": [ + { + "alg": "SHA-1", + "content": "8bfb5502bde4a4d36cfdeea007fcca21d7e382af" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/from2@2.3.0", + "externalReferences": [ + { + "url": "https://github.com/hughsk/from2", + "type": "website" + }, + { + "url": "https://github.com/hughsk/from2/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/hughsk/from2.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/p-is-promise@1.1.0", + "name": "p-is-promise", + "version": "1.1.0", + "description": "Check if something is a promise", + "hashes": [ + { + "alg": "SHA-1", + "content": "9c9456989e9f6588017b0434d56097675c3da05e" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-is-promise@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/p-is-promise#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/p-is-promise/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/p-is-promise.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-retry-allowed@1.2.0", + "name": "is-retry-allowed", + "version": "1.2.0", + "description": "Is retry allowed for Error?", + "hashes": [ + { + "alg": "SHA-1", + "content": "d778488bd0a4666a3be8a1482b9f2baafedea8b4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-retry-allowed@1.2.0", + "externalReferences": [ + { + "url": "https://github.com/floatdrop/is-retry-allowed#readme", + "type": "website" + }, + { + "url": "https://github.com/floatdrop/is-retry-allowed/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/floatdrop/is-retry-allowed.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/p-cancelable@0.4.1", + "name": "p-cancelable", + "version": "0.4.1", + "description": "Create a promise that can be canceled", + "hashes": [ + { + "alg": "SHA-1", + "content": "35f363d67d52081c8d9585e37bcceb7e0bbcb2a0" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-cancelable@0.4.1", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/p-cancelable#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/p-cancelable/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/p-cancelable.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/p-timeout@2.0.1", + "name": "p-timeout", + "version": "2.0.1", + "description": "Timeout a promise after a specified amount of time", + "hashes": [ + { + "alg": "SHA-1", + "content": "d8dd1979595d2dc0139e1fe46b8b646cb3cdf038" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-timeout@2.0.1", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/p-timeout#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/p-timeout/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/p-timeout.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/p-finally@1.0.0", + "name": "p-finally", + "version": "1.0.0", + "description": "\u0060Promise#finally()\u0060 ponyfill - Invoked when the promise is settled regardless of outcome", + "hashes": [ + { + "alg": "SHA-1", + "content": "3fbcfb15b899a44123b34b6dcc18b724336a2cae" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-finally@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/p-finally#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/p-finally/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/p-finally.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/timed-out@4.0.1", + "name": "timed-out", + "version": "4.0.1", + "description": "Emit \u0060ETIMEDOUT\u0060 or \u0060ESOCKETTIMEDOUT\u0060 when ClientRequest is hanged", + "hashes": [ + { + "alg": "SHA-1", + "content": "f32eacac5a175bea25d7fab565ab3ed8741ef56f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/timed-out@4.0.1", + "externalReferences": [ + { + "url": "https://github.com/floatdrop/timed-out#readme", + "type": "website" + }, + { + "url": "https://github.com/floatdrop/timed-out/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/floatdrop/timed-out.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/url-parse-lax@3.0.0", + "name": "url-parse-lax", + "version": "3.0.0", + "description": "Lax url.parse() with support for protocol-less URLs \u0026 IPs", + "hashes": [ + { + "alg": "SHA-1", + "content": "16b5cafc07dbe3676c1b1999177823d6503acb0c" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/url-parse-lax@3.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/url-parse-lax#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/url-parse-lax/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/url-parse-lax.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/p-event@2.3.1", + "name": "p-event", + "version": "2.3.1", + "description": "Promisify an event by waiting for it to be emitted", + "hashes": [ + { + "alg": "SHA-1", + "content": "596279ef169ab2c3e0cae88c1cfbb08079993ef6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-event@2.3.1", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/p-event#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/p-event/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/p-event.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/errorhandler@1.5.1", + "name": "errorhandler", + "version": "1.5.1", + "description": "Development-only error handler middleware", + "hashes": [ + { + "alg": "SHA-1", + "content": "b9ba5d17cf90744cd1e851357a6e75bf806a9a91" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/errorhandler@1.5.1", + "externalReferences": [ + { + "url": "https://github.com/expressjs/errorhandler#readme", + "type": "website" + }, + { + "url": "https://github.com/expressjs/errorhandler/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/expressjs/errorhandler.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/escape-html@1.0.3", + "name": "escape-html", + "version": "1.0.3", + "description": "Escape string for use in HTML", + "hashes": [ + { + "alg": "SHA-1", + "content": "0258eae4d3d0c0974de1c169188ef0051d1d1988" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-html@1.0.3", + "externalReferences": [ + { + "url": "https://github.com/component/escape-html#readme", + "type": "website" + }, + { + "url": "https://github.com/component/escape-html/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/component/escape-html.git", + "type": "vcs" + } + ] + }, + { + "type": "framework", + "bom-ref": "juice-shop@11.1.2:pkg:npm/express@4.17.1", + "name": "express", + "version": "4.17.1", + "description": "Fast, unopinionated, minimalist web framework", + "hashes": [ + { + "alg": "SHA-1", + "content": "4491fc38605cf51f8629d39c2b5d026f98a4c134" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/express@4.17.1", + "externalReferences": [ + { + "url": "http://expressjs.com/", + "type": "website" + }, + { + "url": "https://github.com/expressjs/express/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/expressjs/express.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/array-flatten@1.1.1", + "name": "array-flatten", + "version": "1.1.1", + "description": "Flatten an array of nested arrays into a single flat array", + "hashes": [ + { + "alg": "SHA-1", + "content": "9a5f699051b1e7073328f2a008968b64ea2955d2" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-flatten@1.1.1", + "externalReferences": [ + { + "url": "https://github.com/blakeembrey/array-flatten", + "type": "website" + }, + { + "url": "https://github.com/blakeembrey/array-flatten/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/blakeembrey/array-flatten.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/encodeurl@1.0.2", + "name": "encodeurl", + "version": "1.0.2", + "description": "Encode a URL to a percent-encoded form, excluding already-encoded sequences", + "hashes": [ + { + "alg": "SHA-1", + "content": "ad3ff4c86ec2d029322f5a02c3a9a606c95b3f59" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/encodeurl@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/pillarjs/encodeurl#readme", + "type": "website" + }, + { + "url": "https://github.com/pillarjs/encodeurl/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/pillarjs/encodeurl.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/etag@1.8.1", + "name": "etag", + "version": "1.8.1", + "description": "Create simple HTTP ETags", + "hashes": [ + { + "alg": "SHA-1", + "content": "41ae2eeb65efa62268aebfea83ac7d79299b0887" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/etag@1.8.1", + "externalReferences": [ + { + "url": "https://github.com/jshttp/etag#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/etag/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/etag.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/finalhandler@1.1.2", + "name": "finalhandler", + "version": "1.1.2", + "description": "Node.js final http responder", + "hashes": [ + { + "alg": "SHA-1", + "content": "b7e7d000ffd11938d0fdb053506f6ebabe9f587d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/finalhandler@1.1.2", + "externalReferences": [ + { + "url": "https://github.com/pillarjs/finalhandler#readme", + "type": "website" + }, + { + "url": "https://github.com/pillarjs/finalhandler/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/pillarjs/finalhandler.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/parseurl@1.3.3", + "name": "parseurl", + "version": "1.3.3", + "description": "parse a url with memoization", + "hashes": [ + { + "alg": "SHA-1", + "content": "9da19e7bee8d12dff0513ed5b76957793bc2e8d4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parseurl@1.3.3", + "externalReferences": [ + { + "url": "https://github.com/pillarjs/parseurl#readme", + "type": "website" + }, + { + "url": "https://github.com/pillarjs/parseurl/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/pillarjs/parseurl.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/fresh@0.5.2", + "name": "fresh", + "version": "0.5.2", + "description": "HTTP response freshness testing", + "hashes": [ + { + "alg": "SHA-1", + "content": "3d8cadd90d976569fa835ab1f8e4b23a105605a7" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fresh@0.5.2", + "externalReferences": [ + { + "url": "https://github.com/jshttp/fresh#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/fresh/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/fresh.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/merge-descriptors@1.0.1", + "name": "merge-descriptors", + "version": "1.0.1", + "description": "Merge objects using descriptors", + "hashes": [ + { + "alg": "SHA-1", + "content": "b00aaa556dd8b44568150ec9d1b953f3f90cbb61" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge-descriptors@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/component/merge-descriptors#readme", + "type": "website" + }, + { + "url": "https://github.com/component/merge-descriptors/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/component/merge-descriptors.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/methods@1.1.2", + "name": "methods", + "version": "1.1.2", + "description": "HTTP methods that node supports", + "hashes": [ + { + "alg": "SHA-1", + "content": "5529a4d67654134edcc5266656835b0f851afcee" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/methods@1.1.2", + "externalReferences": [ + { + "url": "https://github.com/jshttp/methods#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/methods/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/methods.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/path-to-regexp@0.1.7", + "name": "path-to-regexp", + "version": "0.1.7", + "description": "Express style path to RegExp utility", + "hashes": [ + { + "alg": "SHA-1", + "content": "df604178005f522f15eb4490e7247a1bfaa67f8c" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-to-regexp@0.1.7", + "externalReferences": [ + { + "url": "https://github.com/component/path-to-regexp#readme", + "type": "website" + }, + { + "url": "https://github.com/component/path-to-regexp/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/component/path-to-regexp.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/proxy-addr@2.0.6", + "name": "proxy-addr", + "version": "2.0.6", + "description": "Determine address of proxied request", + "hashes": [ + { + "alg": "SHA-1", + "content": "fdc2336505447d3f2f2c638ed272caf614bbb2bf" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/proxy-addr@2.0.6", + "externalReferences": [ + { + "url": "https://github.com/jshttp/proxy-addr#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/proxy-addr/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/proxy-addr.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/forwarded@0.1.2", + "name": "forwarded", + "version": "0.1.2", + "description": "Parse HTTP X-Forwarded-For header", + "hashes": [ + { + "alg": "SHA-1", + "content": "98c23dab1175657b8c0573e8ceccd91b0ff18c84" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/forwarded@0.1.2", + "externalReferences": [ + { + "url": "https://github.com/jshttp/forwarded#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/forwarded/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/forwarded.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ipaddr.js@1.9.1", + "name": "ipaddr.js", + "version": "1.9.1", + "description": "A library for manipulating IPv4 and IPv6 addresses in JavaScript.", + "hashes": [ + { + "alg": "SHA-1", + "content": "bff38543eeb8984825079ff3a2a8e6cbd46781b3" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ipaddr.js@1.9.1", + "externalReferences": [ + { + "url": "https://github.com/whitequark/ipaddr.js#readme", + "type": "website" + }, + { + "url": "https://github.com/whitequark/ipaddr.js/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/whitequark/ipaddr.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/range-parser@1.2.1", + "name": "range-parser", + "version": "1.2.1", + "description": "Range header field string parser", + "hashes": [ + { + "alg": "SHA-1", + "content": "3cf37023d199e1c24d1a55b84800c2f3e6468031" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/range-parser@1.2.1", + "externalReferences": [ + { + "url": "https://github.com/jshttp/range-parser#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/range-parser/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/range-parser.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/send@0.17.1", + "name": "send", + "version": "0.17.1", + "description": "Better streaming static file server with Range and conditional-GET support", + "hashes": [ + { + "alg": "SHA-1", + "content": "c1d8b059f7900f7466dd4938bdc44e11ddb376c8" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/send@0.17.1", + "externalReferences": [ + { + "url": "https://github.com/pillarjs/send#readme", + "type": "website" + }, + { + "url": "https://github.com/pillarjs/send/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/pillarjs/send.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/destroy@1.0.4", + "name": "destroy", + "version": "1.0.4", + "description": "destroy a stream if possible", + "hashes": [ + { + "alg": "SHA-1", + "content": "978857442c44749e4206613e37946205826abd80" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/destroy@1.0.4", + "externalReferences": [ + { + "url": "https://github.com/stream-utils/destroy#readme", + "type": "website" + }, + { + "url": "https://github.com/stream-utils/destroy/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/stream-utils/destroy.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/mime@1.6.0", + "name": "mime", + "version": "1.6.0", + "description": "A comprehensive library for mime-type mapping", + "hashes": [ + { + "alg": "SHA-1", + "content": "32cd9e5c64553bd58d19a568af452acff04981b1" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mime@1.6.0", + "externalReferences": [ + { + "url": "https://github.com/broofa/node-mime#readme", + "type": "website" + }, + { + "url": "https://github.com/broofa/node-mime/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/broofa/node-mime.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ms@2.1.1", + "name": "ms", + "version": "2.1.1", + "description": "Tiny millisecond conversion utility", + "hashes": [ + { + "alg": "SHA-1", + "content": "30a5864eb3ebb0a66f2ebe6d727af06a09d86e0a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.1", + "externalReferences": [ + { + "url": "https://github.com/zeit/ms#readme", + "type": "website" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/zeit/ms.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/serve-static@1.14.1", + "name": "serve-static", + "version": "1.14.1", + "description": "Serve static files", + "hashes": [ + { + "alg": "SHA-1", + "content": "666e636dc4f010f7ef29970a88a674320898b2f9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/serve-static@1.14.1", + "externalReferences": [ + { + "url": "https://github.com/expressjs/serve-static#readme", + "type": "website" + }, + { + "url": "https://github.com/expressjs/serve-static/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/expressjs/serve-static.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/utils-merge@1.0.1", + "name": "utils-merge", + "version": "1.0.1", + "description": "merge() utility function", + "hashes": [ + { + "alg": "SHA-1", + "content": "9f95710f50a267947b2ccc124741c1028427e713" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/utils-merge@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/jaredhanson/utils-merge#readme", + "type": "website" + }, + { + "url": "http://github.com/jaredhanson/utils-merge/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/jaredhanson/utils-merge.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/express-jwt@0.1.3", + "name": "express-jwt", + "version": "0.1.3", + "description": "JWT authentication middleware.", + "hashes": [ + { + "alg": "SHA-1", + "content": "7c78221f8b9d72106aff556a8a5b8e852d41b12f" + } + ], + "purl": "pkg:npm/express-jwt@0.1.3", + "externalReferences": [ + { + "url": "https://github.com/auth0/express-jwt#readme", + "type": "website" + }, + { + "url": "http://github.com/auth0/express-jwt/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/auth0/express-jwt.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/jsonwebtoken@0.1.0", + "name": "jsonwebtoken", + "version": "0.1.0", + "description": "JSON Web Token implementation (symmetric and asymmetric)", + "hashes": [ + { + "alg": "SHA-1", + "content": "505628492092fe35d08b600fa6768cd06711aaa2" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonwebtoken@0.1.0", + "externalReferences": [ + { + "url": "https://github.com/auth0/node-jsonwebtoken#readme", + "type": "website" + }, + { + "url": "https://github.com/auth0/node-jsonwebtoken/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/auth0/node-jsonwebtoken.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/jws@0.2.6", + "name": "jws", + "version": "0.2.6", + "description": "Implementation of JSON Web Signatures", + "hashes": [ + { + "alg": "SHA-1", + "content": "e9b7e9ac8d2ac1067413233bc6c20fbd8868e9ba" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jws@0.2.6", + "externalReferences": [ + { + "url": "https://github.com/brianloveswords/node-jws#readme", + "type": "website" + }, + { + "url": "https://github.com/brianloveswords/node-jws/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/brianloveswords/node-jws.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/base64url@0.0.6", + "name": "base64url", + "version": "0.0.6", + "description": "For encoding to/from base64urls", + "hashes": [ + { + "alg": "SHA-1", + "content": "9597b36b330db1c42477322ea87ea8027499b82b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/base64url@0.0.6", + "externalReferences": [ + { + "url": "https://github.com/brianloveswords/base64url#readme", + "type": "website" + }, + { + "url": "https://github.com/brianloveswords/base64url/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/brianloveswords/base64url.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/jwa@0.0.1", + "name": "jwa", + "version": "0.0.1", + "description": "JWA implementation (supports all JWS algorithms)", + "hashes": [ + { + "alg": "SHA-1", + "content": "2d05f54d68f170648c30fe45944731a388cd07cc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jwa@0.0.1", + "externalReferences": [ + { + "url": "https://github.com/brianloveswords/node-jwa#readme", + "type": "website" + }, + { + "url": "https://github.com/brianloveswords/node-jwa/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/brianloveswords/node-jwa.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/moment@2.0.0", + "name": "moment", + "version": "2.0.0", + "description": "Parse, manipulate, and display dates.", + "hashes": [ + { + "alg": "SHA-1", + "content": "2bbc5b44c321837693ab6efcadbd46ed946211fe" + } + ], + "purl": "pkg:npm/moment@2.0.0", + "externalReferences": [ + { + "url": "http://momentjs.com", + "type": "website" + }, + { + "url": "https://github.com/timrwood/moment/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/timrwood/moment.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/express-rate-limit@5.1.3", + "name": "express-rate-limit", + "version": "5.1.3", + "description": "Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.", + "hashes": [ + { + "alg": "SHA-1", + "content": "656bacce3f093034976346958a0f0199902c9174" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/express-rate-limit@5.1.3", + "externalReferences": [ + { + "url": "https://github.com/nfriedly/express-rate-limit", + "type": "website" + }, + { + "url": "https://github.com/nfriedly/express-rate-limit/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/nfriedly/express-rate-limit.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/express-robots-txt@0.4.1", + "name": "express-robots-txt", + "version": "0.4.1", + "description": "Express middleware to serve and generate robots.txt", + "hashes": [ + { + "alg": "SHA-1", + "content": "f3123a9875fd885d3c11cf4a7348b89a20f40ffc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/express-robots-txt@0.4.1", + "externalReferences": [ + { + "url": "https://github.com/modosc/express-robots-txt", + "type": "website" + }, + { + "url": "https://github.com/modosc/express-robots-txt/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/modosc/express-robots-txt.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/express-security.txt@2.0.0", + "name": "express-security.txt", + "version": "2.0.0", + "description": "[![Build Status](https://travis-ci.org/gergelyke/express-security.txt.svg?branch=master)](https://travis-ci.org/gergelyke/express-security.txt)", + "hashes": [ + { + "alg": "SHA-1", + "content": "e5b825109ea88ccfb3001c1558a4739528d1fde0" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/express-security.txt@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/gergelyke/express-security.txt#readme", + "type": "website" + }, + { + "url": "https://github.com/gergelyke/express-security.txt/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/gergelyke/express-security.txt.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/file-stream-rotator@0.5.7", + "name": "file-stream-rotator", + "version": "0.5.7", + "description": "Automated stream rotation useful for log files", + "hashes": [ + { + "alg": "SHA-1", + "content": "868a2e5966f7640a17dd86eda0e4467c089f6286" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/file-stream-rotator@0.5.7", + "externalReferences": [ + { + "url": "https://github.com/rogerc/file-stream-rotator#readme", + "type": "website" + }, + { + "url": "https://github.com/rogerc/file-stream-rotator/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/rogerc/file-stream-rotator.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/moment@2.27.0", + "name": "moment", + "version": "2.27.0", + "description": "Parse, validate, manipulate, and display dates", + "hashes": [ + { + "alg": "SHA-1", + "content": "8bff4e3e26a236220dfe3e36de756b6ebaa0105d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/moment@2.27.0", + "externalReferences": [ + { + "url": "https://momentjs.com", + "type": "website" + }, + { + "url": "https://github.com/moment/moment/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/moment/moment.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/file-type@12.4.2", + "name": "file-type", + "version": "12.4.2", + "description": "Detect the file type of a Buffer/Uint8Array/ArrayBuffer", + "hashes": [ + { + "alg": "SHA-1", + "content": "a344ea5664a1d01447ee7fb1b635f72feb6169d9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/file-type@12.4.2", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/file-type#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/file-type/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/file-type.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/finale-rest@1.1.1", + "name": "finale-rest", + "version": "1.1.1", + "description": "Create REST resources and controllers with Sequelize and Express or Restify", + "hashes": [ + { + "alg": "SHA-1", + "content": "74dc49fb1655e938cc84210acf8c349887090086" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/finale-rest@1.1.1", + "externalReferences": [ + { + "url": "https://github.com/tommybananas/finale#readme", + "type": "website" + }, + { + "url": "https://github.com/tommybananas/finale/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/tommybananas/finale.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/bluebird@3.7.2", + "name": "bluebird", + "version": "3.7.2", + "description": "Full featured Promises/A\u002B implementation with exceptionally good performance", + "hashes": [ + { + "alg": "SHA-1", + "content": "9f229c15be272454ffa973ace0dbee79a1b0c36f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bluebird@3.7.2", + "externalReferences": [ + { + "url": "https://github.com/petkaantonov/bluebird", + "type": "website" + }, + { + "url": "http://github.com/petkaantonov/bluebird/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/petkaantonov/bluebird.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/inflection@1.12.0", + "name": "inflection", + "version": "1.12.0", + "description": "A port of inflection-js to node.js module", + "hashes": [ + { + "alg": "SHA-1", + "content": "a200935656d6f5f6bc4dc7502e1aecb703228416" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/inflection@1.12.0", + "externalReferences": [ + { + "url": "https://github.com/dreamerslab/node.inflection#readme", + "type": "website" + }, + { + "url": "https://github.com/dreamerslab/node.inflection/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/dreamerslab/node.inflection.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/fs-extra@8.1.0", + "name": "fs-extra", + "version": "8.1.0", + "description": "fs-extra contains methods that aren\u0027t included in the vanilla Node.js fs package. Such as mkdir -p, cp -r, and rm -rf.", + "hashes": [ + { + "alg": "SHA-1", + "content": "49d43c45a88cd9677668cb7be1b46efdb8d2e1c0" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fs-extra@8.1.0", + "externalReferences": [ + { + "url": "https://github.com/jprichardson/node-fs-extra", + "type": "website" + }, + { + "url": "https://github.com/jprichardson/node-fs-extra/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jprichardson/node-fs-extra.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/jsonfile@4.0.0", + "name": "jsonfile", + "version": "4.0.0", + "description": "Easily read/write JSON files.", + "hashes": [ + { + "alg": "SHA-1", + "content": "8771aae0799b64076b76640fca058f9c10e33ecb" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonfile@4.0.0", + "externalReferences": [ + { + "url": "https://github.com/jprichardson/node-jsonfile#readme", + "type": "website" + }, + { + "url": "https://github.com/jprichardson/node-jsonfile/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/jprichardson/node-jsonfile.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/universalify@0.1.2", + "name": "universalify", + "version": "0.1.2", + "description": "Make a callback- or promise-based function support both promises and callbacks.", + "hashes": [ + { + "alg": "SHA-1", + "content": "b646f69be3942dabcecc9d6639c80dc105efaa66" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/universalify@0.1.2", + "externalReferences": [ + { + "url": "https://github.com/RyanZim/universalify#readme", + "type": "website" + }, + { + "url": "https://github.com/RyanZim/universalify/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/RyanZim/universalify.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/glob@7.1.6", + "name": "glob", + "version": "7.1.6", + "description": "a little globber", + "hashes": [ + { + "alg": "SHA-1", + "content": "141f33b81a7c2492e125594307480c46679278a6" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@7.1.6", + "externalReferences": [ + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/fs.realpath@1.0.0", + "name": "fs.realpath", + "version": "1.0.0", + "description": "Use node\u0027s fs.realpath, but fall back to the JS implementation if the native one fails", + "hashes": [ + { + "alg": "SHA-1", + "content": "1504ad2523158caa40db4a2787cb01411994ea4f" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs.realpath@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/isaacs/fs.realpath#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/fs.realpath/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/isaacs/fs.realpath.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/inflight@1.0.6", + "name": "inflight", + "version": "1.0.6", + "description": "Add callbacks to requests in flight to avoid async duplication", + "hashes": [ + { + "alg": "SHA-1", + "content": "49bd6331d7d02d0c09bc910a1075ba8165b56df9" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inflight@1.0.6", + "externalReferences": [ + { + "url": "https://github.com/isaacs/inflight", + "type": "website" + }, + { + "url": "https://github.com/isaacs/inflight/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/npm/inflight.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/minimatch@3.0.4", + "name": "minimatch", + "version": "3.0.4", + "description": "a glob matcher in javascript", + "hashes": [ + { + "alg": "SHA-1", + "content": "5166e286457f03306064be5497e8dbb0c3d32083" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minimatch@3.0.4", + "externalReferences": [ + { + "url": "https://github.com/isaacs/minimatch#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/minimatch/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/isaacs/minimatch.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/brace-expansion@1.1.11", + "name": "brace-expansion", + "version": "1.1.11", + "description": "Brace expansion as known from sh/bash", + "hashes": [ + { + "alg": "SHA-1", + "content": "3c7fcbf529d87226f3d2f52b966ff5271eb441dd" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brace-expansion@1.1.11", + "externalReferences": [ + { + "url": "https://github.com/juliangruber/brace-expansion", + "type": "website" + }, + { + "url": "https://github.com/juliangruber/brace-expansion/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/juliangruber/brace-expansion.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/balanced-match@1.0.0", + "name": "balanced-match", + "version": "1.0.0", + "description": "Match balanced character pairs, like \u0022{\u0022 and \u0022}\u0022", + "hashes": [ + { + "alg": "SHA-1", + "content": "89b4d199ab2bee49de164ea02b89ce462d71b767" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/balanced-match@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/juliangruber/balanced-match", + "type": "website" + }, + { + "url": "https://github.com/juliangruber/balanced-match/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/juliangruber/balanced-match.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/concat-map@0.0.1", + "name": "concat-map", + "version": "0.0.1", + "description": "concatenative mapdashery", + "hashes": [ + { + "alg": "SHA-1", + "content": "d8a96bd77fd68df7793a73036a3ba0d5405d477b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/concat-map@0.0.1", + "externalReferences": [ + { + "url": "https://github.com/substack/node-concat-map#readme", + "type": "website" + }, + { + "url": "https://github.com/substack/node-concat-map/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/substack/node-concat-map.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/path-is-absolute@1.0.1", + "name": "path-is-absolute", + "version": "1.0.1", + "description": "Node.js 0.12 path.isAbsolute() ponyfill", + "hashes": [ + { + "alg": "SHA-1", + "content": "174b9268735534ffbc7ace6bf53a5a9e1b5c5f5f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-is-absolute@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/path-is-absolute#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/path-is-absolute/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/path-is-absolute.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/grunt@1.2.1", + "name": "grunt", + "version": "1.2.1", + "description": "The JavaScript Task Runner", + "hashes": [ + { + "alg": "SHA-1", + "content": "5a1fcdfc222841108893e4e50c1a46f413a564ab" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/grunt@1.2.1", + "externalReferences": [ + { + "url": "https://gruntjs.com/", + "type": "website" + }, + { + "url": "https://github.com/gruntjs/grunt/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/gruntjs/grunt.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/dateformat@3.0.3", + "name": "dateformat", + "version": "3.0.3", + "description": "A node.js package for Steven Levithan\u0027s excellent dateFormat() function.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a6e37499a4d9a9cf85ef5872044d62901c9889ae" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dateformat@3.0.3", + "externalReferences": [ + { + "url": "https://github.com/felixge/node-dateformat", + "type": "website" + }, + { + "url": "https://github.com/felixge/node-dateformat/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/felixge/node-dateformat.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/eventemitter2@0.4.14", + "name": "eventemitter2", + "version": "0.4.14", + "description": "A Node.js event emitter implementation with namespaces, wildcards, TTL and browser support.", + "hashes": [ + { + "alg": "SHA-1", + "content": "8f61b75cde012b2e9eb284d4545583b5643b61ab" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eventemitter2@0.4.14", + "externalReferences": [ + { + "url": "https://github.com/hij1nx/EventEmitter2#readme", + "type": "website" + }, + { + "url": "https://github.com/hij1nx/EventEmitter2/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/hij1nx/EventEmitter2.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/exit@0.1.2", + "name": "exit", + "version": "0.1.2", + "description": "A replacement for process.exit that ensures stdio are fully drained before exiting.", + "hashes": [ + { + "alg": "SHA-1", + "content": "0632638f8d877cc82107d30a0fff1a17cba1cd0c" + } + ], + "purl": "pkg:npm/exit@0.1.2", + "externalReferences": [ + { + "url": "https://github.com/cowboy/node-exit", + "type": "website" + }, + { + "url": "https://github.com/cowboy/node-exit/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/cowboy/node-exit.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/findup-sync@0.3.0", + "name": "findup-sync", + "version": "0.3.0", + "description": "Find the first file matching a given pattern in the current directory or the nearest ancestor directory.", + "hashes": [ + { + "alg": "SHA-1", + "content": "37930aa5d816b777c03445e1966cc6790a4c0b16" + } + ], + "purl": "pkg:npm/findup-sync@0.3.0", + "externalReferences": [ + { + "url": "https://github.com/cowboy/node-findup-sync", + "type": "website" + }, + { + "url": "https://github.com/cowboy/node-findup-sync/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/cowboy/node-findup-sync.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/glob@5.0.15", + "name": "glob", + "version": "5.0.15", + "description": "a little globber", + "hashes": [ + { + "alg": "SHA-1", + "content": "1bc936b9e02f4a603fcc222ecf7633d30b8b93b1" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/glob@5.0.15", + "externalReferences": [ + { + "url": "https://github.com/isaacs/node-glob#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/node-glob/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/isaacs/node-glob.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/grunt-cli@1.3.2", + "name": "grunt-cli", + "version": "1.3.2", + "description": "The grunt command line interface", + "hashes": [ + { + "alg": "SHA-1", + "content": "60f12d12c1b5aae94ae3469c6b5fe24e960014e8" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/grunt-cli@1.3.2", + "externalReferences": [ + { + "url": "https://github.com/gruntjs/grunt-cli#readme", + "type": "website" + }, + { + "url": "https://github.com/gruntjs/grunt-cli/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/gruntjs/grunt-cli.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/grunt-known-options@1.1.1", + "name": "grunt-known-options", + "version": "1.1.1", + "description": "The known options used in Grunt", + "hashes": [ + { + "alg": "SHA-1", + "content": "6cc088107bd0219dc5d3e57d91923f469059804d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/grunt-known-options@1.1.1", + "externalReferences": [ + { + "url": "http://gruntjs.com/", + "type": "website" + }, + { + "url": "https://github.com/gruntjs/grunt-known-options/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/gruntjs/grunt-known-options.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/interpret@1.1.0", + "name": "interpret", + "version": "1.1.0", + "description": "A dictionary of file extensions and associated module loaders.", + "hashes": [ + { + "alg": "SHA-1", + "content": "7ed1b1410c6a0e0f78cf95d3b8440c63f78b8614" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/interpret@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/tkellen/node-interpret", + "type": "website" + }, + { + "url": "https://github.com/tkellen/node-interpret/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/tkellen/node-interpret.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/liftoff@2.5.0", + "name": "liftoff", + "version": "2.5.0", + "description": "Launch your command line tool with ease.", + "hashes": [ + { + "alg": "SHA-1", + "content": "2009291bb31cea861bbf10a7c15a28caf75c31ec" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/liftoff@2.5.0", + "externalReferences": [ + { + "url": "https://github.com/js-cli/js-liftoff#readme", + "type": "website" + }, + { + "url": "https://github.com/js-cli/js-liftoff/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/js-cli/js-liftoff.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/extend@3.0.2", + "name": "extend", + "version": "3.0.2", + "description": "Port of jQuery.extend for node.js and the browser", + "hashes": [ + { + "alg": "SHA-1", + "content": "f8b1136b4071fbd8eb140aff858b1019ec2915fa" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/extend@3.0.2", + "externalReferences": [ + { + "url": "https://github.com/justmoon/node-extend#readme", + "type": "website" + }, + { + "url": "https://github.com/justmoon/node-extend/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/justmoon/node-extend.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/fined@1.2.0", + "name": "fined", + "version": "1.2.0", + "description": "Find a file given a declaration of locations.", + "hashes": [ + { + "alg": "SHA-1", + "content": "d00beccf1aa2b475d16d423b0238b713a2c4a37b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fined@1.2.0", + "externalReferences": [ + { + "url": "https://github.com/gulpjs/fined#readme", + "type": "website" + }, + { + "url": "https://github.com/gulpjs/fined/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/gulpjs/fined.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/object.defaults@1.1.0", + "name": "object.defaults", + "version": "1.1.0", + "description": "Like \u0060extend\u0060 but only copies missing properties/values to the target object.", + "hashes": [ + { + "alg": "SHA-1", + "content": "3a7f868334b407dea06da16d88d5cd29e435fecf" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object.defaults@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/object.defaults", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/object.defaults/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/object.defaults.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/array-each@1.0.1", + "name": "array-each", + "version": "1.0.1", + "description": "Loop over each item in an array and call the given function on every element.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a794af0c05ab1752846ee753a1f211a05ba0c44f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-each@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/array-each", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/array-each/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/array-each.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/array-slice@1.1.0", + "name": "array-slice", + "version": "1.1.0", + "description": "Array-slice method. Slices \u0060array\u0060 from the \u0060start\u0060 index up to, but not including, the \u0060end\u0060 index.", + "hashes": [ + { + "alg": "SHA-1", + "content": "e368ea15f89bc7069f7ffb89aec3a6c7d4ac22d4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-slice@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/array-slice", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/array-slice/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/array-slice.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/for-own@1.0.0", + "name": "for-own", + "version": "1.0.0", + "description": "Iterate over the own enumerable properties of an object, and return an object with properties that evaluate to true from the callback. Exit early by returning \u0060false\u0060. JavaScript/Node.js.", + "hashes": [ + { + "alg": "SHA-1", + "content": "c63332f415cedc4b04dbfe70cf836494c53cb44b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/for-own@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/for-own", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/for-own/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/for-own.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/parse-filepath@1.0.2", + "name": "parse-filepath", + "version": "1.0.2", + "description": "Pollyfill for node.js \u0060path.parse\u0060, parses a filepath into an object.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a632127f53aaf3d15876f5872f3ffac763d6c891" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-filepath@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/parse-filepath", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/parse-filepath/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/parse-filepath.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-absolute@1.0.0", + "name": "is-absolute", + "version": "1.0.0", + "description": "Returns true if a file path is absolute. Does not rely on the path module and can be used as a polyfill for node.js native \u0060path.isAbolute\u0060.", + "hashes": [ + { + "alg": "SHA-1", + "content": "395e1ae84b11f26ad1795e73c17378e48a301576" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-absolute@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/is-absolute", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/is-absolute/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/is-absolute.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-relative@1.0.0", + "name": "is-relative", + "version": "1.0.0", + "description": "Returns \u0060true\u0060 if the path appears to be relative.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a1bb6935ce8c5dba1e8b9754b9b2dcc020e2260d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-relative@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/is-relative", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/is-relative/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/is-relative.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-unc-path@1.0.0", + "name": "is-unc-path", + "version": "1.0.0", + "description": "Returns true if a filepath is a windows UNC file path.", + "hashes": [ + { + "alg": "SHA-1", + "content": "d731e8898ed090a12c352ad2eaed5095ad322c9d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-unc-path@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/is-unc-path", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/is-unc-path/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/is-unc-path.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/unc-path-regex@0.1.2", + "name": "unc-path-regex", + "version": "0.1.2", + "description": "Regular expression for testing if a file path is a windows UNC file path. Can also be used as a component of another regexp via the \u0060.source\u0060 property.", + "hashes": [ + { + "alg": "SHA-1", + "content": "e73dd3d7b0d7c5ed86fbac6b0ae7d8c6a69d50fa" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/unc-path-regex@0.1.2", + "externalReferences": [ + { + "url": "https://github.com/regexhq/unc-path-regex", + "type": "website" + }, + { + "url": "https://github.com/regexhq/unc-path-regex/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/regexhq/unc-path-regex.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/path-root@0.1.1", + "name": "path-root", + "version": "0.1.1", + "description": "Get the root of a posix or windows filepath.", + "hashes": [ + { + "alg": "SHA-1", + "content": "9a4a6814cac1c0cd73360a95f32083c8ea4745b7" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-root@0.1.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/path-root", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/path-root/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/path-root.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/path-root-regex@0.1.2", + "name": "path-root-regex", + "version": "0.1.2", + "description": "Regular expression for getting the root of a posix or windows filepath.", + "hashes": [ + { + "alg": "SHA-1", + "content": "bfccdc8df5b12dc52c8b43ec38d18d72c04ba96d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-root-regex@0.1.2", + "externalReferences": [ + { + "url": "https://github.com/regexhq/path-root-regex", + "type": "website" + }, + { + "url": "https://github.com/regexhq/path-root-regex/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/regexhq/path-root-regex.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/flagged-respawn@1.0.1", + "name": "flagged-respawn", + "version": "1.0.1", + "description": "A tool for respawning node binaries when special flags are present.", + "hashes": [ + { + "alg": "SHA-1", + "content": "e7de6f1279ddd9ca9aac8a5971d618606b3aab41" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/flagged-respawn@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/gulpjs/flagged-respawn#readme", + "type": "website" + }, + { + "url": "https://github.com/gulpjs/flagged-respawn/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/gulpjs/flagged-respawn.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/object.map@1.0.1", + "name": "object.map", + "version": "1.0.1", + "description": "Similar to map for arrays, this creates a new object by calling the callback on each property of the original object.", + "hashes": [ + { + "alg": "SHA-1", + "content": "cf83e59dc8fcc0ad5f4250e1f78b3b81bd801d37" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object.map@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/object.map", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/object.map/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/object.map.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/make-iterator@1.0.1", + "name": "make-iterator", + "version": "1.0.1", + "description": "Convert an argument into a valid iterator. Based on the \u0060.makeIterator()\u0060 implementation in mout https://github.com/mout/mout.", + "hashes": [ + { + "alg": "SHA-1", + "content": "29b33f312aa8f547c4a5e490f56afcec99133ad6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/make-iterator@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/make-iterator", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/make-iterator/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/make-iterator.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/rechoir@0.6.2", + "name": "rechoir", + "version": "0.6.2", + "description": "Require any supported file as a node module.", + "hashes": [ + { + "alg": "SHA-1", + "content": "85204b54dba82d5742e28c96756ef43af50e3384" + } + ], + "purl": "pkg:npm/rechoir@0.6.2", + "externalReferences": [ + { + "url": "https://github.com/tkellen/node-rechoir", + "type": "website" + }, + { + "url": "https://github.com/tkellen/node-rechoir/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/tkellen/node-rechoir.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/nopt@4.0.3", + "name": "nopt", + "version": "4.0.3", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a375cad9d02fd921278d954c2254d5aa57e15e48" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/nopt@4.0.3", + "externalReferences": [ + { + "url": "https://github.com/npm/nopt#readme", + "type": "website" + }, + { + "url": "https://github.com/npm/nopt/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/npm/nopt.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/abbrev@1.1.1", + "name": "abbrev", + "version": "1.1.1", + "description": "Like ruby\u0027s abbrev module, but in js", + "hashes": [ + { + "alg": "SHA-1", + "content": "f8f2c887ad10bf67f634f005b6987fed3179aac8" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/abbrev@1.1.1", + "externalReferences": [ + { + "url": "https://github.com/isaacs/abbrev-js#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/abbrev-js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/isaacs/abbrev-js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/v8flags@3.1.3", + "name": "v8flags", + "version": "3.1.3", + "description": "Get available v8 flags.", + "hashes": [ + { + "alg": "SHA-1", + "content": "fc9dc23521ca20c5433f81cc4eb9b3033bb105d8" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/v8flags@3.1.3", + "externalReferences": [ + { + "url": "https://github.com/gulpjs/v8flags#readme", + "type": "website" + }, + { + "url": "https://github.com/gulpjs/v8flags/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/gulpjs/v8flags.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/grunt-legacy-log@2.0.0", + "name": "grunt-legacy-log", + "version": "2.0.0", + "description": "The Grunt 0.4.x logger.", + "hashes": [ + { + "alg": "SHA-1", + "content": "c8cd2c6c81a4465b9bbf2d874d963fef7a59ffb9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/grunt-legacy-log@2.0.0", + "externalReferences": [ + { + "url": "http://gruntjs.com/", + "type": "website" + }, + { + "url": "http://github.com/gruntjs/grunt-legacy-log/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/gruntjs/grunt-legacy-log.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/colors@1.1.2", + "name": "colors", + "version": "1.1.2", + "description": "get colors in your node.js console", + "hashes": [ + { + "alg": "SHA-1", + "content": "168a4701756b6a7f51a12ce0c97bfa28c084ed63" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/colors@1.1.2", + "externalReferences": [ + { + "url": "https://github.com/Marak/colors.js", + "type": "website" + }, + { + "url": "https://github.com/Marak/colors.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/Marak/colors.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/grunt-legacy-log-utils@2.0.1", + "name": "grunt-legacy-log-utils", + "version": "2.0.1", + "description": "Static methods for the Grunt 0.4.x logger.", + "hashes": [ + { + "alg": "SHA-1", + "content": "d2f442c7c0150065d9004b08fd7410d37519194e" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/grunt-legacy-log-utils@2.0.1", + "externalReferences": [ + { + "url": "http://gruntjs.com/", + "type": "website" + }, + { + "url": "http://github.com/gruntjs/grunt-legacy-log-utils/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/gruntjs/grunt-legacy-log-utils.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/hooker@0.2.3", + "name": "hooker", + "version": "0.2.3", + "description": "Monkey-patch (hook) functions for debugging and stuff.", + "hashes": [ + { + "alg": "SHA-1", + "content": "b834f723cc4a242aa65963459df6d984c5d3d959" + } + ], + "purl": "pkg:npm/hooker@0.2.3", + "externalReferences": [ + { + "url": "http://github.com/cowboy/javascript-hooker", + "type": "website" + }, + { + "url": "https://github.com/cowboy/javascript-hooker/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/cowboy/javascript-hooker.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/grunt-legacy-util@1.1.1", + "name": "grunt-legacy-util", + "version": "1.1.1", + "description": "Some old grunt utils provided for backwards compatibility.", + "hashes": [ + { + "alg": "SHA-1", + "content": "e10624e7c86034e5b870c8a8616743f0a0845e42" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/grunt-legacy-util@1.1.1", + "externalReferences": [ + { + "url": "http://gruntjs.com/", + "type": "website" + }, + { + "url": "http://github.com/gruntjs/grunt-legacy-util/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/gruntjs/grunt-legacy-util.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/async@1.5.2", + "name": "async", + "version": "1.5.2", + "description": "Higher-order functions and common patterns for asynchronous code", + "hashes": [ + { + "alg": "SHA-1", + "content": "ec6a61ae56480c0c3cb241c95618e20892f9672a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async@1.5.2", + "externalReferences": [ + { + "url": "https://github.com/caolan/async#readme", + "type": "website" + }, + { + "url": "https://github.com/caolan/async/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/caolan/async.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/getobject@0.1.0", + "name": "getobject", + "version": "0.1.0", + "description": "get.and.set.deep.objects.easily = true", + "hashes": [ + { + "alg": "SHA-1", + "content": "047a449789fa160d018f5486ed91320b6ec7885c" + } + ], + "purl": "pkg:npm/getobject@0.1.0", + "externalReferences": [ + { + "url": "https://github.com/cowboy/node-getobject", + "type": "website" + }, + { + "url": "https://github.com/cowboy/node-getobject/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/cowboy/node-getobject.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/underscore.string@3.3.5", + "name": "underscore.string", + "version": "3.3.5", + "description": "String manipulation extensions for Underscore.js javascript library.", + "hashes": [ + { + "alg": "SHA-1", + "content": "fc2ad255b8bd309e239cbc5816fd23a9b7ea4023" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/underscore.string@3.3.5", + "externalReferences": [ + { + "url": "http://epeli.github.com/underscore.string/", + "type": "website" + }, + { + "url": "https://github.com/epeli/underscore.string/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/epeli/underscore.string.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/sprintf-js@1.1.2", + "name": "sprintf-js", + "version": "1.1.2", + "description": "JavaScript sprintf implementation", + "hashes": [ + { + "alg": "SHA-1", + "content": "da1765262bf8c0f571749f2ad6c26300207ae673" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.1.2", + "externalReferences": [ + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/alexei/sprintf.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/js-yaml@3.14.0", + "name": "js-yaml", + "version": "3.14.0", + "description": "YAML 1.2 parser and serializer", + "hashes": [ + { + "alg": "SHA-1", + "content": "a7a34170f26a21bb162424d8adacb4113a69e482" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-yaml@3.14.0", + "externalReferences": [ + { + "url": "https://github.com/nodeca/js-yaml", + "type": "website" + }, + { + "url": "https://github.com/nodeca/js-yaml/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/nodeca/js-yaml.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/argparse@1.0.10", + "name": "argparse", + "version": "1.0.10", + "description": "Very powerful CLI arguments parser. Native port of argparse - python\u0027s options parsing library", + "hashes": [ + { + "alg": "SHA-1", + "content": "bcd6791ea5ae09725e17e5ad988134cd40b3d911" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/argparse@1.0.10", + "externalReferences": [ + { + "url": "https://github.com/nodeca/argparse#readme", + "type": "website" + }, + { + "url": "https://github.com/nodeca/argparse/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/nodeca/argparse.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/sprintf-js@1.0.3", + "name": "sprintf-js", + "version": "1.0.3", + "description": "JavaScript sprintf implementation", + "hashes": [ + { + "alg": "SHA-1", + "content": "04e6926f662895354f3dd015203633b857297e2c" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sprintf-js@1.0.3", + "externalReferences": [ + { + "url": "https://github.com/alexei/sprintf.js#readme", + "type": "website" + }, + { + "url": "https://github.com/alexei/sprintf.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/alexei/sprintf.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/esprima@4.0.1", + "name": "esprima", + "version": "4.0.1", + "description": "ECMAScript parsing infrastructure for multipurpose analysis", + "hashes": [ + { + "alg": "SHA-1", + "content": "13b04cdb3e6c5d19df91ab6987a8695619b0aa71" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esprima@4.0.1", + "externalReferences": [ + { + "url": "http://esprima.org", + "type": "website" + }, + { + "url": "https://github.com/jquery/esprima/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jquery/esprima.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/mkdirp@1.0.4", + "name": "mkdirp", + "version": "1.0.4", + "description": "Recursively mkdir, like \u0060mkdir -p\u0060", + "hashes": [ + { + "alg": "SHA-1", + "content": "3eb5ed62622756d79a5f0e2a221dfebad75c2f7e" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mkdirp@1.0.4", + "externalReferences": [ + { + "url": "https://github.com/isaacs/node-mkdirp#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/node-mkdirp/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/isaacs/node-mkdirp.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/nopt@3.0.6", + "name": "nopt", + "version": "3.0.6", + "description": "Option parsing for Node, supporting types, shorthands, etc. Used by npm.", + "hashes": [ + { + "alg": "SHA-1", + "content": "c6465dbf08abcd4db359317f79ac68a646b28ff9" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/nopt@3.0.6", + "externalReferences": [ + { + "url": "https://github.com/npm/nopt#readme", + "type": "website" + }, + { + "url": "https://github.com/npm/nopt/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/npm/nopt.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/rimraf@3.0.2", + "name": "rimraf", + "version": "3.0.2", + "description": "A deep deletion module for node (like \u0060rm -rf\u0060)", + "hashes": [ + { + "alg": "SHA-1", + "content": "f1a5402ba6220ad52cc1282bac1ae3aa49fd061a" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/rimraf@3.0.2", + "externalReferences": [ + { + "url": "https://github.com/isaacs/rimraf#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/rimraf/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/isaacs/rimraf.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/grunt-contrib-compress@1.6.0", + "name": "grunt-contrib-compress", + "version": "1.6.0", + "description": "Compress files and folders", + "hashes": [ + { + "alg": "SHA-1", + "content": "9708885c738a97a12c5f3072dc97dbc31b4121db" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/grunt-contrib-compress@1.6.0", + "externalReferences": [ + { + "url": "https://github.com/gruntjs/grunt-contrib-compress#readme", + "type": "website" + }, + { + "url": "https://github.com/gruntjs/grunt-contrib-compress/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/gruntjs/grunt-contrib-compress.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/archiver@1.3.0", + "name": "archiver", + "version": "1.3.0", + "description": "a streaming interface for archive generation", + "hashes": [ + { + "alg": "SHA-1", + "content": "4f2194d6d8f99df3f531e6881f14f15d55faaf22" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/archiver@1.3.0", + "externalReferences": [ + { + "url": "https://github.com/archiverjs/node-archiver", + "type": "website" + }, + { + "url": "https://github.com/archiverjs/node-archiver/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/archiverjs/node-archiver.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/archiver-utils@1.3.0", + "name": "archiver-utils", + "version": "1.3.0", + "description": "utility functions for archiver", + "hashes": [ + { + "alg": "SHA-1", + "content": "e50b4c09c70bf3d680e32ff1b7994e9f9d895174" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/archiver-utils@1.3.0", + "externalReferences": [ + { + "url": "https://github.com/archiverjs/archiver-utils#readme", + "type": "website" + }, + { + "url": "https://github.com/archiverjs/archiver-utils/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/archiverjs/archiver-utils.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/lazystream@1.0.0", + "name": "lazystream", + "version": "1.0.0", + "description": "Open Node Streams on demand.", + "hashes": [ + { + "alg": "SHA-1", + "content": "f6995fe0f820392f61396be89462407bb77168e4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lazystream@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/jpommerening/node-lazystream", + "type": "website" + }, + { + "url": "https://github.com/jpommerening/node-lazystream/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jpommerening/node-lazystream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/normalize-path@2.1.1", + "name": "normalize-path", + "version": "2.1.1", + "description": "Normalize file path slashes to be unix-like forward slashes. Also condenses repeat slashes to a single slash and removes and trailing slashes unless disabled.", + "hashes": [ + { + "alg": "SHA-1", + "content": "1ab28b556e198363a8c1a6f7e6fa20137fe6aed9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/normalize-path@2.1.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/normalize-path", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/normalize-path/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/normalize-path.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/remove-trailing-separator@1.1.0", + "name": "remove-trailing-separator", + "version": "1.1.0", + "description": "Removes separators from the end of the string.", + "hashes": [ + { + "alg": "SHA-1", + "content": "c24bce2a283adad5bc3f58e0d48249b92379d8ef" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/remove-trailing-separator@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/darsain/remove-trailing-separator#readme", + "type": "website" + }, + { + "url": "https://github.com/darsain/remove-trailing-separator/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/darsain/remove-trailing-separator.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/async@2.6.3", + "name": "async", + "version": "2.6.3", + "description": "Higher-order functions and common patterns for asynchronous code", + "hashes": [ + { + "alg": "SHA-1", + "content": "d72625e2344a3656e3a3ad4fa749fa83299d82ff" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async@2.6.3", + "externalReferences": [ + { + "url": "https://caolan.github.io/async/", + "type": "website" + }, + { + "url": "https://github.com/caolan/async/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/caolan/async.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/walkdir@0.0.11", + "name": "walkdir", + "version": "0.0.11", + "description": "Find files simply. Walks a directory tree emitting events based on what it finds. Presents a familiar callback/emitter/a\u002Bsync interface. Walk a tree of any depth.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a16d025eb931bd03b52f308caed0f40fcebe9532" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/walkdir@0.0.11", + "externalReferences": [ + { + "url": "http://github.com/soldair/node-walkdir", + "type": "website" + }, + { + "url": "https://github.com/soldair/node-walkdir/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/soldair/node-walkdir.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/zip-stream@1.2.0", + "name": "zip-stream", + "version": "1.2.0", + "description": "a streaming zip archive generator.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a8bc45f4c1b49699c6b90198baacaacdbcd4ba04" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/zip-stream@1.2.0", + "externalReferences": [ + { + "url": "https://github.com/archiverjs/node-zip-stream", + "type": "website" + }, + { + "url": "https://github.com/archiverjs/node-zip-stream/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/archiverjs/node-zip-stream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/compress-commons@1.2.2", + "name": "compress-commons", + "version": "1.2.2", + "description": "a library that defines a common interface for working with archive formats within node", + "hashes": [ + { + "alg": "SHA-1", + "content": "524a9f10903f3a813389b0225d27c48bb751890f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/compress-commons@1.2.2", + "externalReferences": [ + { + "url": "https://github.com/archiverjs/node-compress-commons", + "type": "website" + }, + { + "url": "https://github.com/archiverjs/node-compress-commons/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/archiverjs/node-compress-commons.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/crc32-stream@2.0.0", + "name": "crc32-stream", + "version": "2.0.0", + "description": "a streaming CRC32 checksumer", + "hashes": [ + { + "alg": "SHA-1", + "content": "e3cdd3b4df3168dd74e3de3fbbcb7b297fe908f4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/crc32-stream@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/archiverjs/node-crc32-stream", + "type": "website" + }, + { + "url": "https://github.com/archiverjs/node-crc32-stream/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/archiverjs/node-crc32-stream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/crc@3.8.0", + "name": "crc", + "version": "3.8.0", + "description": "Module for calculating Cyclic Redundancy Check (CRC) for Node.js and the Browser.", + "hashes": [ + { + "alg": "SHA-1", + "content": "ad60269c2c856f8c299e2c4cc0de4556914056c6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/crc@3.8.0", + "externalReferences": [ + { + "url": "https://github.com/alexgorbatchev/node-crc", + "type": "website" + }, + { + "url": "https://github.com/alexgorbatchev/node-crc/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/alexgorbatchev/node-crc.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/chalk@1.1.3", + "name": "chalk", + "version": "1.1.3", + "description": "Terminal string styling done right. Much color.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a8115c55e4a702fe4d150abd3872822a7e09fc98" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/chalk@1.1.3", + "externalReferences": [ + { + "url": "https://github.com/chalk/chalk#readme", + "type": "website" + }, + { + "url": "https://github.com/chalk/chalk/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/chalk/chalk.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ansi-styles@2.2.1", + "name": "ansi-styles", + "version": "2.2.1", + "description": "ANSI escape codes for styling strings in the terminal", + "hashes": [ + { + "alg": "SHA-1", + "content": "b432dd3358b634cf75e1e4664368240533c1ddbe" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@2.2.1", + "externalReferences": [ + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/chalk/ansi-styles.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/has-ansi@2.0.0", + "name": "has-ansi", + "version": "2.0.0", + "description": "Check if a string has ANSI escape codes", + "hashes": [ + { + "alg": "SHA-1", + "content": "34f5049ce1ecdf2b0649af3ef24e45ed35416d91" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-ansi@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/has-ansi#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/has-ansi/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/has-ansi.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ansi-regex@2.1.1", + "name": "ansi-regex", + "version": "2.1.1", + "description": "Regular expression for matching ANSI escape codes", + "hashes": [ + { + "alg": "SHA-1", + "content": "c3b33ab5ee360d86e0e628f0468ae7ef27d654df" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.1.1", + "externalReferences": [ + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/chalk/ansi-regex.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/strip-ansi@3.0.1", + "name": "strip-ansi", + "version": "3.0.1", + "description": "Strip ANSI escape codes", + "hashes": [ + { + "alg": "SHA-1", + "content": "6a385fb8853d952d5ff05d0e8aaf94278dc63dcf" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@3.0.1", + "externalReferences": [ + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/chalk/strip-ansi.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/supports-color@2.0.0", + "name": "supports-color", + "version": "2.0.0", + "description": "Detect whether a terminal supports color", + "hashes": [ + { + "alg": "SHA-1", + "content": "535d045ce6b6363fa40117084629995e9df324c7" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/supports-color@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/chalk/supports-color#readme", + "type": "website" + }, + { + "url": "https://github.com/chalk/supports-color/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/chalk/supports-color.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pretty-bytes@4.0.2", + "name": "pretty-bytes", + "version": "4.0.2", + "description": "Convert bytes to a human readable string: 1337 \u2192 1.34 kB", + "hashes": [ + { + "alg": "SHA-1", + "content": "b2bf82e7350d65c6c33aa95aaa5a4f6327f61cd9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pretty-bytes@4.0.2", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/pretty-bytes#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/pretty-bytes/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/pretty-bytes.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/stream-buffers@2.2.0", + "name": "stream-buffers", + "version": "2.2.0", + "description": "Buffer-backed Streams for reading and writing.", + "hashes": [ + { + "alg": "SHA-1", + "content": "91d5f5130d1cef96dcfa7f726945188741d09ee4" + } + ], + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/stream-buffers@2.2.0", + "externalReferences": [ + { + "url": "https://github.com/samcday/node-stream-buffer#readme", + "type": "website" + }, + { + "url": "https://github.com/samcday/node-stream-buffer/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/samcday/node-stream-buffer.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/grunt-replace-json@0.1.0", + "name": "grunt-replace-json", + "version": "0.1.0", + "description": "Updates attributes of json files.", + "hashes": [ + { + "alg": "SHA-1", + "content": "2e58602249181718f744147a9365e4d383ca15af" + } + ], + "purl": "pkg:npm/grunt-replace-json@0.1.0", + "externalReferences": [ + { + "url": "https://github.com/exo-dev/grunt-replace-json", + "type": "website" + }, + { + "url": "https://github.com/exo-dev/grunt-replace-json/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/exo-dev/grunt-replace-json.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/lodash.set@4.3.2", + "name": "lodash.set", + "version": "4.3.2", + "description": "The lodash method \u0060_.set\u0060 exported as a module.", + "hashes": [ + { + "alg": "SHA-1", + "content": "d8757b1da807dde24816b0d6a84bea1a76230b23" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.set@4.3.2", + "externalReferences": [ + { + "url": "https://lodash.com/", + "type": "website" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/lodash/lodash.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/hashids@2.2.1", + "name": "hashids", + "version": "2.2.1", + "description": "Generate YouTube-like ids from numbers. Use Hashids when you do not want to expose your database ids to the user.", + "hashes": [ + { + "alg": "SHA-1", + "content": "ad0c600f0083aa0df7451dfd184e53db34f71289" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hashids@2.2.1", + "externalReferences": [ + { + "url": "http://hashids.org/javascript", + "type": "website" + }, + { + "url": "https://github.com/niieani/hashids.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/niieani/hashids.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/helmet@3.23.3", + "name": "helmet", + "version": "3.23.3", + "description": "help secure Express/Connect apps with various HTTP headers", + "hashes": [ + { + "alg": "SHA-1", + "content": "5ba30209c5f73ded4ab65746a3a11bedd4579ab7" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/helmet@3.23.3", + "externalReferences": [ + { + "url": "https://helmetjs.github.io/", + "type": "website" + }, + { + "url": "https://github.com/helmetjs/helmet/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/helmetjs/helmet.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/depd@2.0.0", + "name": "depd", + "version": "2.0.0", + "description": "Deprecate all the things", + "hashes": [ + { + "alg": "SHA-1", + "content": "b696163cc757560d09cf22cc8fad1571b79e76df" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/depd@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/dougwilson/nodejs-depd#readme", + "type": "website" + }, + { + "url": "https://github.com/dougwilson/nodejs-depd/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/dougwilson/nodejs-depd.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/dont-sniff-mimetype@1.1.0", + "name": "dont-sniff-mimetype", + "version": "1.1.0", + "description": "Middleware to prevent mimetype from being sniffed", + "hashes": [ + { + "alg": "SHA-1", + "content": "c7d0427f8bcb095762751252af59d148b0a623b2" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dont-sniff-mimetype@1.1.0", + "externalReferences": [ + { + "url": "https://helmetjs.github.io/docs/dont-sniff-mimetype", + "type": "website" + }, + { + "url": "https://github.com/helmetjs/dont-sniff-mimetype/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/helmetjs/dont-sniff-mimetype.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/feature-policy@0.3.0", + "name": "feature-policy", + "version": "0.3.0", + "description": "Middleware to set the Feature-Policy HTTP header", + "hashes": [ + { + "alg": "SHA-1", + "content": "7430e8e54a40da01156ca30aaec1a381ce536069" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/feature-policy@0.3.0", + "externalReferences": [ + { + "url": "https://helmetjs.github.io/docs/feature-policy/", + "type": "website" + }, + { + "url": "https://github.com/helmetjs/feature-policy/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/helmetjs/feature-policy.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/helmet-crossdomain@0.4.0", + "name": "helmet-crossdomain", + "version": "0.4.0", + "description": "Set the X-Permitted-Cross-Domain-Policies header in Express apps", + "hashes": [ + { + "alg": "SHA-1", + "content": "5f1fe5a836d0325f1da0a78eaa5fd8429078894e" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/helmet-crossdomain@0.4.0", + "externalReferences": [ + { + "url": "https://helmetjs.github.io/docs/crossdomain/", + "type": "website" + }, + { + "url": "https://github.com/helmetjs/crossdomain/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/helmetjs/crossdomain.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/helmet-csp@2.10.0", + "name": "helmet-csp", + "version": "2.10.0", + "description": "Content Security Policy middleware.", + "hashes": [ + { + "alg": "SHA-1", + "content": "685dde1747bc16c5e28ad9d91e229a69f0a85e84" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/helmet-csp@2.10.0", + "externalReferences": [ + { + "url": "https://helmetjs.github.io/docs/csp/", + "type": "website" + }, + { + "url": "https://github.com/helmetjs/csp/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/helmetjs/csp.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/bowser@2.9.0", + "name": "bowser", + "version": "2.9.0", + "description": "Lightweight browser detector", + "hashes": [ + { + "alg": "SHA-1", + "content": "3bed854233b419b9a7422d9ee3e85504373821c9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bowser@2.9.0", + "externalReferences": [ + { + "url": "https://github.com/lancedikson/bowser", + "type": "website" + }, + { + "url": "https://github.com/lancedikson/bowser/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/lancedikson/bowser.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/camelize@1.0.0", + "name": "camelize", + "version": "1.0.0", + "description": "recursively transform key strings to camel-case", + "hashes": [ + { + "alg": "SHA-1", + "content": "164a5483e630fa4321e5af07020e531831b2609b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelize@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/substack/camelize", + "type": "website" + }, + { + "url": "https://github.com/substack/camelize/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/substack/camelize.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/content-security-policy-builder@2.1.0", + "name": "content-security-policy-builder", + "version": "2.1.0", + "description": "Build Content Security Policy directives.", + "hashes": [ + { + "alg": "SHA-1", + "content": "0a2364d769a3d7014eec79ff7699804deb8cfcbb" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/content-security-policy-builder@2.1.0", + "externalReferences": [ + { + "url": "https://github.com/helmetjs/content-security-policy-builder", + "type": "website" + }, + { + "url": "https://github.com/helmetjs/content-security-policy-builder/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/helmetjs/content-security-policy-builder.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/dasherize@2.0.0", + "name": "dasherize", + "version": "2.0.0", + "description": "recursively transform key strings to dash-case", + "hashes": [ + { + "alg": "SHA-1", + "content": "6d809c9cd0cf7bb8952d80fc84fa13d47ddb1308" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dasherize@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/shahata/dasherize", + "type": "website" + }, + { + "url": "https://github.com/shahata/dasherize/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/shahata/dasherize.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/hide-powered-by@1.1.0", + "name": "hide-powered-by", + "version": "1.1.0", + "description": "Middleware to remove the X-Powered-By header", + "hashes": [ + { + "alg": "SHA-1", + "content": "be3ea9cab4bdb16f8744be873755ca663383fa7a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hide-powered-by@1.1.0", + "externalReferences": [ + { + "url": "https://helmetjs.github.io/docs/hide-powered-by/", + "type": "website" + }, + { + "url": "https://github.com/helmetjs/hide-powered-by/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/helmetjs/hide-powered-by.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/hpkp@2.0.0", + "name": "hpkp", + "version": "2.0.0", + "description": "HTTP Public Key Pinning (HPKP) middleware", + "hashes": [ + { + "alg": "SHA-1", + "content": "10e142264e76215a5d30c44ec43de64dee6d1672" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hpkp@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/helmetjs/hpkp#readme", + "type": "website" + }, + { + "url": "https://github.com/helmetjs/hpkp/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/helmetjs/hpkp.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/hsts@2.2.0", + "name": "hsts", + "version": "2.2.0", + "description": "HTTP Strict Transport Security middleware.", + "hashes": [ + { + "alg": "SHA-1", + "content": "09119d42f7a8587035d027dda4522366fe75d964" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hsts@2.2.0", + "externalReferences": [ + { + "url": "https://helmetjs.github.io/docs/hsts/", + "type": "website" + }, + { + "url": "https://github.com/helmetjs/hsts/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/helmetjs/hsts.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/nocache@2.1.0", + "name": "nocache", + "version": "2.1.0", + "description": "Middleware to destroy caching", + "hashes": [ + { + "alg": "SHA-1", + "content": "120c9ffec43b5729b1d5de88cd71aa75a0ba491f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nocache@2.1.0", + "externalReferences": [ + { + "url": "https://helmetjs.github.io/docs/nocache/", + "type": "website" + }, + { + "url": "https://github.com/helmetjs/nocache/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/helmetjs/nocache.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/referrer-policy@1.2.0", + "name": "referrer-policy", + "version": "1.2.0", + "description": "Middleware to set the Referrer-Policy HTTP header", + "hashes": [ + { + "alg": "SHA-1", + "content": "b99cfb8b57090dc454895ef897a4cc35ef67a98e" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/referrer-policy@1.2.0", + "externalReferences": [ + { + "url": "https://helmetjs.github.io/docs/referrer-policy/", + "type": "website" + }, + { + "url": "https://github.com/helmetjs/referrer-policy/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/helmetjs/referrer-policy.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/x-xss-protection@1.3.0", + "name": "x-xss-protection", + "version": "1.3.0", + "description": "Middleware to set the X-XSS-Protection header", + "hashes": [ + { + "alg": "SHA-1", + "content": "3e3a8dd638da80421b0e9fff11a2dbe168f6d52c" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/x-xss-protection@1.3.0", + "externalReferences": [ + { + "url": "https://helmetjs.github.io/docs/xss-filter/", + "type": "website" + }, + { + "url": "https://github.com/helmetjs/x-xss-protection/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/helmetjs/x-xss-protection.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/html-entities@1.3.1", + "name": "html-entities", + "version": "1.3.1", + "description": "Faster HTML entities encode/decode library.", + "hashes": [ + { + "alg": "SHA-1", + "content": "fb9a1a4b5b14c5daba82d3e34c6ae4fe701a0e44" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/html-entities@1.3.1", + "externalReferences": [ + { + "url": "https://github.com/mdevils/node-html-entities#readme", + "type": "website" + }, + { + "url": "https://github.com/mdevils/node-html-entities/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mdevils/node-html-entities.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/i18n@0.8.6", + "name": "i18n", + "version": "0.8.6", + "description": "lightweight translation module with dynamic json storage", + "hashes": [ + { + "alg": "SHA-1", + "content": "9608c58bfb8e29db34aa9a09e37dccb9b5666e01" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/i18n@0.8.6", + "externalReferences": [ + { + "url": "http://github.com/mashpie/i18n-node", + "type": "website" + }, + { + "url": "https://github.com/mashpie/i18n-node/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/mashpie/i18n-node.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/make-plural@6.2.1", + "name": "make-plural", + "version": "6.2.1", + "description": "Unicode CLDR pluralization rules as JavaScript functions", + "hashes": [ + { + "alg": "SHA-1", + "content": "2790af1d05fb2fc35a111ce759ffdb0aca1339a3" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/make-plural@6.2.1", + "externalReferences": [ + { + "url": "https://github.com/eemeli/make-plural#readme", + "type": "website" + }, + { + "url": "https://github.com/eemeli/make-plural/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/eemeli/make-plural.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/math-interval-parser@2.0.1", + "name": "math-interval-parser", + "version": "2.0.1", + "description": "Parse math interval", + "hashes": [ + { + "alg": "SHA-1", + "content": "e22cd6d15a0a7f4c03aec560db76513da615bed4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/math-interval-parser@2.0.1", + "externalReferences": [ + { + "url": "https://github.com/Semigradsky/math-interval-parser#readme", + "type": "website" + }, + { + "url": "https://github.com/Semigradsky/math-interval-parser/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/Semigradsky/math-interval-parser.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/messageformat@2.3.0", + "name": "messageformat", + "version": "2.3.0", + "description": "PluralFormat and SelectFormat Message and i18n Tool - A JavaScript Implemenation of the ICU standards.", + "hashes": [ + { + "alg": "SHA-1", + "content": "de263c49029d5eae65d7ee25e0754f57f425ad91" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/messageformat@2.3.0", + "externalReferences": [ + { + "url": "https://messageformat.github.io/messageformat/", + "type": "website" + }, + { + "url": "https://github.com/messageformat/messageformat/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/messageformat/messageformat.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/make-plural@4.3.0", + "name": "make-plural", + "version": "4.3.0", + "description": "Translates Unicode CLDR pluralization rules to executable JavaScript", + "hashes": [ + { + "alg": "SHA-1", + "content": "f23de08efdb0cac2e0c9ba9f315b0dff6b4c2735" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/make-plural@4.3.0", + "externalReferences": [ + { + "url": "https://github.com/eemeli/make-plural#readme", + "type": "website" + }, + { + "url": "https://github.com/eemeli/make-plural/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/eemeli/make-plural.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/messageformat-formatters@2.0.1", + "name": "messageformat-formatters", + "version": "2.0.1", + "description": "Formatters for messageformat", + "hashes": [ + { + "alg": "SHA-1", + "content": "0492c1402a48775f751c9b17c0354e92be012b08" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/messageformat-formatters@2.0.1", + "externalReferences": [ + { + "url": "https://messageformat.github.io/", + "type": "website" + }, + { + "url": "https://github.com/messageformat/messageformat/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/messageformat/messageformat.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/messageformat-parser@4.1.3", + "name": "messageformat-parser", + "version": "4.1.3", + "description": "A PEG.js parser for ICU MessageFormat strings", + "hashes": [ + { + "alg": "SHA-1", + "content": "b824787f57fcda7d50769f5b63e8d4fda68f5b9e" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/messageformat-parser@4.1.3", + "externalReferences": [ + { + "url": "https://messageformat.github.io/", + "type": "website" + }, + { + "url": "https://github.com/messageformat/messageformat/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/messageformat/messageformat.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/mustache@4.0.1", + "name": "mustache", + "version": "4.0.1", + "description": "Logic-less {{mustache}} templates with JavaScript", + "hashes": [ + { + "alg": "SHA-1", + "content": "d99beb031701ad433338e7ea65e0489416c854a2" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mustache@4.0.1", + "externalReferences": [ + { + "url": "https://github.com/janl/mustache.js", + "type": "website" + }, + { + "url": "https://github.com/janl/mustache.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/janl/mustache.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-docker@2.0.0", + "name": "is-docker", + "version": "2.0.0", + "description": "Check if the process is running inside a Docker container", + "hashes": [ + { + "alg": "SHA-1", + "content": "2cb0df0e75e2d064fe1864c37cdeacb7b2dcf25b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-docker@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/is-docker#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/is-docker/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/is-docker.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-heroku@2.0.0", + "name": "is-heroku", + "version": "2.0.0", + "description": "Check if your code is running on Heroku", + "hashes": [ + { + "alg": "SHA-1", + "content": "6482d1e861435103ae9f69e66f9bd28eb4ea0bca" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-heroku@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/is-heroku#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/is-heroku/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/is-heroku.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/jsonwebtoken@0.4.0", + "name": "jsonwebtoken", + "version": "0.4.0", + "description": "JSON Web Token implementation (symmetric and asymmetric)", + "hashes": [ + { + "alg": "SHA-1", + "content": "7dfa44ac8a588e16e0453c81f11ab6addd0742fe" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsonwebtoken@0.4.0", + "externalReferences": [ + { + "url": "https://github.com/auth0/node-jsonwebtoken#readme", + "type": "website" + }, + { + "url": "https://github.com/auth0/node-jsonwebtoken/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/auth0/node-jsonwebtoken.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/jssha@2.4.2", + "name": "jssha", + "version": "2.4.2", + "description": "jsSHA is a JavaScript implementation of the complete Secure Hash Standard family (SHA-1, SHA-224, SHA3-224, SHA-256, SHA3-256, SHA-384, SHA3-384, SHA-512, SHA3-512, SHAKE128, and SHAKE256) as well as HMAC", + "hashes": [ + { + "alg": "SHA-1", + "content": "d950b095634928bd6b2bda1d42da9a3a762d65e9" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/jssha@2.4.2", + "externalReferences": [ + { + "url": "https://github.com/Caligatio/jsSHA", + "type": "website" + }, + { + "url": "https://github.com/Caligatio/jsSHA/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/Caligatio/jsSHA.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/libxmljs2@0.25.5", + "name": "libxmljs2", + "version": "0.25.5", + "description": "libxml bindings for v8 javascript engine", + "hashes": [ + { + "alg": "SHA-1", + "content": "71f491af11a9df29e04648ea46b14a41b256fe66" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/libxmljs2@0.25.5", + "externalReferences": [ + { + "url": "https://github.com/marudor/libxmljs2#readme", + "type": "website" + }, + { + "url": "http://github.com/marudor/libxmljs2/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/marudor/libxmljs2.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/bindings@1.5.0", + "name": "bindings", + "version": "1.5.0", + "description": "Helper module for loading your native module\u0027s .node file", + "hashes": [ + { + "alg": "SHA-1", + "content": "10353c9e945334bc0511a6d90b38fbc7c9c504df" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bindings@1.5.0", + "externalReferences": [ + { + "url": "https://github.com/TooTallNate/node-bindings", + "type": "website" + }, + { + "url": "https://github.com/TooTallNate/node-bindings/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/TooTallNate/node-bindings.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/file-uri-to-path@1.0.0", + "name": "file-uri-to-path", + "version": "1.0.0", + "description": "Convert a file: URI to a file path", + "hashes": [ + { + "alg": "SHA-1", + "content": "553a7b8446ff6f684359c445f1e37a05dacc33dd" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/file-uri-to-path@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/TooTallNate/file-uri-to-path", + "type": "website" + }, + { + "url": "https://github.com/TooTallNate/file-uri-to-path/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/TooTallNate/file-uri-to-path.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/nan@2.14.1", + "name": "nan", + "version": "2.14.1", + "description": "Native Abstractions for Node.js: C\u002B\u002B header for Node 0.8 -\u003E 14 compatibility", + "hashes": [ + { + "alg": "SHA-1", + "content": "d7be34dfa3105b91494c3147089315eff8874b01" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/nan@2.14.1", + "externalReferences": [ + { + "url": "https://github.com/nodejs/nan#readme", + "type": "website" + }, + { + "url": "https://github.com/nodejs/nan/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/nodejs/nan.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/node-pre-gyp@0.15.0", + "name": "node-pre-gyp", + "version": "0.15.0", + "description": "Node.js native addon binary install tool", + "hashes": [ + { + "alg": "SHA-1", + "content": "c2fc383276b74c7ffa842925241553e8b40f1087" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/node-pre-gyp@0.15.0", + "externalReferences": [ + { + "url": "https://github.com/mapbox/node-pre-gyp#readme", + "type": "website" + }, + { + "url": "https://github.com/mapbox/node-pre-gyp/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/mapbox/node-pre-gyp.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/detect-libc@1.0.3", + "name": "detect-libc", + "version": "1.0.3", + "description": "Node.js module to detect the C standard library (libc) implementation family and version", + "hashes": [ + { + "alg": "SHA-1", + "content": "fa137c4bd698edf55cd5cd02ac559f91a4c4ba9b" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/detect-libc@1.0.3", + "externalReferences": [ + { + "url": "https://github.com/lovell/detect-libc#readme", + "type": "website" + }, + { + "url": "https://github.com/lovell/detect-libc/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/lovell/detect-libc.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/mkdirp@0.5.5", + "name": "mkdirp", + "version": "0.5.5", + "description": "Recursively mkdir, like \u0060mkdir -p\u0060", + "hashes": [ + { + "alg": "SHA-1", + "content": "d91cefd62d1436ca0f41620e251288d420099def" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mkdirp@0.5.5", + "externalReferences": [ + { + "url": "https://github.com/substack/node-mkdirp#readme", + "type": "website" + }, + { + "url": "https://github.com/substack/node-mkdirp/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/substack/node-mkdirp.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/needle@2.5.0", + "name": "needle", + "version": "2.5.0", + "description": "The leanest and most handsome HTTP client in the Nodelands.", + "hashes": [ + { + "alg": "SHA-1", + "content": "e6fc4b3cc6c25caed7554bd613a5cf0bac8c31c0" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/needle@2.5.0", + "externalReferences": [ + { + "url": "https://github.com/tomas/needle#readme", + "type": "website" + }, + { + "url": "https://github.com/tomas/needle/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/tomas/needle.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/debug@3.2.6", + "name": "debug", + "version": "3.2.6", + "description": "small debugging utility", + "hashes": [ + { + "alg": "SHA-1", + "content": "e83d17de16d8a7efb7717edbe5fb10135eee629b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@3.2.6", + "externalReferences": [ + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ms@2.1.2", + "name": "ms", + "version": "2.1.2", + "description": "Tiny millisecond conversion utility", + "hashes": [ + { + "alg": "SHA-1", + "content": "d09d1f357b443f493382a8eb3ccd183872ae6009" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ms@2.1.2", + "externalReferences": [ + { + "url": "https://github.com/zeit/ms#readme", + "type": "website" + }, + { + "url": "https://github.com/zeit/ms/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/zeit/ms.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/sax@1.2.4", + "name": "sax", + "version": "1.2.4", + "description": "An evented streaming XML parser in JavaScript", + "hashes": [ + { + "alg": "SHA-1", + "content": "2816234e2378bddc4e5354fab5caa895df7100d9" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/sax@1.2.4", + "externalReferences": [ + { + "url": "https://github.com/isaacs/sax-js#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/sax-js/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/isaacs/sax-js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/npm-packlist@1.4.8", + "name": "npm-packlist", + "version": "1.4.8", + "description": "Get a list of the files to add from a folder into an npm package", + "hashes": [ + { + "alg": "SHA-1", + "content": "56ee6cc135b9f98ad3d51c1c95da22bbb9b2ef3e" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-packlist@1.4.8", + "externalReferences": [ + { + "url": "https://www.npmjs.com/package/npm-packlist", + "type": "website" + }, + { + "url": "https://github.com/npm/npm-packlist/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/npm/npm-packlist.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ignore-walk@3.0.3", + "name": "ignore-walk", + "version": "3.0.3", + "description": "Nested/recursive \u0060.gitignore\u0060/\u0060.npmignore\u0060 parsing and filtering.", + "hashes": [ + { + "alg": "SHA-1", + "content": "017e2447184bfeade7c238e4aefdd1e8f95b1e37" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ignore-walk@3.0.3", + "externalReferences": [ + { + "url": "https://github.com/isaacs/ignore-walk#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/ignore-walk/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/isaacs/ignore-walk.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/npm-bundled@1.1.1", + "name": "npm-bundled", + "version": "1.1.1", + "description": "list things in node_modules that are bundledDependencies, or transitive dependencies thereof", + "hashes": [ + { + "alg": "SHA-1", + "content": "1edd570865a94cdb1bc8220775e29466c9fb234b" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-bundled@1.1.1", + "externalReferences": [ + { + "url": "https://github.com/npm/npm-bundled#readme", + "type": "website" + }, + { + "url": "https://github.com/npm/npm-bundled/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/npm/npm-bundled.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/npm-normalize-package-bin@1.0.1", + "name": "npm-normalize-package-bin", + "version": "1.0.1", + "description": "Turn any flavor of allowable package.json bin into a normalized object", + "hashes": [ + { + "alg": "SHA-1", + "content": "6e79a41f23fd235c0623218228da7d9c23b8f6e2" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npm-normalize-package-bin@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/npm/npm-normalize-package-bin#readme", + "type": "website" + }, + { + "url": "https://github.com/npm/npm-normalize-package-bin/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/npm/npm-normalize-package-bin.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/npmlog@4.1.2", + "name": "npmlog", + "version": "4.1.2", + "description": "logger for npm", + "hashes": [ + { + "alg": "SHA-1", + "content": "08a7f2a8bf734604779a9efa4ad5cc717abb954b" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/npmlog@4.1.2", + "externalReferences": [ + { + "url": "https://github.com/npm/npmlog#readme", + "type": "website" + }, + { + "url": "https://github.com/npm/npmlog/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/npm/npmlog.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/are-we-there-yet@1.1.5", + "name": "are-we-there-yet", + "version": "1.1.5", + "description": "Keep track of the overall completion of many disparate processes", + "hashes": [ + { + "alg": "SHA-1", + "content": "4b35c2944f062a8bfcda66410760350fe9ddfc21" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/are-we-there-yet@1.1.5", + "externalReferences": [ + { + "url": "https://github.com/iarna/are-we-there-yet", + "type": "website" + }, + { + "url": "https://github.com/iarna/are-we-there-yet/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/iarna/are-we-there-yet.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/delegates@1.0.0", + "name": "delegates", + "version": "1.0.0", + "description": "delegate methods and accessors to another property", + "hashes": [ + { + "alg": "SHA-1", + "content": "84c6e159b81904fdca59a0ef44cd870d31250f9a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/delegates@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/visionmedia/node-delegates#readme", + "type": "website" + }, + { + "url": "https://github.com/visionmedia/node-delegates/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/visionmedia/node-delegates.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/console-control-strings@1.1.0", + "name": "console-control-strings", + "version": "1.1.0", + "description": "A library of cross-platform tested terminal/console command strings for doing things like color and cursor positioning. This is a subset of both ansi and vt100. All control codes included work on both Windows \u0026 Unix-like OSes, except where noted.", + "hashes": [ + { + "alg": "SHA-1", + "content": "3d7cf4464db6446ea644bf4b39507f9851008e8e" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/console-control-strings@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/iarna/console-control-strings#readme", + "type": "website" + }, + { + "url": "https://github.com/iarna/console-control-strings/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/iarna/console-control-strings.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/gauge@2.7.4", + "name": "gauge", + "version": "2.7.4", + "description": "A terminal based horizontal guage", + "hashes": [ + { + "alg": "SHA-1", + "content": "2c03405c7538c39d7eb37b317022e325fb018bf7" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/gauge@2.7.4", + "externalReferences": [ + { + "url": "https://github.com/iarna/gauge", + "type": "website" + }, + { + "url": "https://github.com/iarna/gauge/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/iarna/gauge.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/aproba@1.2.0", + "name": "aproba", + "version": "1.2.0", + "description": "A ridiculously light-weight argument validator (now browser friendly)", + "hashes": [ + { + "alg": "SHA-1", + "content": "6802e6264efd18c790a1b0d517f0f2627bf2c94a" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/aproba@1.2.0", + "externalReferences": [ + { + "url": "https://github.com/iarna/aproba", + "type": "website" + }, + { + "url": "https://github.com/iarna/aproba/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/iarna/aproba.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/has-unicode@2.0.1", + "name": "has-unicode", + "version": "2.0.1", + "description": "Try to guess if your terminal supports unicode", + "hashes": [ + { + "alg": "SHA-1", + "content": "e0e6fe6a28cf51138855e086d1691e771de2a8b9" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/has-unicode@2.0.1", + "externalReferences": [ + { + "url": "https://github.com/iarna/has-unicode", + "type": "website" + }, + { + "url": "https://github.com/iarna/has-unicode/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/iarna/has-unicode.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/signal-exit@3.0.3", + "name": "signal-exit", + "version": "3.0.3", + "description": "when you want to fire an event no matter how a process exits.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a1410c2edd8f077b08b4e253c8eacfcaf057461c" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/signal-exit@3.0.3", + "externalReferences": [ + { + "url": "https://github.com/tapjs/signal-exit", + "type": "website" + }, + { + "url": "https://github.com/tapjs/signal-exit/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/tapjs/signal-exit.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/string-width@1.0.2", + "name": "string-width", + "version": "1.0.2", + "description": "Get the visual width of a string - the number of columns required to display it", + "hashes": [ + { + "alg": "SHA-1", + "content": "118bdf5b8cdc51a2a7e70d211e07e2b0b9b107d3" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/string-width.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/code-point-at@1.1.0", + "name": "code-point-at", + "version": "1.1.0", + "description": "ES2015 \u0060String#codePointAt()\u0060 ponyfill", + "hashes": [ + { + "alg": "SHA-1", + "content": "0d070b4d043a5bea33a2f1a40e2edb3d9a4ccf77" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/code-point-at@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/code-point-at#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/code-point-at/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/code-point-at.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-fullwidth-code-point@1.0.0", + "name": "is-fullwidth-code-point", + "version": "1.0.0", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "hashes": [ + { + "alg": "SHA-1", + "content": "ef9e31386f031a7f0d643af82fde50c457ef00cb" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/number-is-nan@1.0.1", + "name": "number-is-nan", + "version": "1.0.1", + "description": "ES2015 Number.isNaN() ponyfill", + "hashes": [ + { + "alg": "SHA-1", + "content": "097b602b53422a522c1afb8790318336941a011d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/number-is-nan@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/number-is-nan#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/number-is-nan/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/number-is-nan.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/wide-align@1.1.3", + "name": "wide-align", + "version": "1.1.3", + "description": "A wide-character aware text alignment function for use on the console or with fixed width fonts.", + "hashes": [ + { + "alg": "SHA-1", + "content": "ae074e6bdc0c14a431e804e624549c633b000457" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/wide-align@1.1.3", + "externalReferences": [ + { + "url": "https://github.com/iarna/wide-align#readme", + "type": "website" + }, + { + "url": "https://github.com/iarna/wide-align/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/iarna/wide-align.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/string-width@2.1.1", + "name": "string-width", + "version": "2.1.1", + "description": "Get the visual width of a string - the number of columns required to display it", + "hashes": [ + { + "alg": "SHA-1", + "content": "ab93f27a8dc13d28cac815c462143a6d9012ae9e" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@2.1.1", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/string-width.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/strip-ansi@4.0.0", + "name": "strip-ansi", + "version": "4.0.0", + "description": "Strip ANSI escape codes", + "hashes": [ + { + "alg": "SHA-1", + "content": "a8479022eb1ac368a871389b635262c505ee368f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@4.0.0", + "externalReferences": [ + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/chalk/strip-ansi.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ansi-regex@3.0.0", + "name": "ansi-regex", + "version": "3.0.0", + "description": "Regular expression for matching ANSI escape codes", + "hashes": [ + { + "alg": "SHA-1", + "content": "ed0317c322064f79466c02966bddb605ab37d998" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@3.0.0", + "externalReferences": [ + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/chalk/ansi-regex.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/rc@1.2.8", + "name": "rc", + "version": "1.2.8", + "description": "hardwired configuration loader", + "hashes": [ + { + "alg": "SHA-1", + "content": "cd924bf5200a075b83c188cd6b9e211b7fc0d3ed" + } + ], + "licenses": [ + { + "license": { + "name": "(BSD-2-Clause OR MIT OR Apache-2.0)" + } + } + ], + "purl": "pkg:npm/rc@1.2.8", + "externalReferences": [ + { + "url": "https://github.com/dominictarr/rc#readme", + "type": "website" + }, + { + "url": "https://github.com/dominictarr/rc/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/dominictarr/rc.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/deep-extend@0.6.0", + "name": "deep-extend", + "version": "0.6.0", + "description": "Recursive object extending", + "hashes": [ + { + "alg": "SHA-1", + "content": "c4fa7c95404a17a9c3e8ca7e1537312b736330ac" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deep-extend@0.6.0", + "externalReferences": [ + { + "url": "https://github.com/unclechu/node-deep-extend", + "type": "website" + }, + { + "url": "https://github.com/unclechu/node-deep-extend/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/unclechu/node-deep-extend.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/strip-json-comments@2.0.1", + "name": "strip-json-comments", + "version": "2.0.1", + "description": "Strip comments from JSON. Lets you use comments in your JSON files!", + "hashes": [ + { + "alg": "SHA-1", + "content": "3c531942e908c2697c0ec344858c286c7ca0a60a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-json-comments@2.0.1", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/strip-json-comments#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/strip-json-comments/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/strip-json-comments.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/rimraf@2.7.1", + "name": "rimraf", + "version": "2.7.1", + "description": "A deep deletion module for node (like \u0060rm -rf\u0060)", + "hashes": [ + { + "alg": "SHA-1", + "content": "35797f13a7fdadc566142c29d4f07ccad483e3ec" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/rimraf@2.7.1", + "externalReferences": [ + { + "url": "https://github.com/isaacs/rimraf#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/rimraf/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/isaacs/rimraf.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/tar@4.4.13", + "name": "tar", + "version": "4.4.13", + "description": "tar for node", + "hashes": [ + { + "alg": "SHA-1", + "content": "43b364bc52888d555298637b10d60790254ab525" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/tar@4.4.13", + "externalReferences": [ + { + "url": "https://github.com/npm/node-tar#readme", + "type": "website" + }, + { + "url": "https://github.com/npm/node-tar/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/npm/node-tar.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/chownr@1.1.4", + "name": "chownr", + "version": "1.1.4", + "description": "like \u0060chown -R\u0060", + "hashes": [ + { + "alg": "SHA-1", + "content": "6fc9d7b42d32a583596337666e7d08084da2cc6b" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/chownr@1.1.4", + "externalReferences": [ + { + "url": "https://github.com/isaacs/chownr#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/chownr/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/isaacs/chownr.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/fs-minipass@1.2.7", + "name": "fs-minipass", + "version": "1.2.7", + "description": "fs read and write streams based on minipass", + "hashes": [ + { + "alg": "SHA-1", + "content": "ccff8570841e7fe4265693da88936c55aed7f7c7" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fs-minipass@1.2.7", + "externalReferences": [ + { + "url": "https://github.com/npm/fs-minipass#readme", + "type": "website" + }, + { + "url": "https://github.com/npm/fs-minipass/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/npm/fs-minipass.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/minipass@2.9.0", + "name": "minipass", + "version": "2.9.0", + "description": "minimal implementation of a PassThrough stream", + "hashes": [ + { + "alg": "SHA-1", + "content": "e713762e7d3e32fed803115cf93e04bca9fcc9a6" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/minipass@2.9.0", + "externalReferences": [ + { + "url": "https://github.com/isaacs/minipass#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/minipass/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/isaacs/minipass.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/yallist@3.1.1", + "name": "yallist", + "version": "3.1.1", + "description": "Yet Another Linked List", + "hashes": [ + { + "alg": "SHA-1", + "content": "dbb7daf9bfd8bac9ab45ebf602b8cbad0d5d08fd" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yallist@3.1.1", + "externalReferences": [ + { + "url": "https://github.com/isaacs/yallist#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/yallist/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/isaacs/yallist.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/minizlib@1.3.3", + "name": "minizlib", + "version": "1.3.3", + "description": "A small fast zlib stream built on [minipass](http://npm.im/minipass) and Node.js\u0027s zlib binding.", + "hashes": [ + { + "alg": "SHA-1", + "content": "2290de96818a34c29551c8a8d301216bd65a861d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/minizlib@1.3.3", + "externalReferences": [ + { + "url": "https://github.com/isaacs/minizlib#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/minizlib/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/isaacs/minizlib.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/marsdb@0.6.11", + "name": "marsdb", + "version": "0.6.11", + "description": "MarsDB is a lightweight client-side MongoDB-like database, Promise based, written in ES6", + "hashes": [ + { + "alg": "SHA-1", + "content": "005b4af67e41df4efe73efed577adf29135d9712" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/marsdb@0.6.11", + "externalReferences": [ + { + "url": "https://github.com/c58/marsdb", + "type": "website" + }, + { + "url": "https://github.com/c58/marsdb/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/c58/marsdb.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/check-types@6.0.0", + "name": "check-types", + "version": "6.0.0", + "description": "A little library for asserting types and values.", + "hashes": [ + { + "alg": "SHA-1", + "content": "de12a2ffc295df40b3afca2bcfeb831bc5f5edf0" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/check-types@6.0.0", + "externalReferences": [ + { + "url": "https://github.com/philbooth/check-types.js", + "type": "website" + }, + { + "url": "https://github.com/philbooth/check-types.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/philbooth/check-types.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/double-ended-queue@0.9.7", + "name": "double-ended-queue", + "version": "0.9.7", + "description": "Extremely fast double-ended queue implementation", + "hashes": [ + { + "alg": "SHA-1", + "content": "8ae0a7265df66cdc3f07dce558e9716adb586ab8" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/double-ended-queue@0.9.7", + "externalReferences": [ + { + "url": "https://github.com/petkaantonov/deque", + "type": "website" + }, + { + "url": "http://github.com/petkaantonov/deque/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/petkaantonov/deque.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/eventemitter3@1.1.1", + "name": "eventemitter3", + "version": "1.1.1", + "description": "EventEmitter3 focuses on performance while maintaining a Node.js AND browser compatible interface.", + "hashes": [ + { + "alg": "SHA-1", + "content": "47786bdaa087caf7b1b75e73abc5c7d540158cd0" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eventemitter3@1.1.1", + "externalReferences": [ + { + "url": "https://github.com/primus/eventemitter3#readme", + "type": "website" + }, + { + "url": "https://github.com/primus/eventemitter3/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/primus/eventemitter3.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/fast.js@0.1.1", + "name": "fast.js", + "version": "0.1.1", + "description": "Faster user-land reimplementations of native functions with extra helpers.", + "hashes": [ + { + "alg": "SHA-1", + "content": "7c024d55ae144882fbcee44b79005fe2dcabd9fe" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast.js@0.1.1", + "externalReferences": [ + { + "url": "https://github.com/codemix/fast.js", + "type": "website" + }, + { + "url": "https://github.com/codemix/fast.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/codemix/fast.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/geojson-utils@1.1.0", + "name": "geojson-utils", + "version": "1.1.0", + "description": "GeoJSON Utilities for JavaScript", + "hashes": [ + { + "alg": "SHA-1", + "content": "e8ffb4c81c0a75b3e306f5187265d6f23040f50b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/geojson-utils@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/maxogden/geojson-js-utils#readme", + "type": "website" + }, + { + "url": "https://github.com/maxogden/geojson-js-utils/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/maxogden/geojson-js-utils.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/invariant@2.2.4", + "name": "invariant", + "version": "2.2.4", + "description": "invariant", + "hashes": [ + { + "alg": "SHA-1", + "content": "610f3c92c9359ce1db616e538008d23ff35158e6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/invariant@2.2.4", + "externalReferences": [ + { + "url": "https://github.com/zertosh/invariant#readme", + "type": "website" + }, + { + "url": "https://github.com/zertosh/invariant/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/zertosh/invariant.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/loose-envify@1.4.0", + "name": "loose-envify", + "version": "1.4.0", + "description": "Fast (and loose) selective \u0060process.env\u0060 replacer using js-tokens instead of an AST", + "hashes": [ + { + "alg": "SHA-1", + "content": "71ee51fa7be4caec1a63839f7e682d8132d30caf" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/loose-envify@1.4.0", + "externalReferences": [ + { + "url": "https://github.com/zertosh/loose-envify", + "type": "website" + }, + { + "url": "https://github.com/zertosh/loose-envify/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/zertosh/loose-envify.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/js-tokens@4.0.0", + "name": "js-tokens", + "version": "4.0.0", + "description": "A regex that tokenizes JavaScript.", + "hashes": [ + { + "alg": "SHA-1", + "content": "19203fb59991df98e3a287050d4647cdeaf32499" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-tokens@4.0.0", + "externalReferences": [ + { + "url": "https://github.com/lydell/js-tokens#readme", + "type": "website" + }, + { + "url": "https://github.com/lydell/js-tokens/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/lydell/js-tokens.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/morgan@1.10.0", + "name": "morgan", + "version": "1.10.0", + "description": "HTTP request logger middleware for node.js", + "hashes": [ + { + "alg": "SHA-1", + "content": "091778abc1fc47cd3509824653dae1faab6b17d7" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/morgan@1.10.0", + "externalReferences": [ + { + "url": "https://github.com/expressjs/morgan#readme", + "type": "website" + }, + { + "url": "https://github.com/expressjs/morgan/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/expressjs/morgan.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/basic-auth@2.0.1", + "name": "basic-auth", + "version": "2.0.1", + "description": "node.js basic auth parser", + "hashes": [ + { + "alg": "SHA-1", + "content": "b998279bf47ce38344b4f3cf916d4679bbf51e3a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/basic-auth@2.0.1", + "externalReferences": [ + { + "url": "https://github.com/jshttp/basic-auth#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/basic-auth/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/basic-auth.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/multer@1.4.2", + "name": "multer", + "version": "1.4.2", + "description": "Middleware for handling \u0060multipart/form-data\u0060.", + "hashes": [ + { + "alg": "SHA-1", + "content": "2f1f4d12dbaeeba74cb37e623f234bf4d3d2057a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/multer@1.4.2", + "externalReferences": [ + { + "url": "https://github.com/expressjs/multer#readme", + "type": "website" + }, + { + "url": "https://github.com/expressjs/multer/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/expressjs/multer.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/append-field@1.0.0", + "name": "append-field", + "version": "1.0.0", + "description": "A [W3C HTML JSON forms spec](http://www.w3.org/TR/html-json-forms/) compliant field appender (for lack of a better name). Useful for people implementing \u0060application/x-www-form-urlencoded\u0060 and \u0060multipart/form-data\u0060 parsers.", + "hashes": [ + { + "alg": "SHA-1", + "content": "1e3440e915f0b1203d23748e78edd7b9b5b43e56" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/append-field@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/LinusU/node-append-field#readme", + "type": "website" + }, + { + "url": "https://github.com/LinusU/node-append-field/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/LinusU/node-append-field.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/busboy@0.2.14", + "name": "busboy", + "version": "0.2.14", + "description": "A streaming parser for HTML form data for node.js", + "hashes": [ + { + "alg": "SHA-1", + "content": "6c2a622efcf47c57bbbe1e2a9c37ad36c7925453" + } + ], + "purl": "pkg:npm/busboy@0.2.14", + "externalReferences": [ + { + "url": "https://github.com/mscdex/busboy#readme", + "type": "website" + }, + { + "url": "https://github.com/mscdex/busboy/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/mscdex/busboy.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/dicer@0.2.5", + "name": "dicer", + "version": "0.2.5", + "description": "A very fast streaming multipart parser for node.js", + "hashes": [ + { + "alg": "SHA-1", + "content": "5996c086bb33218c812c090bddc09cd12facb70f" + } + ], + "purl": "pkg:npm/dicer@0.2.5", + "externalReferences": [ + { + "url": "https://github.com/mscdex/dicer#readme", + "type": "website" + }, + { + "url": "https://github.com/mscdex/dicer/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/mscdex/dicer.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/readable-stream@1.1.14", + "name": "readable-stream", + "version": "1.1.14", + "description": "Streams3, a user-land copy of the stream library from Node.js v0.11.x", + "hashes": [ + { + "alg": "SHA-1", + "content": "7cf4c54ef648e3813084c636dd2079e166c081d9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@1.1.14", + "externalReferences": [ + { + "url": "https://github.com/isaacs/readable-stream#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/readable-stream/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/isaacs/readable-stream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/isarray@0.0.1", + "name": "isarray", + "version": "0.0.1", + "description": "Array#isArray for older browsers", + "hashes": [ + { + "alg": "SHA-1", + "content": "8a18acfca9a8f4177e09abfc6038939b05d1eedf" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/isarray@0.0.1", + "externalReferences": [ + { + "url": "https://github.com/juliangruber/isarray", + "type": "website" + }, + { + "url": "https://github.com/juliangruber/isarray/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/juliangruber/isarray.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/string_decoder@0.10.31", + "name": "string_decoder", + "version": "0.10.31", + "description": "The string_decoder module from Node core", + "hashes": [ + { + "alg": "SHA-1", + "content": "62e203bc41766c6c28c9fc84301dab1c5310fa94" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string_decoder@0.10.31", + "externalReferences": [ + { + "url": "https://github.com/rvagg/string_decoder", + "type": "website" + }, + { + "url": "https://github.com/rvagg/string_decoder/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/rvagg/string_decoder.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/streamsearch@0.1.2", + "name": "streamsearch", + "version": "0.1.2", + "description": "Streaming Boyer-Moore-Horspool searching for node.js", + "hashes": [ + { + "alg": "SHA-1", + "content": "808b9d0e56fc273d809ba57338e929919a1a9f1a" + } + ], + "purl": "pkg:npm/streamsearch@0.1.2", + "externalReferences": [ + { + "url": "https://github.com/mscdex/streamsearch#readme", + "type": "website" + }, + { + "url": "https://github.com/mscdex/streamsearch/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/mscdex/streamsearch.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/concat-stream@1.6.2", + "name": "concat-stream", + "version": "1.6.2", + "description": "writable stream that concatenates strings or binary data and calls a callback with the result", + "hashes": [ + { + "alg": "SHA-1", + "content": "904bdf194cd3122fc675c77fc4ac3d4ff0fd1a34" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/concat-stream@1.6.2", + "externalReferences": [ + { + "url": "https://github.com/maxogden/concat-stream#readme", + "type": "website" + }, + { + "url": "http://github.com/maxogden/concat-stream/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/maxogden/concat-stream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/buffer-from@1.1.1", + "name": "buffer-from", + "version": "1.1.1", + "description": "A [ponyfill](https://ponyfill.com) for \u0060Buffer.from\u0060, uses native implementation if available.", + "hashes": [ + { + "alg": "SHA-1", + "content": "32713bc028f75c02fdb710d7c7bcec1f2c6070ef" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/buffer-from@1.1.1", + "externalReferences": [ + { + "url": "https://github.com/LinusU/buffer-from#readme", + "type": "website" + }, + { + "url": "https://github.com/LinusU/buffer-from/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/LinusU/buffer-from.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/typedarray@0.0.6", + "name": "typedarray", + "version": "0.0.6", + "description": "TypedArray polyfill for old browsers", + "hashes": [ + { + "alg": "SHA-1", + "content": "867ac74e3864187b1d3d47d996a78ec5c8830777" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/typedarray@0.0.6", + "externalReferences": [ + { + "url": "https://github.com/substack/typedarray", + "type": "website" + }, + { + "url": "https://github.com/substack/typedarray/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/substack/typedarray.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/node-pre-gyp@0.14.0", + "name": "node-pre-gyp", + "version": "0.14.0", + "description": "Node.js native addon binary install tool", + "hashes": [ + { + "alg": "SHA-1", + "content": "9a0596533b877289bcad4e143982ca3d904ddc83" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/node-pre-gyp@0.14.0", + "externalReferences": [ + { + "url": "https://github.com/mapbox/node-pre-gyp#readme", + "type": "website" + }, + { + "url": "https://github.com/mapbox/node-pre-gyp/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/mapbox/node-pre-gyp.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/notevil@1.3.3", + "name": "notevil", + "version": "1.3.3", + "description": "Evalulate javascript like the built-in eval() method but safely", + "hashes": [ + { + "alg": "SHA-1", + "content": "56b8a935d8978e0c000749621aca3928b823cb01" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/notevil@1.3.3", + "externalReferences": [ + { + "url": "https://github.com/mmckegg/notevil#readme", + "type": "website" + }, + { + "url": "https://github.com/mmckegg/notevil/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mmckegg/notevil.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/esprima@1.0.4", + "name": "esprima", + "version": "1.0.4", + "description": "ECMAScript parsing infrastructure for multipurpose analysis", + "hashes": [ + { + "alg": "SHA-1", + "content": "9f557e08fc3b4d26ece9dd34f8fbf476b62585ad" + } + ], + "purl": "pkg:npm/esprima@1.0.4", + "externalReferences": [ + { + "url": "http://esprima.org", + "type": "website" + }, + { + "url": "https://github.com/ariya/esprima/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/ariya/esprima.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/hoister@0.0.2", + "name": "hoister", + "version": "0.0.2", + "description": "Put all function and variable declarations at the top of the scope in an AST", + "hashes": [ + { + "alg": "SHA-1", + "content": "0d0d8b1ce0f191553e61afec654f6b180eb96e5d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/hoister@0.0.2", + "externalReferences": [ + { + "url": "https://github.com/mmckegg/hoister#readme", + "type": "website" + }, + { + "url": "https://github.com/mmckegg/hoister/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mmckegg/hoister.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/otplib@11.0.1", + "name": "otplib", + "version": "11.0.1", + "description": "HMAC-based (HOTP) and Time-based (TOTP) One-Time Password library", + "hashes": [ + { + "alg": "SHA-1", + "content": "7d64aa87029f07c99c7f96819fb10cdb67dea886" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/otplib@11.0.1", + "externalReferences": [ + { + "url": "https://yeojz.github.io/otplib", + "type": "website" + }, + { + "url": "https://github.com/yeojz/otplib/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/yeojz/otplib.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/thirty-two@1.0.2", + "name": "thirty-two", + "version": "1.0.2", + "description": "Implementation RFC 3548 Base32 encoding/decoding for node.", + "hashes": [ + { + "alg": "SHA-1", + "content": "4ca2fffc02a51290d2744b9e3f557693ca6b627a" + } + ], + "purl": "pkg:npm/thirty-two@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/chrisumbel/thirty-two#readme", + "type": "website" + }, + { + "url": "https://github.com/chrisumbel/thirty-two/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/chrisumbel/thirty-two.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pdfkit@0.11.0", + "name": "pdfkit", + "version": "0.11.0", + "description": "A PDF generation library for Node.js", + "hashes": [ + { + "alg": "SHA-1", + "content": "9cdb2fc42bd2913587fe3ddf48cc5bbb3c36f7de" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pdfkit@0.11.0", + "externalReferences": [ + { + "url": "http://pdfkit.org/", + "type": "website" + }, + { + "url": "https://github.com/foliojs/pdfkit/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/foliojs/pdfkit.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/crypto-js@3.3.0", + "name": "crypto-js", + "version": "3.3.0", + "description": "JavaScript library of crypto standards.", + "hashes": [ + { + "alg": "SHA-1", + "content": "846dd1cce2f68aacfa156c8578f926a609b7976b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/crypto-js@3.3.0", + "externalReferences": [ + { + "url": "http://github.com/brix/crypto-js", + "type": "website" + }, + { + "url": "https://github.com/brix/crypto-js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/brix/crypto-js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/fontkit@1.8.1", + "name": "fontkit", + "version": "1.8.1", + "description": "An advanced font engine for Node and the browser", + "hashes": [ + { + "alg": "SHA-1", + "content": "ae77485376f1096b45548bf6ced9a07af62a7846" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fontkit@1.8.1", + "externalReferences": [ + { + "url": "https://github.com/foliojs/fontkit#readme", + "type": "website" + }, + { + "url": "https://github.com/foliojs/fontkit/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/foliojs/fontkit.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/babel-runtime@6.26.0", + "name": "babel-runtime", + "version": "6.26.0", + "description": "babel selfContained runtime", + "hashes": [ + { + "alg": "SHA-1", + "content": "965c7058668e82b55d7bfe04ff2337bc8b5647fe" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-runtime@6.26.0", + "externalReferences": [ + { + "url": "https://github.com/babel/babel/tree/master/packages/babel-runtime", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/core-js@2.6.11", + "name": "core-js", + "version": "2.6.11", + "description": "Standard library", + "hashes": [ + { + "alg": "SHA-1", + "content": "38831469f9922bded8ee21c9dc46985e0399308c" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/core-js@2.6.11", + "externalReferences": [ + { + "url": "https://github.com/zloirock/core-js#readme", + "type": "website" + }, + { + "url": "https://github.com/zloirock/core-js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/zloirock/core-js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/regenerator-runtime@0.11.1", + "name": "regenerator-runtime", + "version": "0.11.1", + "description": "Runtime for Regenerator-compiled generator and async functions.", + "hashes": [ + { + "alg": "SHA-1", + "content": "be05ad7f9bf7d22e056f9726cee5017fbf19e2e9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/regenerator-runtime@0.11.1", + "externalReferences": [ + { + "url": "https://github.com/facebook/regenerator/tree/master/packages/regenerator-runtime", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/brfs@2.0.2", + "name": "brfs", + "version": "2.0.2", + "description": "browserify fs.readFileSync() static asset inliner", + "hashes": [ + { + "alg": "SHA-1", + "content": "44237878fa82aa479ce4f5fe2c1796ec69f07845" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brfs@2.0.2", + "externalReferences": [ + { + "url": "https://github.com/substack/brfs", + "type": "website" + }, + { + "url": "https://github.com/substack/brfs/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/substack/brfs.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/quote-stream@1.0.2", + "name": "quote-stream", + "version": "1.0.2", + "description": "transform a stream into a quoted string", + "hashes": [ + { + "alg": "SHA-1", + "content": "84963f8c9c26b942e153feeb53aae74652b7e0b2" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/quote-stream@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/substack/quote-stream", + "type": "website" + }, + { + "url": "https://github.com/substack/quote-stream/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/substack/quote-stream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/buffer-equal@0.0.1", + "name": "buffer-equal", + "version": "0.0.1", + "description": "return whether two buffers are equal", + "hashes": [ + { + "alg": "SHA-1", + "content": "91bc74b11ea405bc916bc6aa908faafa5b4aac4b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/buffer-equal@0.0.1", + "externalReferences": [ + { + "url": "https://github.com/substack/node-buffer-equal#readme", + "type": "website" + }, + { + "url": "https://github.com/substack/node-buffer-equal/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/substack/node-buffer-equal.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/through2@2.0.5", + "name": "through2", + "version": "2.0.5", + "description": "A tiny wrapper around Node streams2 Transform to avoid explicit subclassing noise", + "hashes": [ + { + "alg": "SHA-1", + "content": "01c1e39eb31d07cb7d03a96a70823260b23132cd" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/through2@2.0.5", + "externalReferences": [ + { + "url": "https://github.com/rvagg/through2#readme", + "type": "website" + }, + { + "url": "https://github.com/rvagg/through2/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/rvagg/through2.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/static-module@3.0.4", + "name": "static-module", + "version": "3.0.4", + "description": "convert module usage to inline expressions", + "hashes": [ + { + "alg": "SHA-1", + "content": "bfbd1d1c38dd1fbbf0bb4af0c1b3ae18a93a2b68" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/static-module@3.0.4", + "externalReferences": [ + { + "url": "https://github.com/substack/static-module", + "type": "website" + }, + { + "url": "https://github.com/substack/static-module/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/substack/static-module.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/acorn-node@1.8.2", + "name": "acorn-node", + "version": "1.8.2", + "description": "the acorn javascript parser, preloaded with plugins for syntax parity with recent node versions", + "hashes": [ + { + "alg": "SHA-1", + "content": "114c95d64539e53dede23de8b9d96df7c7ae2af8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/acorn-node@1.8.2", + "externalReferences": [ + { + "url": "https://github.com/browserify/acorn-node", + "type": "website" + }, + { + "url": "https://github.com/browserify/acorn-node/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/browserify/acorn-node.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/acorn@7.3.1", + "name": "acorn", + "version": "7.3.1", + "description": "ECMAScript parser", + "hashes": [ + { + "alg": "SHA-1", + "content": "85010754db53c3fbaf3b9ea3e083aa5c5d147ffd" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@7.3.1", + "externalReferences": [ + { + "url": "https://github.com/acornjs/acorn", + "type": "website" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/acornjs/acorn.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/acorn-walk@7.2.0", + "name": "acorn-walk", + "version": "7.2.0", + "description": "ECMAScript (ESTree) AST walker", + "hashes": [ + { + "alg": "SHA-1", + "content": "0de889a601203909b0fbe07b8938dc21d2e967bc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn-walk@7.2.0", + "externalReferences": [ + { + "url": "https://github.com/acornjs/acorn", + "type": "website" + }, + { + "url": "https://github.com/acornjs/acorn/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/acornjs/acorn.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/convert-source-map@1.7.0", + "name": "convert-source-map", + "version": "1.7.0", + "description": "Converts a source-map from/to different formats and allows adding/changing properties.", + "hashes": [ + { + "alg": "SHA-1", + "content": "17a2cb882d7f77d3490585e2ce6c524424a3a442" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/convert-source-map@1.7.0", + "externalReferences": [ + { + "url": "https://github.com/thlorenz/convert-source-map", + "type": "website" + }, + { + "url": "https://github.com/thlorenz/convert-source-map/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/thlorenz/convert-source-map.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/duplexer2@0.1.4", + "name": "duplexer2", + "version": "0.1.4", + "description": "Like duplexer but using streams3", + "hashes": [ + { + "alg": "SHA-1", + "content": "8b12dab878c0d69e3e7891051662a32fc6bddcc1" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/duplexer2@0.1.4", + "externalReferences": [ + { + "url": "https://github.com/deoxxa/duplexer2#readme", + "type": "website" + }, + { + "url": "https://github.com/deoxxa/duplexer2/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/deoxxa/duplexer2.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/escodegen@1.14.3", + "name": "escodegen", + "version": "1.14.3", + "description": "ECMAScript code generator", + "hashes": [ + { + "alg": "SHA-1", + "content": "4e7b81fba61581dc97582ed78cab7f0e8d63f503" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/escodegen@1.14.3", + "externalReferences": [ + { + "url": "http://github.com/estools/escodegen", + "type": "website" + }, + { + "url": "https://github.com/estools/escodegen/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/estools/escodegen.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/estraverse@4.3.0", + "name": "estraverse", + "version": "4.3.0", + "description": "ECMAScript JS AST traversal functions", + "hashes": [ + { + "alg": "SHA-1", + "content": "398ad3f3c5a24948be7725e83d11a7de28cdbd1d" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/estraverse@4.3.0", + "externalReferences": [ + { + "url": "https://github.com/estools/estraverse", + "type": "website" + }, + { + "url": "https://github.com/estools/estraverse/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/estools/estraverse.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/esutils@2.0.3", + "name": "esutils", + "version": "2.0.3", + "description": "utility box for ECMAScript language tools", + "hashes": [ + { + "alg": "SHA-1", + "content": "74d2eb4de0b8da1293711910d50775b9b710ef64" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/esutils@2.0.3", + "externalReferences": [ + { + "url": "https://github.com/estools/esutils", + "type": "website" + }, + { + "url": "https://github.com/estools/esutils/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/estools/esutils.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/optionator@0.8.3", + "name": "optionator", + "version": "0.8.3", + "description": "option parsing and help generation", + "hashes": [ + { + "alg": "SHA-1", + "content": "84fa1d036fe9d3c7e21d99884b601167ec8fb495" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/optionator@0.8.3", + "externalReferences": [ + { + "url": "https://github.com/gkz/optionator", + "type": "website" + }, + { + "url": "https://github.com/gkz/optionator/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/gkz/optionator.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/deep-is@0.1.3", + "name": "deep-is", + "version": "0.1.3", + "description": "node\u0027s assert.deepEqual algorithm except for NaN being equal to NaN", + "hashes": [ + { + "alg": "SHA-1", + "content": "b369d6fb5dbc13eecf524f91b070feedc357cf34" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deep-is@0.1.3", + "externalReferences": [ + { + "url": "https://github.com/thlorenz/deep-is#readme", + "type": "website" + }, + { + "url": "https://github.com/thlorenz/deep-is/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/thlorenz/deep-is.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/fast-levenshtein@2.0.6", + "name": "fast-levenshtein", + "version": "2.0.6", + "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.", + "hashes": [ + { + "alg": "SHA-1", + "content": "3d8a5c66883a16a30ca8643e851f19baa7797917" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-levenshtein@2.0.6", + "externalReferences": [ + { + "url": "https://github.com/hiddentao/fast-levenshtein#readme", + "type": "website" + }, + { + "url": "https://github.com/hiddentao/fast-levenshtein/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/hiddentao/fast-levenshtein.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/levn@0.3.0", + "name": "levn", + "version": "0.3.0", + "description": "Light ECMAScript (JavaScript) Value Notation - human written, concise, typed, flexible", + "hashes": [ + { + "alg": "SHA-1", + "content": "3b09924edf9f083c0490fdd4c0bc4421e04764ee" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/levn@0.3.0", + "externalReferences": [ + { + "url": "https://github.com/gkz/levn", + "type": "website" + }, + { + "url": "https://github.com/gkz/levn/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/gkz/levn.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/prelude-ls@1.1.2", + "name": "prelude-ls", + "version": "1.1.2", + "description": "prelude.ls is a functionally oriented utility library. It is powerful and flexible. Almost all of its functions are curried. It is written in, and is the recommended base library for, LiveScript.", + "hashes": [ + { + "alg": "SHA-1", + "content": "21932a549f5e52ffd9a827f570e04be62a97da54" + } + ], + "purl": "pkg:npm/prelude-ls@1.1.2", + "externalReferences": [ + { + "url": "http://preludels.com", + "type": "website" + }, + { + "url": "https://github.com/gkz/prelude-ls/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/gkz/prelude-ls.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/type-check@0.3.2", + "name": "type-check", + "version": "0.3.2", + "description": "type-check allows you to check the types of JavaScript values at runtime with a Haskell like type syntax.", + "hashes": [ + { + "alg": "SHA-1", + "content": "5884cab512cf1d355e3fb784f30804b2b520db72" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/type-check@0.3.2", + "externalReferences": [ + { + "url": "https://github.com/gkz/type-check", + "type": "website" + }, + { + "url": "https://github.com/gkz/type-check/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/gkz/type-check.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/word-wrap@1.2.3", + "name": "word-wrap", + "version": "1.2.3", + "description": "Wrap words to a specified length.", + "hashes": [ + { + "alg": "SHA-1", + "content": "610636f6b1f703891bd34771ccb17fb93b47079c" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/word-wrap@1.2.3", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/word-wrap", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/word-wrap/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/word-wrap.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/source-map@0.6.1", + "name": "source-map", + "version": "0.6.1", + "description": "Generates and consumes source maps", + "hashes": [ + { + "alg": "SHA-1", + "content": "74722af32e9614e9c287a8d0bbde48b5e2f1a263" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/source-map@0.6.1", + "externalReferences": [ + { + "url": "https://github.com/mozilla/source-map", + "type": "website" + }, + { + "url": "https://github.com/mozilla/source-map/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/mozilla/source-map.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/has@1.0.3", + "name": "has", + "version": "1.0.3", + "description": "Object.prototype.hasOwnProperty.call shortcut", + "hashes": [ + { + "alg": "SHA-1", + "content": "722d7cbfc1f6aa8241f16dd814e011e1f41e8796" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has@1.0.3", + "externalReferences": [ + { + "url": "https://github.com/tarruda/has", + "type": "website" + }, + { + "url": "https://github.com/tarruda/has/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/tarruda/has.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/function-bind@1.1.1", + "name": "function-bind", + "version": "1.1.1", + "description": "Implementation of Function.prototype.bind", + "hashes": [ + { + "alg": "SHA-1", + "content": "a56899d3ea3c9bab874bb9773b7c5ede92f4895d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/function-bind@1.1.1", + "externalReferences": [ + { + "url": "https://github.com/Raynos/function-bind", + "type": "website" + }, + { + "url": "https://github.com/Raynos/function-bind/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/Raynos/function-bind.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/magic-string@0.25.1", + "name": "magic-string", + "version": "0.25.1", + "description": "Modify strings, generate sourcemaps", + "hashes": [ + { + "alg": "SHA-1", + "content": "b1c248b399cd7485da0fe7385c2fc7011843266e" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/magic-string@0.25.1", + "externalReferences": [ + { + "url": "https://github.com/rich-harris/magic-string#readme", + "type": "website" + }, + { + "url": "https://github.com/rich-harris/magic-string/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/rich-harris/magic-string.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/sourcemap-codec@1.4.8", + "name": "sourcemap-codec", + "version": "1.4.8", + "description": "Encode/decode sourcemap mappings", + "hashes": [ + { + "alg": "SHA-1", + "content": "ea804bd94857402e6992d05a38ef1ae35a9ab4c4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sourcemap-codec@1.4.8", + "externalReferences": [ + { + "url": "https://github.com/Rich-Harris/sourcemap-codec", + "type": "website" + }, + { + "url": "https://github.com/Rich-Harris/sourcemap-codec/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/Rich-Harris/sourcemap-codec.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/merge-source-map@1.0.4", + "name": "merge-source-map", + "version": "1.0.4", + "description": "Merge old source map and new source map in multi-transform flow", + "hashes": [ + { + "alg": "SHA-1", + "content": "a5de46538dae84d4114cc5ea02b4772a6346701f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/merge-source-map@1.0.4", + "externalReferences": [ + { + "url": "https://github.com/keik/merge-source-map#readme", + "type": "website" + }, + { + "url": "https://github.com/keik/merge-source-map/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/keik/merge-source-map.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/object-inspect@1.8.0", + "name": "object-inspect", + "version": "1.8.0", + "description": "string representations of objects in node and the browser", + "hashes": [ + { + "alg": "SHA-1", + "content": "df807e5ecf53a609cc6bfe93eac3cc7be5b3a9d0" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-inspect@1.8.0", + "externalReferences": [ + { + "url": "https://github.com/inspect-js/object-inspect", + "type": "website" + }, + { + "url": "https://github.com/inspect-js/object-inspect/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/inspect-js/object-inspect.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/scope-analyzer@2.1.1", + "name": "scope-analyzer", + "version": "2.1.1", + "description": "simple scope analysis for javascript ASTs", + "hashes": [ + { + "alg": "SHA-1", + "content": "5156c27de084d74bf75af9e9506aaf95c6e73dd6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/scope-analyzer@2.1.1", + "externalReferences": [ + { + "url": "https://github.com/goto-bus-stop/scope-analyzer", + "type": "website" + }, + { + "url": "https://github.com/goto-bus-stop/scope-analyzer/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/goto-bus-stop/scope-analyzer.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/array-from@2.1.1", + "name": "array-from", + "version": "2.1.1", + "description": "A ponyfill for the ES 2015 (ES6) \u0060Array.from()\u0060.", + "hashes": [ + { + "alg": "SHA-1", + "content": "cfe9d8c26628b9dc5aecc62a9f5d8f1f352c1195" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/array-from@2.1.1", + "externalReferences": [ + { + "url": "https://github.com/studio-b12/array-from#readme", + "type": "website" + }, + { + "url": "https://github.com/studio-b12/array-from/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/studio-b12/array-from.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/dash-ast@1.0.0", + "name": "dash-ast", + "version": "1.0.0", + "description": "walk an AST, quickly", + "hashes": [ + { + "alg": "SHA-1", + "content": "12029ba5fb2f8aa6f0a861795b23c1b4b6c27d37" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/dash-ast@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/goto-bus-stop/dash-ast", + "type": "website" + }, + { + "url": "https://github.com/goto-bus-stop/dash-ast/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/goto-bus-stop/dash-ast.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/es6-map@0.1.5", + "name": "es6-map", + "version": "0.1.5", + "description": "ECMAScript6 Map polyfill", + "hashes": [ + { + "alg": "SHA-1", + "content": "9136e0503dcc06a301690f0bb14ff4e364e949f0" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es6-map@0.1.5", + "externalReferences": [ + { + "url": "https://github.com/medikoo/es6-map#readme", + "type": "website" + }, + { + "url": "https://github.com/medikoo/es6-map/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/medikoo/es6-map.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/d@1.0.1", + "name": "d", + "version": "1.0.1", + "description": "Property descriptor factory", + "hashes": [ + { + "alg": "SHA-1", + "content": "8698095372d58dbee346ffd0c7093f99f8f9eb5a" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/d@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/medikoo/d#readme", + "type": "website" + }, + { + "url": "https://github.com/medikoo/d/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/medikoo/d.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/es5-ext@0.10.53", + "name": "es5-ext", + "version": "0.10.53", + "description": "ECMAScript extensions and shims", + "hashes": [ + { + "alg": "SHA-1", + "content": "93c5a3acfdbef275220ad72644ad02ee18368de1" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es5-ext@0.10.53", + "externalReferences": [ + { + "url": "https://github.com/medikoo/es5-ext#readme", + "type": "website" + }, + { + "url": "https://github.com/medikoo/es5-ext/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/medikoo/es5-ext.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/es6-iterator@2.0.3", + "name": "es6-iterator", + "version": "2.0.3", + "description": "Iterator abstraction based on ES6 specification", + "hashes": [ + { + "alg": "SHA-1", + "content": "a7de889141a05a94b0854403b2d0a0fbfa98f3b7" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es6-iterator@2.0.3", + "externalReferences": [ + { + "url": "https://github.com/medikoo/es6-iterator#readme", + "type": "website" + }, + { + "url": "https://github.com/medikoo/es6-iterator/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/medikoo/es6-iterator.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/es6-symbol@3.1.3", + "name": "es6-symbol", + "version": "3.1.3", + "description": "ECMAScript 6 Symbol polyfill", + "hashes": [ + { + "alg": "SHA-1", + "content": "bad5d3c1bcdac28269f4cb331e431c78ac705d18" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/es6-symbol@3.1.3", + "externalReferences": [ + { + "url": "https://github.com/medikoo/es6-symbol#readme", + "type": "website" + }, + { + "url": "https://github.com/medikoo/es6-symbol/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/medikoo/es6-symbol.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ext@1.4.0", + "name": "ext", + "version": "1.4.0", + "description": "JavaScript utilities with respect to emerging standard", + "hashes": [ + { + "alg": "SHA-1", + "content": "89ae7a07158f79d35517882904324077e4379244" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/ext@1.4.0", + "externalReferences": [ + { + "url": "https://github.com/medikoo/es5-ext/tree/ext", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/type@2.0.0", + "name": "type", + "version": "2.0.0", + "description": "Runtime validation and processing of JavaScript types", + "hashes": [ + { + "alg": "SHA-1", + "content": "5f16ff6ef2eb44f260494dae271033b29c09a9c3" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/type@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/medikoo/type#readme", + "type": "website" + }, + { + "url": "https://github.com/medikoo/type/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/medikoo/type.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/next-tick@1.0.0", + "name": "next-tick", + "version": "1.0.0", + "description": "Environment agnostic nextTick polyfill", + "hashes": [ + { + "alg": "SHA-1", + "content": "ca86d1fe8828169b0120208e3dc8424b9db8342c" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/next-tick@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/medikoo/next-tick#readme", + "type": "website" + }, + { + "url": "https://github.com/medikoo/next-tick/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/medikoo/next-tick.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/type@1.2.0", + "name": "type", + "version": "1.2.0", + "description": "Runtime validation and processing of JavaScript types", + "hashes": [ + { + "alg": "SHA-1", + "content": "848dd7698dafa3e54a6c479e759c4bc3f18847a0" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/type@1.2.0", + "externalReferences": [ + { + "url": "https://github.com/medikoo/type#readme", + "type": "website" + }, + { + "url": "https://github.com/medikoo/type/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/medikoo/type.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/es6-set@0.1.5", + "name": "es6-set", + "version": "0.1.5", + "description": "ECMAScript6 Set polyfill", + "hashes": [ + { + "alg": "SHA-1", + "content": "d2b3ec5d4d800ced818db538d28974db0a73ccb1" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es6-set@0.1.5", + "externalReferences": [ + { + "url": "https://github.com/medikoo/es6-set#readme", + "type": "website" + }, + { + "url": "https://github.com/medikoo/es6-set/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/medikoo/es6-set.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/es6-symbol@3.1.1", + "name": "es6-symbol", + "version": "3.1.1", + "description": "ECMAScript 6 Symbol polyfill", + "hashes": [ + { + "alg": "SHA-1", + "content": "bf00ef4fdab6ba1b46ecb7b629b4c7ed5715cc77" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es6-symbol@3.1.1", + "externalReferences": [ + { + "url": "https://github.com/medikoo/es6-symbol#readme", + "type": "website" + }, + { + "url": "https://github.com/medikoo/es6-symbol/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/medikoo/es6-symbol.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/event-emitter@0.3.5", + "name": "event-emitter", + "version": "0.3.5", + "description": "Environment agnostic event emitter", + "hashes": [ + { + "alg": "SHA-1", + "content": "df8c69eef1647923c7157b9ce83840610b02cc39" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/event-emitter@0.3.5", + "externalReferences": [ + { + "url": "https://github.com/medikoo/event-emitter#readme", + "type": "website" + }, + { + "url": "https://github.com/medikoo/event-emitter/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/medikoo/event-emitter.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/estree-is-function@1.0.0", + "name": "estree-is-function", + "version": "1.0.0", + "description": "check if an AST node is a function of some sort", + "hashes": [ + { + "alg": "SHA-1", + "content": "c0adc29806d7f18a74db7df0f3b2666702e37ad2" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/estree-is-function@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/goto-bus-stop/estree-is-function", + "type": "website" + }, + { + "url": "https://github.com/goto-bus-stop/estree-is-function/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/goto-bus-stop/estree-is-function.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/get-assigned-identifiers@1.2.0", + "name": "get-assigned-identifiers", + "version": "1.2.0", + "description": "get a list of identifiers that are initialised by a JavaScript AST node.", + "hashes": [ + { + "alg": "SHA-1", + "content": "6dbf411de648cbaf8d9169ebb0d2d576191e2ff1" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/get-assigned-identifiers@1.2.0", + "externalReferences": [ + { + "url": "https://github.com/goto-bus-stop/get-assigned-identifiers", + "type": "website" + }, + { + "url": "https://github.com/goto-bus-stop/get-assigned-identifiers/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/goto-bus-stop/get-assigned-identifiers.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/shallow-copy@0.0.1", + "name": "shallow-copy", + "version": "0.0.1", + "description": "make a shallow copy of an object or array", + "hashes": [ + { + "alg": "SHA-1", + "content": "415f42702d73d810330292cc5ee86eae1a11a170" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/shallow-copy@0.0.1", + "externalReferences": [ + { + "url": "https://github.com/substack/shallow-copy", + "type": "website" + }, + { + "url": "https://github.com/substack/shallow-copy/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/substack/shallow-copy.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/static-eval@2.1.0", + "name": "static-eval", + "version": "2.1.0", + "description": "evaluate statically-analyzable expressions", + "hashes": [ + { + "alg": "SHA-1", + "content": "a16dbe54522d7fa5ef1389129d813fd47b148014" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/static-eval@2.1.0", + "externalReferences": [ + { + "url": "https://github.com/browserify/static-eval", + "type": "website" + }, + { + "url": "https://github.com/browserify/static-eval/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/browserify/static-eval.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/brotli@1.3.2", + "name": "brotli", + "version": "1.3.2", + "description": "A port of the Brotli compression algorithm as used in WOFF2", + "hashes": [ + { + "alg": "SHA-1", + "content": "525a9cad4fcba96475d7d388f6aecb13eed52f46" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/brotli@1.3.2", + "externalReferences": [ + { + "url": "https://github.com/devongovett/brotli.js", + "type": "website" + }, + { + "url": "https://github.com/devongovett/brotli.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/devongovett/brotli.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/browserify-optional@1.0.1", + "name": "browserify-optional", + "version": "1.0.1", + "description": "A browserify transform that allows optional dependencies in try..catch blocks", + "hashes": [ + { + "alg": "SHA-1", + "content": "1e13722cfde0d85f121676c2a72ced533a018869" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/browserify-optional@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/devongovett/browserify-optional", + "type": "website" + }, + { + "url": "https://github.com/devongovett/browserify-optional/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/devongovett/browserify-optional.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ast-transform@0.0.0", + "name": "ast-transform", + "version": "0.0.0", + "description": "Convenience wrapper for performing AST transformations with browserify transform streams", + "hashes": [ + { + "alg": "SHA-1", + "content": "74944058887d8283e189d954600947bc98fe0062" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ast-transform@0.0.0", + "externalReferences": [ + { + "url": "https://github.com/hughsk/ast-transform", + "type": "website" + }, + { + "url": "https://github.com/hughsk/ast-transform/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/hughsk/ast-transform.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/escodegen@1.2.0", + "name": "escodegen", + "version": "1.2.0", + "description": "ECMAScript code generator", + "hashes": [ + { + "alg": "SHA-1", + "content": "09de7967791cc958b7f89a2ddb6d23451af327e1" + } + ], + "purl": "pkg:npm/escodegen@1.2.0", + "externalReferences": [ + { + "url": "http://github.com/Constellation/escodegen", + "type": "website" + }, + { + "url": "https://github.com/Constellation/escodegen/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/Constellation/escodegen.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/estraverse@1.5.1", + "name": "estraverse", + "version": "1.5.1", + "description": "ECMAScript JS AST traversal functions", + "hashes": [ + { + "alg": "SHA-1", + "content": "867a3e8e58a9f84618afb6c2ddbcd916b7cbaf71" + } + ], + "purl": "pkg:npm/estraverse@1.5.1", + "externalReferences": [ + { + "url": "https://github.com/Constellation/estraverse", + "type": "website" + }, + { + "url": "https://github.com/Constellation/estraverse/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/Constellation/estraverse.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/esutils@1.0.0", + "name": "esutils", + "version": "1.0.0", + "description": "utility box for ECMAScript language tools", + "hashes": [ + { + "alg": "SHA-1", + "content": "8151d358e20c8acc7fb745e7472c0025fe496570" + } + ], + "purl": "pkg:npm/esutils@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/Constellation/esutils", + "type": "website" + }, + { + "url": "https://github.com/Constellation/esutils/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/Constellation/esutils.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/source-map@0.1.43", + "name": "source-map", + "version": "0.1.43", + "description": "Generates and consumes source maps", + "hashes": [ + { + "alg": "SHA-1", + "content": "c24bc146ca517c1471f5dacbe2571b2b7f9e3346" + } + ], + "purl": "pkg:npm/source-map@0.1.43", + "externalReferences": [ + { + "url": "https://github.com/mozilla/source-map", + "type": "website" + }, + { + "url": "https://github.com/mozilla/source-map/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/mozilla/source-map.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/amdefine@1.0.1", + "name": "amdefine", + "version": "1.0.1", + "description": "Provide AMD\u0027s define() API for declaring modules in the AMD format", + "hashes": [ + { + "alg": "SHA-1", + "content": "4a5282ac164729e93619bcfd3ad151f817ce91f5" + } + ], + "licenses": [ + { + "license": { + "name": "BSD-3-Clause OR MIT" + } + } + ], + "purl": "pkg:npm/amdefine@1.0.1", + "externalReferences": [ + { + "url": "http://github.com/jrburke/amdefine", + "type": "website" + }, + { + "url": "https://github.com/jrburke/amdefine/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jrburke/amdefine.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ast-types@0.7.8", + "name": "ast-types", + "version": "0.7.8", + "description": "Esprima-compatible implementation of the Mozilla JS Parser API", + "hashes": [ + { + "alg": "SHA-1", + "content": "902d2e0d60d071bdcd46dc115e1809ed11c138a9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ast-types@0.7.8", + "externalReferences": [ + { + "url": "http://github.com/benjamn/ast-types", + "type": "website" + }, + { + "url": "https://github.com/benjamn/ast-types/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/benjamn/ast-types.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/browser-resolve@1.11.3", + "name": "browser-resolve", + "version": "1.11.3", + "description": "resolve which handles browser field support in package.json", + "hashes": [ + { + "alg": "SHA-1", + "content": "9b7cbb3d0f510e4cb86bdbd796124d28b5890af6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/browser-resolve@1.11.3", + "externalReferences": [ + { + "url": "https://github.com/shtylman/node-browser-resolve#readme", + "type": "website" + }, + { + "url": "https://github.com/shtylman/node-browser-resolve/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/shtylman/node-browser-resolve.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/resolve@1.1.7", + "name": "resolve", + "version": "1.1.7", + "description": "resolve like require.resolve() on behalf of files asynchronously and synchronously", + "hashes": [ + { + "alg": "SHA-1", + "content": "203114d82ad2c5ed9e8e0411b3932875e889e97b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/resolve@1.1.7", + "externalReferences": [ + { + "url": "https://github.com/substack/node-resolve#readme", + "type": "website" + }, + { + "url": "https://github.com/substack/node-resolve/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/substack/node-resolve.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/clone@1.0.4", + "name": "clone", + "version": "1.0.4", + "description": "deep cloning of objects and arrays", + "hashes": [ + { + "alg": "SHA-1", + "content": "da309cc263df15994c688ca902179ca3c7cd7c7e" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clone@1.0.4", + "externalReferences": [ + { + "url": "https://github.com/pvorb/node-clone#readme", + "type": "website" + }, + { + "url": "https://github.com/pvorb/node-clone/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/pvorb/node-clone.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/deep-equal@1.1.1", + "name": "deep-equal", + "version": "1.1.1", + "description": "node\u0027s assert.deepEqual algorithm", + "hashes": [ + { + "alg": "SHA-1", + "content": "b5c98c942ceffaf7cb051e24e1434a25a2e6076a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/deep-equal@1.1.1", + "externalReferences": [ + { + "url": "https://github.com/substack/node-deep-equal#readme", + "type": "website" + }, + { + "url": "https://github.com/substack/node-deep-equal/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/substack/node-deep-equal.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-arguments@1.0.4", + "name": "is-arguments", + "version": "1.0.4", + "description": "Is this an arguments object? It\u0027s a harder question than you think.", + "hashes": [ + { + "alg": "SHA-1", + "content": "3faf966c7cba0ff437fb31f6250082fcf0448cf3" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arguments@1.0.4", + "externalReferences": [ + { + "url": "https://github.com/ljharb/is-arguments", + "type": "website" + }, + { + "url": "https://github.com/ljharb/is-arguments/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/ljharb/is-arguments.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-date-object@1.0.2", + "name": "is-date-object", + "version": "1.0.2", + "description": "Is this value a JS Date object? This module works cross-realm/iframe, and despite ES6 @@toStringTag.", + "hashes": [ + { + "alg": "SHA-1", + "content": "bda736f2cd8fd06d32844e7743bfa7494c3bfd7e" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-date-object@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/ljharb/is-date-object#readme", + "type": "website" + }, + { + "url": "https://github.com/ljharb/is-date-object/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/ljharb/is-date-object.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-regex@1.1.0", + "name": "is-regex", + "version": "1.1.0", + "description": "Is this value a JS regex? Works cross-realm/iframe, and despite ES6 @@toStringTag", + "hashes": [ + { + "alg": "SHA-1", + "content": "ece38e389e490df0dc21caea2bd596f987f767ff" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-regex@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/ljharb/is-regex", + "type": "website" + }, + { + "url": "https://github.com/ljharb/is-regex/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/ljharb/is-regex.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/has-symbols@1.0.1", + "name": "has-symbols", + "version": "1.0.1", + "description": "Determine if the JS environment has Symbol support. Supports spec, or shams.", + "hashes": [ + { + "alg": "SHA-1", + "content": "9f5214758a44196c406d9bd76cebf81ec2dd31e8" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-symbols@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/ljharb/has-symbols#readme", + "type": "website" + }, + { + "url": "https://github.com/ljharb/has-symbols/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/ljharb/has-symbols.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/object-is@1.1.2", + "name": "object-is", + "version": "1.1.2", + "description": "ES2015-compliant shim for Object.is - differentiates between -0 and \u002B0", + "hashes": [ + { + "alg": "SHA-1", + "content": "c5d2e87ff9e119f78b7a088441519e2eec1573b6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-is@1.1.2", + "externalReferences": [ + { + "url": "https://github.com/es-shims/object-is", + "type": "website" + }, + { + "url": "https://github.com/es-shims/object-is/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/es-shims/object-is.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/define-properties@1.1.3", + "name": "define-properties", + "version": "1.1.3", + "description": "Define multiple non-enumerable properties at once. Uses \u0060Object.defineProperty\u0060 when available; falls back to standard assignment in older engines.", + "hashes": [ + { + "alg": "SHA-1", + "content": "cf88da6cbee26fe6db7094f61d870cbd84cee9f1" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/define-properties@1.1.3", + "externalReferences": [ + { + "url": "https://github.com/ljharb/define-properties#readme", + "type": "website" + }, + { + "url": "https://github.com/ljharb/define-properties/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/ljharb/define-properties.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/object-keys@1.1.1", + "name": "object-keys", + "version": "1.1.1", + "description": "An Object.keys replacement, in case Object.keys is not available. From https://github.com/es-shims/es5-shim", + "hashes": [ + { + "alg": "SHA-1", + "content": "1c47f272df277f3b1daf061677d9c82e2322c60e" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-keys@1.1.1", + "externalReferences": [ + { + "url": "https://github.com/ljharb/object-keys#readme", + "type": "website" + }, + { + "url": "https://github.com/ljharb/object-keys/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/ljharb/object-keys.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/es-abstract@1.17.6", + "name": "es-abstract", + "version": "1.17.6", + "description": "ECMAScript spec abstract operations.", + "hashes": [ + { + "alg": "SHA-1", + "content": "9142071707857b2cacc7b89ecb670316c3e2d52a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es-abstract@1.17.6", + "externalReferences": [ + { + "url": "https://github.com/ljharb/es-abstract#readme", + "type": "website" + }, + { + "url": "https://github.com/ljharb/es-abstract/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/ljharb/es-abstract.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/es-to-primitive@1.2.1", + "name": "es-to-primitive", + "version": "1.2.1", + "description": "ECMAScript \u201CToPrimitive\u201D algorithm. Provides ES5 and ES2015 versions.", + "hashes": [ + { + "alg": "SHA-1", + "content": "e55cd4c9cdc188bcefb03b366c736323fc5c898a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/es-to-primitive@1.2.1", + "externalReferences": [ + { + "url": "https://github.com/ljharb/es-to-primitive#readme", + "type": "website" + }, + { + "url": "https://github.com/ljharb/es-to-primitive/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/ljharb/es-to-primitive.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-callable@1.2.0", + "name": "is-callable", + "version": "1.2.0", + "description": "Is this JS value callable? Works with Functions and GeneratorFunctions, despite ES6 @@toStringTag.", + "hashes": [ + { + "alg": "SHA-1", + "content": "83336560b54a38e35e3a2df7afd0454d691468bb" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-callable@1.2.0", + "externalReferences": [ + { + "url": "https://github.com/ljharb/is-callable#readme", + "type": "website" + }, + { + "url": "https://github.com/ljharb/is-callable/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/ljharb/is-callable.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-symbol@1.0.3", + "name": "is-symbol", + "version": "1.0.3", + "description": "Determine if a value is an ES6 Symbol or not.", + "hashes": [ + { + "alg": "SHA-1", + "content": "38e1014b9e6329be0de9d24a414fd7441ec61937" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-symbol@1.0.3", + "externalReferences": [ + { + "url": "https://github.com/inspect-js/is-symbol#readme", + "type": "website" + }, + { + "url": "https://github.com/inspect-js/is-symbol/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/inspect-js/is-symbol.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/object.assign@4.1.0", + "name": "object.assign", + "version": "4.1.0", + "description": "ES6 spec-compliant Object.assign shim. From https://github.com/es-shims/es6-shim", + "hashes": [ + { + "alg": "SHA-1", + "content": "968bf1100d7956bb3ca086f006f846b3bc4008da" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object.assign@4.1.0", + "externalReferences": [ + { + "url": "https://github.com/ljharb/object.assign#readme", + "type": "website" + }, + { + "url": "https://github.com/ljharb/object.assign/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/ljharb/object.assign.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/string.prototype.trimend@1.0.1", + "name": "string.prototype.trimend", + "version": "1.0.1", + "description": "ES2019 spec-compliant String.prototype.trimEnd shim.", + "hashes": [ + { + "alg": "SHA-1", + "content": "85812a6b847ac002270f5808146064c995fb6913" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string.prototype.trimend@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/es-shims/String.prototype.trimEnd#readme", + "type": "website" + }, + { + "url": "https://github.com/es-shims/String.prototype.trimEnd/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/es-shims/String.prototype.trimEnd.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/string.prototype.trimstart@1.0.1", + "name": "string.prototype.trimstart", + "version": "1.0.1", + "description": "ES2019 spec-compliant String.prototype.trimStart shim.", + "hashes": [ + { + "alg": "SHA-1", + "content": "14af6d9f34b053f7cfc89b72f8f2ee14b9039a54" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string.prototype.trimstart@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/es-shims/String.prototype.trimStart#readme", + "type": "website" + }, + { + "url": "https://github.com/es-shims/String.prototype.trimStart/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/es-shims/String.prototype.trimStart.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/regexp.prototype.flags@1.3.0", + "name": "regexp.prototype.flags", + "version": "1.3.0", + "description": "ES6 spec-compliant RegExp.prototype.flags shim.", + "hashes": [ + { + "alg": "SHA-1", + "content": "7aba89b3c13a64509dabcf3ca8d9fbb9bdf5cb75" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/regexp.prototype.flags@1.3.0", + "externalReferences": [ + { + "url": "https://github.com/es-shims/RegExp.prototype.flags#readme", + "type": "website" + }, + { + "url": "https://github.com/es-shims/RegExp.prototype.flags/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/es-shims/RegExp.prototype.flags.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/dfa@1.2.0", + "name": "dfa", + "version": "1.2.0", + "description": "A state machine compiler", + "hashes": [ + { + "alg": "SHA-1", + "content": "96ac3204e2d29c49ea5b57af8d92c2ae12790657" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dfa@1.2.0", + "externalReferences": [ + { + "url": "https://github.com/devongovett/dfa#readme", + "type": "website" + }, + { + "url": "https://github.com/devongovett/dfa/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/devongovett/dfa.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/restructure@0.5.4", + "name": "restructure", + "version": "0.5.4", + "description": "Declaratively encode and decode binary data", + "hashes": [ + { + "alg": "SHA-1", + "content": "f54e7dd563590fb34fd6bf55876109aeccb28de8" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/restructure@0.5.4", + "externalReferences": [ + { + "url": "https://github.com/devongovett/restructure", + "type": "website" + }, + { + "url": "https://github.com/devongovett/restructure/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/devongovett/restructure.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/tiny-inflate@1.0.3", + "name": "tiny-inflate", + "version": "1.0.3", + "description": "A tiny inflate implementation", + "hashes": [ + { + "alg": "SHA-1", + "content": "122715494913a1805166aaf7c93467933eea26c4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tiny-inflate@1.0.3", + "externalReferences": [ + { + "url": "https://github.com/devongovett/tiny-inflate", + "type": "website" + }, + { + "url": "https://github.com/devongovett/tiny-inflate/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/devongovett/tiny-inflate.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/unicode-properties@1.3.1", + "name": "unicode-properties", + "version": "1.3.1", + "description": "Provides fast access to unicode character properties", + "hashes": [ + { + "alg": "SHA-1", + "content": "cc642b6314bde2c691d65dd94cece09ed84f1282" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/unicode-properties@1.3.1", + "externalReferences": [ + { + "url": "https://github.com/devongovett/unicode-properties", + "type": "website" + }, + { + "url": "https://github.com/devongovett/unicode-properties/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/devongovett/unicode-properties.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/unicode-trie@2.0.0", + "name": "unicode-trie", + "version": "2.0.0", + "description": "Unicode Trie data structure for fast character metadata lookup, ported from ICU", + "hashes": [ + { + "alg": "SHA-1", + "content": "8fd8845696e2e14a8b67d78fa9e0dd2cad62fec8" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/unicode-trie@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/devongovett/unicode-trie", + "type": "website" + }, + { + "url": "https://github.com/devongovett/unicode-trie/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/devongovett/unicode-trie.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pako@0.2.9", + "name": "pako", + "version": "0.2.9", + "description": "zlib port to javascript - fast, modularized, with browser support", + "hashes": [ + { + "alg": "SHA-1", + "content": "f3f7522f4ef782348da8161bad9ecfd51bf83a75" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pako@0.2.9", + "externalReferences": [ + { + "url": "https://github.com/nodeca/pako", + "type": "website" + }, + { + "url": "https://github.com/nodeca/pako/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/nodeca/pako.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/unicode-trie@0.3.1", + "name": "unicode-trie", + "version": "0.3.1", + "description": "Unicode Trie data structure for fast character metadata lookup, ported from ICU", + "hashes": [ + { + "alg": "SHA-1", + "content": "d671dddd89101a08bac37b6a5161010602052085" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/unicode-trie@0.3.1", + "externalReferences": [ + { + "url": "https://github.com/devongovett/unicode-trie", + "type": "website" + }, + { + "url": "https://github.com/devongovett/unicode-trie/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/devongovett/unicode-trie.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/linebreak@1.0.2", + "name": "linebreak", + "version": "1.0.2", + "description": "An implementation of the Unicode Line Breaking Algorithm (UAX #14)", + "hashes": [ + { + "alg": "SHA-1", + "content": "4b5781733e9a9eb2849dba2f963e47c887f8aa06" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/linebreak@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/devongovett/linebreaker", + "type": "website" + }, + { + "url": "https://github.com/devongovett/linebreaker/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/devongovett/linebreaker.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/base64-js@0.0.8", + "name": "base64-js", + "version": "0.0.8", + "description": "Base64 encoding/decoding in pure JS", + "hashes": [ + { + "alg": "SHA-1", + "content": "1101e9544f4a76b1bc3b26d452ca96d7a35e7978" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/base64-js@0.0.8", + "externalReferences": [ + { + "url": "https://github.com/beatgammit/base64-js#readme", + "type": "website" + }, + { + "url": "https://github.com/beatgammit/base64-js/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/beatgammit/base64-js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/unicode-trie@1.0.0", + "name": "unicode-trie", + "version": "1.0.0", + "description": "Unicode Trie data structure for fast character metadata lookup, ported from ICU", + "hashes": [ + { + "alg": "SHA-1", + "content": "f649afdca127135edb55ca0ad7c8c60656d92ad1" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/unicode-trie@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/devongovett/unicode-trie", + "type": "website" + }, + { + "url": "https://github.com/devongovett/unicode-trie/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/devongovett/unicode-trie.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/png-js@1.0.0", + "name": "png-js", + "version": "1.0.0", + "description": "A PNG decoder in JavaScript", + "hashes": [ + { + "alg": "SHA-1", + "content": "e5484f1e8156996e383aceebb3789fd75df1874d" + } + ], + "purl": "pkg:npm/png-js@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/devongovett/png.js#readme", + "type": "website" + }, + { + "url": "http://github.com/devongovett/png.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/devongovett/png.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/portscanner@2.2.0", + "name": "portscanner", + "version": "2.2.0", + "description": "Asynchronous port scanner for Node.js", + "hashes": [ + { + "alg": "SHA-1", + "content": "6059189b3efa0965c9d96a56b958eb9508411cf1" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/portscanner@2.2.0", + "externalReferences": [ + { + "url": "https://github.com/baalexander/node-portscanner", + "type": "website" + }, + { + "url": "https://github.com/baalexander/node-portscanner/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/baalexander/node-portscanner.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-number-like@1.0.8", + "name": "is-number-like", + "version": "1.0.8", + "description": "Checks whether provided parameter looks like a number", + "hashes": [ + { + "alg": "SHA-1", + "content": "2e129620b50891042e44e9bbbb30593e75cfbbe3" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/is-number-like@1.0.8", + "externalReferences": [ + { + "url": "https://github.com/vigour-io/is-number-like#readme", + "type": "website" + }, + { + "url": "https://github.com/vigour-io/is-number-like/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/vigour-io/is-number-like.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/lodash.isfinite@3.3.2", + "name": "lodash.isfinite", + "version": "3.3.2", + "description": "The lodash method \u0060_.isFinite\u0060 exported as a module.", + "hashes": [ + { + "alg": "SHA-1", + "content": "fb89b65a9a80281833f0b7478b3a5104f898ebb3" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.isfinite@3.3.2", + "externalReferences": [ + { + "url": "https://lodash.com/", + "type": "website" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/lodash/lodash.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/prom-client@11.5.3", + "name": "prom-client", + "version": "11.5.3", + "description": "Client for prometheus", + "hashes": [ + { + "alg": "SHA-1", + "content": "5fedfce1083bac6c2b223738e966d0e1643756f8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/prom-client@11.5.3", + "externalReferences": [ + { + "url": "https://github.com/siimon/prom-client", + "type": "website" + }, + { + "url": "https://github.com/siimon/prom-client/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/siimon/prom-client.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/tdigest@0.1.1", + "name": "tdigest", + "version": "0.1.1", + "description": "javascript implementation of Dunning\u0027s T-Digest for streaming quantile approximation", + "hashes": [ + { + "alg": "SHA-1", + "content": "2e3cb2c39ea449e55d1e6cd91117accca4588021" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tdigest@0.1.1", + "externalReferences": [ + { + "url": "https://github.com/welch/tdigest", + "type": "website" + }, + { + "url": "https://github.com/welch/tdigest/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/welch/tdigest.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/bintrees@1.0.1", + "name": "bintrees", + "version": "1.0.1", + "description": "Binary Search Trees", + "hashes": [ + { + "alg": "SHA-1", + "content": "0e655c9b9c2435eaab68bf4027226d2b55a34524" + } + ], + "purl": "pkg:npm/bintrees@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/vadimg/js_bintrees#readme", + "type": "website" + }, + { + "url": "https://github.com/vadimg/js_bintrees/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/vadimg/js_bintrees.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pug@2.0.4", + "name": "pug", + "version": "2.0.4", + "description": "A clean, whitespace-sensitive template language for writing HTML", + "hashes": [ + { + "alg": "SHA-1", + "content": "ee7682ec0a60494b38d48a88f05f3b0ac931377d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pug@2.0.4", + "externalReferences": [ + { + "url": "https://pugjs.org", + "type": "website" + }, + { + "url": "https://github.com/pugjs/pug/tree/master/packages/pug", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pug-code-gen@2.0.2", + "name": "pug-code-gen", + "version": "2.0.2", + "description": "Default code-generator for pug. It generates HTML via a JavaScript template function.", + "hashes": [ + { + "alg": "SHA-1", + "content": "ad0967162aea077dcf787838d94ed14acb0217c2" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pug-code-gen@2.0.2", + "externalReferences": [ + { + "url": "https://github.com/pugjs/pug/tree/master/packages/pug-code-gen", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/constantinople@3.1.2", + "name": "constantinople", + "version": "3.1.2", + "description": "Determine whether a JavaScript expression evaluates to a constant (using acorn)", + "hashes": [ + { + "alg": "SHA-1", + "content": "d45ed724f57d3d10500017a7d3a889c1381ae647" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/constantinople@3.1.2", + "externalReferences": [ + { + "url": "https://github.com/ForbesLindesay/constantinople#readme", + "type": "website" + }, + { + "url": "https://github.com/ForbesLindesay/constantinople/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/ForbesLindesay/constantinople.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/%40types/babel-types@7.0.8", + "group": "@types", + "name": "babel-types", + "version": "7.0.8", + "description": "TypeScript definitions for babel-types", + "hashes": [ + { + "alg": "SHA-1", + "content": "267f405bda841ffae731e7714166b88254cc3e19" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babel-types@7.0.8", + "externalReferences": [ + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/%40types/babylon@6.16.5", + "group": "@types", + "name": "babylon", + "version": "6.16.5", + "description": "TypeScript definitions for babylon", + "hashes": [ + { + "alg": "SHA-1", + "content": "1c5641db69eb8cdf378edd25b4be7754beeb48b4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/babylon@6.16.5", + "externalReferences": [ + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/babel-types@6.26.0", + "name": "babel-types", + "version": "6.26.0", + "description": "Babel Types is a Lodash-esque utility library for AST nodes", + "hashes": [ + { + "alg": "SHA-1", + "content": "a3b073f94ab49eb6fa55cd65227a334380632497" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babel-types@6.26.0", + "externalReferences": [ + { + "url": "https://babeljs.io/", + "type": "website" + }, + { + "url": "https://github.com/babel/babel/tree/master/packages/babel-types", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/to-fast-properties@1.0.3", + "name": "to-fast-properties", + "version": "1.0.3", + "description": "Force V8 to use fast properties for an object", + "hashes": [ + { + "alg": "SHA-1", + "content": "b83571fa4d8c25b82e231b06e3a3055de4ca1a47" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/to-fast-properties@1.0.3", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/to-fast-properties#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/to-fast-properties/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/to-fast-properties.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/babylon@6.18.0", + "name": "babylon", + "version": "6.18.0", + "description": "A JavaScript parser", + "hashes": [ + { + "alg": "SHA-1", + "content": "af2f3b88fa6f5c1e4c634d1a0f8eac4f55b395e3" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/babylon@6.18.0", + "externalReferences": [ + { + "url": "https://babeljs.io/", + "type": "website" + }, + { + "url": "https://github.com/babel/babylon/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/babel/babylon.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/doctypes@1.1.0", + "name": "doctypes", + "version": "1.1.0", + "description": "Shorthands for commonly used doctypes", + "hashes": [ + { + "alg": "SHA-1", + "content": "ea80b106a87538774e8a3a4a5afe293de489e0a9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/doctypes@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/pugjs/doctypes#readme", + "type": "website" + }, + { + "url": "https://github.com/pugjs/doctypes/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/pugjs/doctypes.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/js-stringify@1.0.2", + "name": "js-stringify", + "version": "1.0.2", + "description": "Stringify an object so it can be safely inlined in JavaScript code", + "hashes": [ + { + "alg": "SHA-1", + "content": "1736fddfd9724f28a3682adc6230ae7e4e9679db" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/js-stringify@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/jadejs/js-stringify#readme", + "type": "website" + }, + { + "url": "https://github.com/jadejs/js-stringify/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jadejs/js-stringify.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pug-attrs@2.0.4", + "name": "pug-attrs", + "version": "2.0.4", + "description": "Generate code for Pug attributes", + "hashes": [ + { + "alg": "SHA-1", + "content": "b2f44c439e4eb4ad5d4ef25cac20d18ad28cc336" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pug-attrs@2.0.4", + "externalReferences": [ + { + "url": "https://github.com/pugjs/pug/tree/master/packages/pug-attrs", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pug-runtime@2.0.5", + "name": "pug-runtime", + "version": "2.0.5", + "description": "The runtime components for the pug templating language", + "hashes": [ + { + "alg": "SHA-1", + "content": "6da7976c36bf22f68e733c359240d8ae7a32953a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pug-runtime@2.0.5", + "externalReferences": [ + { + "url": "https://github.com/pugjs/pug/tree/master/packages/pug-runtime", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pug-error@1.3.3", + "name": "pug-error", + "version": "1.3.3", + "description": "Standard error objects for pug", + "hashes": [ + { + "alg": "SHA-1", + "content": "f342fb008752d58034c185de03602dd9ffe15fa6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pug-error@1.3.3", + "externalReferences": [ + { + "url": "https://github.com/pugjs/pug/tree/master/packages/pug-error", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/void-elements@2.0.1", + "name": "void-elements", + "version": "2.0.1", + "description": "Array of \u0022void elements\u0022 defined by the HTML specification.", + "hashes": [ + { + "alg": "SHA-1", + "content": "c066afb582bb1cb4128d60ea92392e94d5e9dbec" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/void-elements@2.0.1", + "externalReferences": [ + { + "url": "https://github.com/hemanth/void-elements", + "type": "website" + }, + { + "url": "https://github.com/hemanth/void-elements/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/hemanth/void-elements.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/with@5.1.1", + "name": "with", + "version": "5.1.1", + "description": "Compile time \u0060with\u0060 for strict mode JavaScript", + "hashes": [ + { + "alg": "SHA-1", + "content": "fa4daa92daf32c4ea94ed453c81f04686b575dfe" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/with@5.1.1", + "externalReferences": [ + { + "url": "https://github.com/pugjs/with#readme", + "type": "website" + }, + { + "url": "https://github.com/pugjs/with/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/pugjs/with.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/acorn@3.3.0", + "name": "acorn", + "version": "3.3.0", + "description": "ECMAScript parser", + "hashes": [ + { + "alg": "SHA-1", + "content": "45e37fb39e8da3f25baee3ff5369e2bb5f22017a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@3.3.0", + "externalReferences": [ + { + "url": "https://github.com/ternjs/acorn", + "type": "website" + }, + { + "url": "https://github.com/ternjs/acorn/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/ternjs/acorn.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/acorn-globals@3.1.0", + "name": "acorn-globals", + "version": "3.1.0", + "description": "Detect global variables in JavaScript using acorn", + "hashes": [ + { + "alg": "SHA-1", + "content": "fd8270f71fbb4996b004fa880ee5d46573a731bf" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn-globals@3.1.0", + "externalReferences": [ + { + "url": "https://github.com/ForbesLindesay/acorn-globals#readme", + "type": "website" + }, + { + "url": "https://github.com/ForbesLindesay/acorn-globals/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/ForbesLindesay/acorn-globals.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/acorn@4.0.13", + "name": "acorn", + "version": "4.0.13", + "description": "ECMAScript parser", + "hashes": [ + { + "alg": "SHA-1", + "content": "105495ae5361d697bd195c825192e1ad7f253787" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/acorn@4.0.13", + "externalReferences": [ + { + "url": "https://github.com/ternjs/acorn", + "type": "website" + }, + { + "url": "https://github.com/ternjs/acorn/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/ternjs/acorn.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pug-filters@3.1.1", + "name": "pug-filters", + "version": "3.1.1", + "description": "Code for processing filters in pug templates", + "hashes": [ + { + "alg": "SHA-1", + "content": "ab2cc82db9eeccf578bda89130e252a0db026aa7" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pug-filters@3.1.1", + "externalReferences": [ + { + "url": "https://github.com/pugjs/pug/tree/master/packages/pug-filters", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/clean-css@4.2.3", + "name": "clean-css", + "version": "4.2.3", + "description": "A well-tested CSS minifier", + "hashes": [ + { + "alg": "SHA-1", + "content": "507b5de7d97b48ee53d84adb0160ff6216380f78" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/clean-css@4.2.3", + "externalReferences": [ + { + "url": "https://github.com/jakubpawlowicz/clean-css", + "type": "website" + }, + { + "url": "https://github.com/jakubpawlowicz/clean-css/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jakubpawlowicz/clean-css.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/jstransformer@1.0.0", + "name": "jstransformer", + "version": "1.0.0", + "description": "Normalize the API of any jstransformer", + "hashes": [ + { + "alg": "SHA-1", + "content": "ed8bf0921e2f3f1ed4d5c1a44f68709ed24722c3" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jstransformer@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/jstransformers/jstransformer#readme", + "type": "website" + }, + { + "url": "https://github.com/jstransformers/jstransformer/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jstransformers/jstransformer.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-promise@2.2.2", + "name": "is-promise", + "version": "2.2.2", + "description": "Test whether an object looks like a promises-a\u002B promise", + "hashes": [ + { + "alg": "SHA-1", + "content": "39ab959ccbf9a774cf079f7b40c7a26f763135f1" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-promise@2.2.2", + "externalReferences": [ + { + "url": "https://github.com/then/is-promise#readme", + "type": "website" + }, + { + "url": "https://github.com/then/is-promise/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/then/is-promise.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/promise@7.3.1", + "name": "promise", + "version": "7.3.1", + "description": "Bare bones Promises/A\u002B implementation", + "hashes": [ + { + "alg": "SHA-1", + "content": "064b72602b18f90f29192b8b1bc418ffd1ebd3bf" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/promise@7.3.1", + "externalReferences": [ + { + "url": "https://github.com/then/promise#readme", + "type": "website" + }, + { + "url": "https://github.com/then/promise/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/then/promise.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/asap@2.0.6", + "name": "asap", + "version": "2.0.6", + "description": "High-priority task queue for Node.js and browsers", + "hashes": [ + { + "alg": "SHA-1", + "content": "e50347611d7e690943208bbdafebcbc2fb866d46" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/asap@2.0.6", + "externalReferences": [ + { + "url": "https://github.com/kriskowal/asap#readme", + "type": "website" + }, + { + "url": "https://github.com/kriskowal/asap/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/kriskowal/asap.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pug-walk@1.1.8", + "name": "pug-walk", + "version": "1.1.8", + "description": "Walk and transform a pug AST", + "hashes": [ + { + "alg": "SHA-1", + "content": "b408f67f27912f8c21da2f45b7230c4bd2a5ea7a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pug-walk@1.1.8", + "externalReferences": [ + { + "url": "https://github.com/pugjs/pug/tree/master/packages/pug-walk", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/uglify-js@2.8.29", + "name": "uglify-js", + "version": "2.8.29", + "description": "JavaScript parser, mangler/compressor and beautifier toolkit", + "hashes": [ + { + "alg": "SHA-1", + "content": "29c5733148057bb4e1f75df35b7a9cb72e6a59dd" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/uglify-js@2.8.29", + "externalReferences": [ + { + "url": "http://lisperator.net/uglifyjs", + "type": "website" + }, + { + "url": "https://github.com/mishoo/UglifyJS2/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mishoo/UglifyJS2.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/yargs@3.10.0", + "name": "yargs", + "version": "3.10.0", + "description": "Light-weight option parsing with an argv hash. No optstrings attached.", + "hashes": [ + { + "alg": "SHA-1", + "content": "f7ee7bd857dd7c1d2d38c0e74efbd681d1431fd1" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@3.10.0", + "externalReferences": [ + { + "url": "https://github.com/bcoe/yargs#readme", + "type": "website" + }, + { + "url": "https://github.com/bcoe/yargs/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/bcoe/yargs.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/camelcase@1.2.1", + "name": "camelcase", + "version": "1.2.1", + "description": "Convert a dash/dot/underscore/space separated string to camelCase: foo-bar \u2192 fooBar", + "hashes": [ + { + "alg": "SHA-1", + "content": "9bb5304d2e0b56698b2c758b08a3eaa9daa58a39" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@1.2.1", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/camelcase.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/cliui@2.1.0", + "name": "cliui", + "version": "2.1.0", + "description": "easily create complex multi-column command-line-interfaces", + "hashes": [ + { + "alg": "SHA-1", + "content": "4b475760ff80264c762c3a1719032e91c7fea0d1" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@2.1.0", + "externalReferences": [ + { + "url": "https://github.com/bcoe/cliui#readme", + "type": "website" + }, + { + "url": "https://github.com/bcoe/cliui/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/bcoe/cliui.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/center-align@0.1.3", + "name": "center-align", + "version": "0.1.3", + "description": "Center-align the text in a string.", + "hashes": [ + { + "alg": "SHA-1", + "content": "aa0d32629b6ee972200411cbd4461c907bc2b7ad" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/center-align@0.1.3", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/center-align", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/center-align/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/center-align.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/align-text@0.1.4", + "name": "align-text", + "version": "0.1.4", + "description": "Align the text in a string.", + "hashes": [ + { + "alg": "SHA-1", + "content": "0cd90a561093f35d0a99256c22b7069433fad117" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/align-text@0.1.4", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/align-text", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/align-text/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/jonschlinkert/align-text.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/longest@1.0.1", + "name": "longest", + "version": "1.0.1", + "description": "Get the longest item in an array.", + "hashes": [ + { + "alg": "SHA-1", + "content": "30a0b2da38f73770e8294a0d22e6625ed77d0097" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/longest@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/longest", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/longest/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/longest.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/lazy-cache@1.0.4", + "name": "lazy-cache", + "version": "1.0.4", + "description": "Cache requires to be lazy-loaded when needed.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a1d78fc3a50474cb80845d3b3b6e1da49a446e8e" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lazy-cache@1.0.4", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/lazy-cache", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/lazy-cache/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/lazy-cache.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/right-align@0.1.3", + "name": "right-align", + "version": "0.1.3", + "description": "Right-align the text in a string.", + "hashes": [ + { + "alg": "SHA-1", + "content": "61339b722fe6a3515689210d24e14c96148613ef" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/right-align@0.1.3", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/right-align", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/right-align/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/jonschlinkert/right-align.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/wordwrap@0.0.2", + "name": "wordwrap", + "version": "0.0.2", + "description": "Wrap those words. Show them at what columns to start and stop.", + "hashes": [ + { + "alg": "SHA-1", + "content": "b79669bb42ecb409f83d583cad52ca17eaa1643f" + } + ], + "licenses": [ + { + "license": { + "name": "MIT/X11" + } + } + ], + "purl": "pkg:npm/wordwrap@0.0.2", + "externalReferences": [ + { + "url": "https://github.com/substack/node-wordwrap#readme", + "type": "website" + }, + { + "url": "https://github.com/substack/node-wordwrap/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/substack/node-wordwrap.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/window-size@0.1.0", + "name": "window-size", + "version": "0.1.0", + "description": "Reliable way to to get the height and width of the terminal/console in a node.js environment.", + "hashes": [ + { + "alg": "SHA-1", + "content": "5438cd2ea93b202efa3a19fe8887aee7c94f9c9d" + } + ], + "purl": "pkg:npm/window-size@0.1.0", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/window-size", + "type": "website" + }, + { + "url": "https://github.com/jonschlinkert/window-size/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jonschlinkert/window-size.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pug-lexer@4.1.0", + "name": "pug-lexer", + "version": "4.1.0", + "description": "The pug lexer (takes a string and converts it to an array of tokens)", + "hashes": [ + { + "alg": "SHA-1", + "content": "531cde48c7c0b1fcbbc2b85485c8665e31489cfd" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pug-lexer@4.1.0", + "externalReferences": [ + { + "url": "https://github.com/pugjs/pug/tree/master/packages/pug-lexer", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/character-parser@2.2.0", + "name": "character-parser", + "version": "2.2.0", + "description": "Parse JavaScript one character at a time to look for snippets in Templates. This is not a validator, it\u0027s just designed to allow you to have sections of JavaScript delimited by brackets robustly.", + "hashes": [ + { + "alg": "SHA-1", + "content": "c7ce28f36d4bcd9744e5ffc2c5fcde1c73261fc0" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/character-parser@2.2.0", + "externalReferences": [ + { + "url": "https://github.com/ForbesLindesay/character-parser#readme", + "type": "website" + }, + { + "url": "https://github.com/ForbesLindesay/character-parser/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/ForbesLindesay/character-parser.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-expression@3.0.0", + "name": "is-expression", + "version": "3.0.0", + "description": "Check if a string is a valid JavaScript expression", + "hashes": [ + { + "alg": "SHA-1", + "content": "39acaa6be7fd1f3471dc42c7416e61c24317ac9f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-expression@3.0.0", + "externalReferences": [ + { + "url": "https://github.com/pugjs/is-expression#readme", + "type": "website" + }, + { + "url": "https://github.com/pugjs/is-expression/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/pugjs/is-expression.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pug-linker@3.0.6", + "name": "pug-linker", + "version": "3.0.6", + "description": "Link multiple pug ASTs together using include/extends", + "hashes": [ + { + "alg": "SHA-1", + "content": "f5bf218b0efd65ce6670f7afc51658d0f82989fb" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pug-linker@3.0.6", + "externalReferences": [ + { + "url": "https://github.com/pugjs/pug/tree/master/packages/pug-linker", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pug-load@2.0.12", + "name": "pug-load", + "version": "2.0.12", + "description": "The Pug loader is responsible for loading the depenendencies of a given Pug file.", + "hashes": [ + { + "alg": "SHA-1", + "content": "d38c85eb85f6e2f704dea14dcca94144d35d3e7b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pug-load@2.0.12", + "externalReferences": [ + { + "url": "https://github.com/pugjs/pug/tree/master/packages/pug-load", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pug-parser@5.0.1", + "name": "pug-parser", + "version": "5.0.1", + "description": "The pug parser (takes an array of tokens and converts it to an abstract syntax tree)", + "hashes": [ + { + "alg": "SHA-1", + "content": "03e7ada48b6840bd3822f867d7d90f842d0ffdc9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pug-parser@5.0.1", + "externalReferences": [ + { + "url": "https://github.com/pugjs/pug/tree/master/packages/pug-parser", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/token-stream@0.0.1", + "name": "token-stream", + "version": "0.0.1", + "description": "Take an array of token and produce a more useful API to give to a parser", + "hashes": [ + { + "alg": "SHA-1", + "content": "ceeefc717a76c4316f126d0b9dbaa55d7e7df01a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/token-stream@0.0.1", + "externalReferences": [ + { + "url": "https://github.com/jadejs/token-stream#readme", + "type": "website" + }, + { + "url": "https://github.com/jadejs/token-stream/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jadejs/token-stream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pug-strip-comments@1.0.4", + "name": "pug-strip-comments", + "version": "1.0.4", + "description": "Strip comments from a Pug token stream (from the lexer)", + "hashes": [ + { + "alg": "SHA-1", + "content": "cc1b6de1f6e8f5931cf02ec66cdffd3f50eaf8a8" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pug-strip-comments@1.0.4", + "externalReferences": [ + { + "url": "https://github.com/pugjs/pug/tree/master/packages/pug-strip-comments", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/replace@1.2.0", + "name": "replace", + "version": "1.2.0", + "description": "Command line search and replace utility", + "hashes": [ + { + "alg": "SHA-1", + "content": "a25da288841aab22f0f7e95dc1d249dbd2ed6e26" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/replace@1.2.0", + "externalReferences": [ + { + "url": "https://github.com/ALMaclaine/replace#readme", + "type": "website" + }, + { + "url": "https://github.com/ALMaclaine/replace/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/ALMaclaine/replace.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/yargs@15.4.1", + "name": "yargs", + "version": "15.4.1", + "description": "yargs the modern, pirate-themed, successor to optimist.", + "hashes": [ + { + "alg": "SHA-1", + "content": "0d87a16de01aee9d8bec2bfbf74f67851730f4f8" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@15.4.1", + "externalReferences": [ + { + "url": "https://yargs.js.org/", + "type": "website" + }, + { + "url": "https://github.com/yargs/yargs/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/yargs/yargs.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/cliui@6.0.0", + "name": "cliui", + "version": "6.0.0", + "description": "easily create complex multi-column command-line-interfaces", + "hashes": [ + { + "alg": "SHA-1", + "content": "511d702c0c4e41ca156d7d0e96021f23e13225b1" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@6.0.0", + "externalReferences": [ + { + "url": "https://github.com/yargs/cliui#readme", + "type": "website" + }, + { + "url": "https://github.com/yargs/cliui/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/yargs/cliui.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/string-width@4.2.0", + "name": "string-width", + "version": "4.2.0", + "description": "Get the visual width of a string - the number of columns required to display it", + "hashes": [ + { + "alg": "SHA-1", + "content": "952182c46cc7b2c313d1596e623992bd163b72b5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@4.2.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/string-width#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/string-width.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/emoji-regex@8.0.0", + "name": "emoji-regex", + "version": "8.0.0", + "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.", + "hashes": [ + { + "alg": "SHA-1", + "content": "e818fd69ce5ccfcb404594f842963bf53164cc37" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/emoji-regex@8.0.0", + "externalReferences": [ + { + "url": "https://mths.be/emoji-regex", + "type": "website" + }, + { + "url": "https://github.com/mathiasbynens/emoji-regex/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mathiasbynens/emoji-regex.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-fullwidth-code-point@3.0.0", + "name": "is-fullwidth-code-point", + "version": "3.0.0", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "hashes": [ + { + "alg": "SHA-1", + "content": "f116f8064fe90b3f7844a38997c0b75051269f1d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@3.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/strip-ansi@6.0.0", + "name": "strip-ansi", + "version": "6.0.0", + "description": "Strip ANSI escape codes from a string", + "hashes": [ + { + "alg": "SHA-1", + "content": "0b1571dd7669ccd4f3e06e14ef1eed26225ae532" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@6.0.0", + "externalReferences": [ + { + "url": "https://github.com/chalk/strip-ansi#readme", + "type": "website" + }, + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/chalk/strip-ansi.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ansi-regex@5.0.0", + "name": "ansi-regex", + "version": "5.0.0", + "description": "Regular expression for matching ANSI escape codes", + "hashes": [ + { + "alg": "SHA-1", + "content": "388539f55179bf39339c81af30a654d69f87cb75" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@5.0.0", + "externalReferences": [ + { + "url": "https://github.com/chalk/ansi-regex#readme", + "type": "website" + }, + { + "url": "https://github.com/chalk/ansi-regex/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/chalk/ansi-regex.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/wrap-ansi@6.2.0", + "name": "wrap-ansi", + "version": "6.2.0", + "description": "Wordwrap a string with ANSI escape codes", + "hashes": [ + { + "alg": "SHA-1", + "content": "e9393ba07102e6c91a3b221478f0257cd2856e53" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@6.2.0", + "externalReferences": [ + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website" + }, + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/chalk/wrap-ansi.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ansi-styles@4.2.1", + "name": "ansi-styles", + "version": "4.2.1", + "description": "ANSI escape codes for styling strings in the terminal", + "hashes": [ + { + "alg": "SHA-1", + "content": "90ae75c424d008d2624c5bf29ead3177ebfcf359" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-styles@4.2.1", + "externalReferences": [ + { + "url": "https://github.com/chalk/ansi-styles#readme", + "type": "website" + }, + { + "url": "https://github.com/chalk/ansi-styles/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/chalk/ansi-styles.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/%40types/color-name@1.1.1", + "group": "@types", + "name": "color-name", + "version": "1.1.1", + "description": "TypeScript definitions for color-name", + "hashes": [ + { + "alg": "SHA-1", + "content": "1c1261bbeaa10a8055bbc5d8ab84b7b2afc846a0" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/color-name@1.1.1", + "externalReferences": [ + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/color-convert@2.0.1", + "name": "color-convert", + "version": "2.0.1", + "description": "Plain color conversion functions", + "hashes": [ + { + "alg": "SHA-1", + "content": "72d3a68d598c9bdb3af2ad1e84f21d896abd4de3" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-convert@2.0.1", + "externalReferences": [ + { + "url": "https://github.com/Qix-/color-convert#readme", + "type": "website" + }, + { + "url": "https://github.com/Qix-/color-convert/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/Qix-/color-convert.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/color-name@1.1.4", + "name": "color-name", + "version": "1.1.4", + "description": "A list of color names and its values", + "hashes": [ + { + "alg": "SHA-1", + "content": "c2a09a87acbde69543de6f63fa3995c826c536a2" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-name@1.1.4", + "externalReferences": [ + { + "url": "https://github.com/colorjs/color-name", + "type": "website" + }, + { + "url": "https://github.com/colorjs/color-name/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/colorjs/color-name.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/find-up@4.1.0", + "name": "find-up", + "version": "4.1.0", + "description": "Find a file or directory by walking up parent directories", + "hashes": [ + { + "alg": "SHA-1", + "content": "97afe7d6cdc0bc5928584b7c8d7b16e8a9aa5d19" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@4.1.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/find-up#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/find-up.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/locate-path@5.0.0", + "name": "locate-path", + "version": "5.0.0", + "description": "Get the first path that exists on disk of multiple paths", + "hashes": [ + { + "alg": "SHA-1", + "content": "1afba396afd676a6d42504d0a67a3a7eb9f62aa0" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/locate-path@5.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/locate-path#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/locate-path/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/locate-path.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/p-locate@4.1.0", + "name": "p-locate", + "version": "4.1.0", + "description": "Get the first fulfilled promise that satisfies the provided testing function", + "hashes": [ + { + "alg": "SHA-1", + "content": "a3428bb7088b3a60292f66919278b7c297ad4f07" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/p-locate@4.1.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/p-locate#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/p-locate/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/p-locate.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/path-exists@4.0.0", + "name": "path-exists", + "version": "4.0.0", + "description": "Check if a path exists", + "hashes": [ + { + "alg": "SHA-1", + "content": "513bdbe2d3b95d7762e8c1137efa195c6c61b5b3" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-exists@4.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/path-exists#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/path-exists/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/path-exists.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/yargs-parser@18.1.3", + "name": "yargs-parser", + "version": "18.1.3", + "description": "the mighty option parser used by yargs", + "hashes": [ + { + "alg": "SHA-1", + "content": "be68c4975c6b2abf469236b0c870362fab09a7b0" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@18.1.3", + "externalReferences": [ + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website" + }, + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/yargs/yargs-parser.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/request@2.88.2", + "name": "request", + "version": "2.88.2", + "description": "Simplified HTTP request client.", + "hashes": [ + { + "alg": "SHA-1", + "content": "d73c918731cb5a87da047e207234146f664d12b3" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/request@2.88.2", + "externalReferences": [ + { + "url": "https://github.com/request/request#readme", + "type": "website" + }, + { + "url": "http://github.com/request/request/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/request/request.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/aws-sign2@0.7.0", + "name": "aws-sign2", + "version": "0.7.0", + "description": "AWS signing. Originally pulled from LearnBoost/knox, maintained as vendor in request, now a standalone module.", + "hashes": [ + { + "alg": "SHA-1", + "content": "b46e890934a9591f2d2f6f86d7e6a9f1b3fe76a8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/aws-sign2@0.7.0", + "externalReferences": [ + { + "url": "https://github.com/mikeal/aws-sign#readme", + "type": "website" + }, + { + "url": "https://github.com/mikeal/aws-sign/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mikeal/aws-sign.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/aws4@1.10.0", + "name": "aws4", + "version": "1.10.0", + "description": "Signs and prepares requests using AWS Signature Version 4", + "hashes": [ + { + "alg": "SHA-1", + "content": "a17b3a8ea811060e74d47d306122400ad4497ae2" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/aws4@1.10.0", + "externalReferences": [ + { + "url": "https://github.com/mhart/aws4#readme", + "type": "website" + }, + { + "url": "https://github.com/mhart/aws4/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mhart/aws4.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/caseless@0.12.0", + "name": "caseless", + "version": "0.12.0", + "description": "Caseless object set/get/has, very useful when working with HTTP headers.", + "hashes": [ + { + "alg": "SHA-1", + "content": "1b681c21ff84033c826543090689420d187151dc" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/caseless@0.12.0", + "externalReferences": [ + { + "url": "https://github.com/mikeal/caseless#readme", + "type": "website" + }, + { + "url": "https://github.com/mikeal/caseless/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mikeal/caseless.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/combined-stream@1.0.8", + "name": "combined-stream", + "version": "1.0.8", + "description": "A stream that emits multiple other streams one after another.", + "hashes": [ + { + "alg": "SHA-1", + "content": "c3d45a8b34fd730631a110a8a2520682b31d5a7f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/combined-stream@1.0.8", + "externalReferences": [ + { + "url": "https://github.com/felixge/node-combined-stream", + "type": "website" + }, + { + "url": "https://github.com/felixge/node-combined-stream/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/felixge/node-combined-stream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/delayed-stream@1.0.0", + "name": "delayed-stream", + "version": "1.0.0", + "description": "Buffers events from a stream until you are ready to handle them.", + "hashes": [ + { + "alg": "SHA-1", + "content": "df3ae199acadfb7d440aaae0b29e2272b24ec619" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/delayed-stream@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/felixge/node-delayed-stream", + "type": "website" + }, + { + "url": "https://github.com/felixge/node-delayed-stream/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/felixge/node-delayed-stream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/forever-agent@0.6.1", + "name": "forever-agent", + "version": "0.6.1", + "description": "HTTP Agent that keeps socket connections alive between keep-alive requests. Formerly part of mikeal/request, now a standalone module.", + "hashes": [ + { + "alg": "SHA-1", + "content": "fbc71f0c41adeb37f96c577ad1ed42d8fdacca91" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/forever-agent@0.6.1", + "externalReferences": [ + { + "url": "https://github.com/mikeal/forever-agent#readme", + "type": "website" + }, + { + "url": "https://github.com/mikeal/forever-agent/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mikeal/forever-agent.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/form-data@2.3.3", + "name": "form-data", + "version": "2.3.3", + "description": "A library to create readable \u0022multipart/form-data\u0022 streams. Can be used to submit forms and file uploads to other web applications.", + "hashes": [ + { + "alg": "SHA-1", + "content": "dcce52c05f644f298c6a7ab936bd724ceffbf3a6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/form-data@2.3.3", + "externalReferences": [ + { + "url": "https://github.com/form-data/form-data#readme", + "type": "website" + }, + { + "url": "https://github.com/form-data/form-data/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/form-data/form-data.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/asynckit@0.4.0", + "name": "asynckit", + "version": "0.4.0", + "description": "Minimal async jobs utility library, with streams support", + "hashes": [ + { + "alg": "SHA-1", + "content": "c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/asynckit@0.4.0", + "externalReferences": [ + { + "url": "https://github.com/alexindigo/asynckit#readme", + "type": "website" + }, + { + "url": "https://github.com/alexindigo/asynckit/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/alexindigo/asynckit.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/har-validator@5.1.3", + "name": "har-validator", + "version": "5.1.3", + "description": "Extremely fast HTTP Archive (HAR) validator using JSON Schema", + "hashes": [ + { + "alg": "SHA-1", + "content": "1ef89ebd3e4996557675eed9893110dc350fa080" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/har-validator@5.1.3", + "externalReferences": [ + { + "url": "https://github.com/ahmadnassri/node-har-validator", + "type": "website" + }, + { + "url": "https://github.com/ahmadnassri/node-har-validator/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/ahmadnassri/node-har-validator.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ajv@6.12.3", + "name": "ajv", + "version": "6.12.3", + "description": "Another JSON Schema Validator", + "hashes": [ + { + "alg": "SHA-1", + "content": "18c5af38a111ddeb4f2697bd78d68abc1cabd706" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ajv@6.12.3", + "externalReferences": [ + { + "url": "https://github.com/ajv-validator/ajv", + "type": "website" + }, + { + "url": "https://github.com/ajv-validator/ajv/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/ajv-validator/ajv.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/fast-deep-equal@3.1.3", + "name": "fast-deep-equal", + "version": "3.1.3", + "description": "Fast deep equal", + "hashes": [ + { + "alg": "SHA-1", + "content": "3a7d56b559d6cbc3eb512325244e619a65c6c525" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-deep-equal@3.1.3", + "externalReferences": [ + { + "url": "https://github.com/epoberezkin/fast-deep-equal#readme", + "type": "website" + }, + { + "url": "https://github.com/epoberezkin/fast-deep-equal/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/epoberezkin/fast-deep-equal.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/fast-json-stable-stringify@2.1.0", + "name": "fast-json-stable-stringify", + "version": "2.1.0", + "description": "deterministic \u0060JSON.stringify()\u0060 - a faster version of substack\u0027s json-stable-strigify without jsonify", + "hashes": [ + { + "alg": "SHA-1", + "content": "874bf69c6f404c2b5d99c481341399fd55892633" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-json-stable-stringify@2.1.0", + "externalReferences": [ + { + "url": "https://github.com/epoberezkin/fast-json-stable-stringify", + "type": "website" + }, + { + "url": "https://github.com/epoberezkin/fast-json-stable-stringify/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/epoberezkin/fast-json-stable-stringify.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/json-schema-traverse@0.4.1", + "name": "json-schema-traverse", + "version": "0.4.1", + "description": "Traverse JSON Schema passing each schema object to callback", + "hashes": [ + { + "alg": "SHA-1", + "content": "69f6a87d9513ab8bb8fe63bdb0979c448e684660" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/json-schema-traverse@0.4.1", + "externalReferences": [ + { + "url": "https://github.com/epoberezkin/json-schema-traverse#readme", + "type": "website" + }, + { + "url": "https://github.com/epoberezkin/json-schema-traverse/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/epoberezkin/json-schema-traverse.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/uri-js@4.2.2", + "name": "uri-js", + "version": "4.2.2", + "description": "An RFC 3986/3987 compliant, scheme extendable URI/IRI parsing/validating/resolving library for JavaScript.", + "hashes": [ + { + "alg": "SHA-1", + "content": "94c540e1ff772956e2299507c010aea6c8838eb0" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/uri-js@4.2.2", + "externalReferences": [ + { + "url": "https://github.com/garycourt/uri-js", + "type": "website" + }, + { + "url": "https://github.com/garycourt/uri-js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/garycourt/uri-js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/punycode@2.1.1", + "name": "punycode", + "version": "2.1.1", + "description": "A robust Punycode converter that fully complies to RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms.", + "hashes": [ + { + "alg": "SHA-1", + "content": "b58b010ac40c22c5657616c8d2c2c02c7bf479ec" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/punycode@2.1.1", + "externalReferences": [ + { + "url": "https://mths.be/punycode", + "type": "website" + }, + { + "url": "https://github.com/bestiejs/punycode.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/bestiejs/punycode.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/har-schema@2.0.0", + "name": "har-schema", + "version": "2.0.0", + "description": "JSON Schema for HTTP Archive (HAR)", + "hashes": [ + { + "alg": "SHA-1", + "content": "a94c2224ebcac04782a0d9035521f24735b7ec92" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/har-schema@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/ahmadnassri/har-schema", + "type": "website" + }, + { + "url": "https://github.com/ahmadnassri/har-schema/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/ahmadnassri/har-schema.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/http-signature@1.2.0", + "name": "http-signature", + "version": "1.2.0", + "description": "Reference implementation of Joyent\u0027s HTTP Signature scheme.", + "hashes": [ + { + "alg": "SHA-1", + "content": "9aecd925114772f3d95b65a60abb8f7c18fbace1" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http-signature@1.2.0", + "externalReferences": [ + { + "url": "https://github.com/joyent/node-http-signature/", + "type": "website" + }, + { + "url": "https://github.com/joyent/node-http-signature/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/joyent/node-http-signature.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/assert-plus@1.0.0", + "name": "assert-plus", + "version": "1.0.0", + "description": "Extra assertions on top of node\u0027s assert module", + "hashes": [ + { + "alg": "SHA-1", + "content": "f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/assert-plus@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/mcavage/node-assert-plus#readme", + "type": "website" + }, + { + "url": "https://github.com/mcavage/node-assert-plus/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mcavage/node-assert-plus.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/jsprim@1.4.1", + "name": "jsprim", + "version": "1.4.1", + "description": "utilities for primitive JavaScript types", + "hashes": [ + { + "alg": "SHA-1", + "content": "313e66bc1e5cc06e438bc1b7499c2e5c56acb6a2" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsprim@1.4.1", + "externalReferences": [ + { + "url": "https://github.com/joyent/node-jsprim#readme", + "type": "website" + }, + { + "url": "https://github.com/joyent/node-jsprim/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/joyent/node-jsprim.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/extsprintf@1.3.0", + "name": "extsprintf", + "version": "1.3.0", + "description": "extended POSIX-style sprintf", + "hashes": [ + { + "alg": "SHA-1", + "content": "96918440e3041a7a414f8c52e3c574eb3c3e1e05" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/extsprintf@1.3.0", + "externalReferences": [ + { + "url": "https://github.com/davepacheco/node-extsprintf#readme", + "type": "website" + }, + { + "url": "https://github.com/davepacheco/node-extsprintf/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/davepacheco/node-extsprintf.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/json-schema@0.2.3", + "name": "json-schema", + "version": "0.2.3", + "description": "JSON Schema validation and specifications", + "hashes": [ + { + "alg": "SHA-1", + "content": "b480c892e59a2f05954ce727bd3f2a4e882f9e13" + } + ], + "purl": "pkg:npm/json-schema@0.2.3", + "externalReferences": [ + { + "url": "https://github.com/kriszyp/json-schema#readme", + "type": "website" + }, + { + "url": "https://github.com/kriszyp/json-schema/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/kriszyp/json-schema.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/verror@1.10.0", + "name": "verror", + "version": "1.10.0", + "description": "richer JavaScript errors", + "hashes": [ + { + "alg": "SHA-1", + "content": "3a105ca17053af55d6e270c1f8288682e18da400" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/verror@1.10.0", + "externalReferences": [ + { + "url": "https://github.com/davepacheco/node-verror#readme", + "type": "website" + }, + { + "url": "https://github.com/davepacheco/node-verror/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/davepacheco/node-verror.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/sshpk@1.16.1", + "name": "sshpk", + "version": "1.16.1", + "description": "A library for finding and using SSH public keys", + "hashes": [ + { + "alg": "SHA-1", + "content": "fb661c0bef29b39db40769ee39fa70093d6f6877" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sshpk@1.16.1", + "externalReferences": [ + { + "url": "https://github.com/arekinath/node-sshpk#readme", + "type": "website" + }, + { + "url": "https://github.com/arekinath/node-sshpk/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/joyent/node-sshpk.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/asn1@0.2.4", + "name": "asn1", + "version": "0.2.4", + "description": "Contains parsers and serializers for ASN.1 (currently BER only)", + "hashes": [ + { + "alg": "SHA-1", + "content": "8d2475dfab553bb33e77b54e59e880bb8ce23136" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/asn1@0.2.4", + "externalReferences": [ + { + "url": "https://github.com/joyent/node-asn1#readme", + "type": "website" + }, + { + "url": "https://github.com/joyent/node-asn1/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/joyent/node-asn1.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/bcrypt-pbkdf@1.0.2", + "name": "bcrypt-pbkdf", + "version": "1.0.2", + "description": "Port of the OpenBSD bcrypt_pbkdf function to pure JS", + "hashes": [ + { + "alg": "SHA-1", + "content": "a4301d389b6a43f9b67ff3ca11a3f6637e360e9e" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/bcrypt-pbkdf@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/joyent/node-bcrypt-pbkdf#readme", + "type": "website" + }, + { + "url": "https://github.com/joyent/node-bcrypt-pbkdf/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/joyent/node-bcrypt-pbkdf.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/tweetnacl@0.14.5", + "name": "tweetnacl", + "version": "0.14.5", + "description": "Port of TweetNaCl cryptographic library to JavaScript", + "hashes": [ + { + "alg": "SHA-1", + "content": "5ae68177f192d4456269d108afa93ff8743f4f64" + } + ], + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/tweetnacl@0.14.5", + "externalReferences": [ + { + "url": "https://tweetnacl.js.org", + "type": "website" + }, + { + "url": "https://github.com/dchest/tweetnacl-js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/dchest/tweetnacl-js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/dashdash@1.14.1", + "name": "dashdash", + "version": "1.14.1", + "description": "A light, featureful and explicit option parsing library.", + "hashes": [ + { + "alg": "SHA-1", + "content": "853cfa0f7cbe2fed5de20326b8dd581035f6e2f0" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/dashdash@1.14.1", + "externalReferences": [ + { + "url": "https://github.com/trentm/node-dashdash#readme", + "type": "website" + }, + { + "url": "https://github.com/trentm/node-dashdash/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/trentm/node-dashdash.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ecc-jsbn@0.1.2", + "name": "ecc-jsbn", + "version": "0.1.2", + "description": "ECC JS code based on JSBN", + "hashes": [ + { + "alg": "SHA-1", + "content": "3a83a904e54353287874c564b7549386849a98c9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ecc-jsbn@0.1.2", + "externalReferences": [ + { + "url": "https://github.com/quartzjer/ecc-jsbn", + "type": "website" + }, + { + "url": "https://github.com/quartzjer/ecc-jsbn/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/quartzjer/ecc-jsbn.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/jsbn@0.1.1", + "name": "jsbn", + "version": "0.1.1", + "description": "The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a5e654c2e5a2deb5f201d96cefbca80c0ef2f513" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/jsbn@0.1.1", + "externalReferences": [ + { + "url": "https://github.com/andyperlitch/jsbn#readme", + "type": "website" + }, + { + "url": "https://github.com/andyperlitch/jsbn/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/andyperlitch/jsbn.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/getpass@0.1.7", + "name": "getpass", + "version": "0.1.7", + "description": "getpass for node.js", + "hashes": [ + { + "alg": "SHA-1", + "content": "5eff8e3e684d569ae4cb2b1282604e8ba62149fa" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/getpass@0.1.7", + "externalReferences": [ + { + "url": "https://github.com/arekinath/node-getpass#readme", + "type": "website" + }, + { + "url": "https://github.com/arekinath/node-getpass/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/arekinath/node-getpass.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-typedarray@1.0.0", + "name": "is-typedarray", + "version": "1.0.0", + "description": "Detect whether or not an object is a Typed Array", + "hashes": [ + { + "alg": "SHA-1", + "content": "e479c80858df0c1b11ddda6940f96011fcda4a9a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-typedarray@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/hughsk/is-typedarray", + "type": "website" + }, + { + "url": "https://github.com/hughsk/is-typedarray/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/hughsk/is-typedarray.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/isstream@0.1.2", + "name": "isstream", + "version": "0.1.2", + "description": "Determine if an object is a Stream", + "hashes": [ + { + "alg": "SHA-1", + "content": "47e63f7af55afa6f92e1500e690eb8b8529c099a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/isstream@0.1.2", + "externalReferences": [ + { + "url": "https://github.com/rvagg/isstream", + "type": "website" + }, + { + "url": "https://github.com/rvagg/isstream/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/rvagg/isstream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/json-stringify-safe@5.0.1", + "name": "json-stringify-safe", + "version": "5.0.1", + "description": "Like JSON.stringify, but doesn\u0027t blow up on circular refs.", + "hashes": [ + { + "alg": "SHA-1", + "content": "1296a2d58fd45f19a0f6ce01d65701e2c735b6eb" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/json-stringify-safe@5.0.1", + "externalReferences": [ + { + "url": "https://github.com/isaacs/json-stringify-safe", + "type": "website" + }, + { + "url": "https://github.com/isaacs/json-stringify-safe/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/isaacs/json-stringify-safe.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/oauth-sign@0.9.0", + "name": "oauth-sign", + "version": "0.9.0", + "description": "OAuth 1 signing. Formerly a vendor lib in mikeal/request, now a standalone module.", + "hashes": [ + { + "alg": "SHA-1", + "content": "47a7b016baa68b5fa0ecf3dee08a85c679ac6455" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/oauth-sign@0.9.0", + "externalReferences": [ + { + "url": "https://github.com/mikeal/oauth-sign#readme", + "type": "website" + }, + { + "url": "https://github.com/mikeal/oauth-sign/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mikeal/oauth-sign.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/performance-now@2.1.0", + "name": "performance-now", + "version": "2.1.0", + "description": "Implements performance.now (based on process.hrtime).", + "hashes": [ + { + "alg": "SHA-1", + "content": "6309f4e0e5fa913ec1c69307ae364b4b377c9e7b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/performance-now@2.1.0", + "externalReferences": [ + { + "url": "https://github.com/braveg1rl/performance-now", + "type": "website" + }, + { + "url": "https://github.com/braveg1rl/performance-now/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/braveg1rl/performance-now.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/qs@6.5.2", + "name": "qs", + "version": "6.5.2", + "description": "A querystring parser that supports nesting and arrays, with a depth limit", + "hashes": [ + { + "alg": "SHA-1", + "content": "cb3ae806e8740444584ef154ce8ee98d403f3e36" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/qs@6.5.2", + "externalReferences": [ + { + "url": "https://github.com/ljharb/qs", + "type": "website" + }, + { + "url": "https://github.com/ljharb/qs/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/ljharb/qs.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/tough-cookie@2.5.0", + "name": "tough-cookie", + "version": "2.5.0", + "description": "RFC6265 Cookies and Cookie Jar for node.js", + "hashes": [ + { + "alg": "SHA-1", + "content": "cd9fb2a0aa1d5a12b473bd9fb96fa3dcff65ade2" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/tough-cookie@2.5.0", + "externalReferences": [ + { + "url": "https://github.com/salesforce/tough-cookie", + "type": "website" + }, + { + "url": "https://github.com/salesforce/tough-cookie/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/salesforce/tough-cookie.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/psl@1.8.0", + "name": "psl", + "version": "1.8.0", + "description": "Domain name parser based on the Public Suffix List", + "hashes": [ + { + "alg": "SHA-1", + "content": "9326f8bcfb013adcc005fdff056acce020e51c24" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/psl@1.8.0", + "externalReferences": [ + { + "url": "https://github.com/lupomontero/psl#readme", + "type": "website" + }, + { + "url": "https://github.com/lupomontero/psl/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/lupomontero/psl.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/uuid@3.4.0", + "name": "uuid", + "version": "3.4.0", + "description": "RFC4122 (v1, v4, and v5) UUIDs", + "hashes": [ + { + "alg": "SHA-1", + "content": "b23e4358afa8a202fe7a100af1f5f883f02007ee" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/uuid@3.4.0", + "externalReferences": [ + { + "url": "https://github.com/uuidjs/uuid#readme", + "type": "website" + }, + { + "url": "https://github.com/uuidjs/uuid/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/uuidjs/uuid.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/sanitize-filename@1.6.3", + "name": "sanitize-filename", + "version": "1.6.3", + "description": "Sanitize a string for use as a filename", + "hashes": [ + { + "alg": "SHA-1", + "content": "755ebd752045931977e30b2025d340d7c9090378" + } + ], + "licenses": [ + { + "license": { + "name": "WTFPL OR ISC" + } + } + ], + "purl": "pkg:npm/sanitize-filename@1.6.3", + "externalReferences": [ + { + "url": "https://github.com/parshap/node-sanitize-filename#readme", + "type": "website" + }, + { + "url": "https://github.com/parshap/node-sanitize-filename/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/parshap/node-sanitize-filename.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/truncate-utf8-bytes@1.0.2", + "name": "truncate-utf8-bytes", + "version": "1.0.2", + "description": "Truncate string to given length in bytes", + "hashes": [ + { + "alg": "SHA-1", + "content": "405923909592d56f78a5818434b0b78489ca5f2b" + } + ], + "licenses": [ + { + "license": { + "id": "WTFPL" + } + } + ], + "purl": "pkg:npm/truncate-utf8-bytes@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/parshap/truncate-utf8-bytes#readme", + "type": "website" + }, + { + "url": "https://github.com/parshap/truncate-utf8-bytes/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/parshap/truncate-utf8-bytes.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/utf8-byte-length@1.0.4", + "name": "utf8-byte-length", + "version": "1.0.4", + "description": "Get utf8 byte length of string", + "hashes": [ + { + "alg": "SHA-1", + "content": "f45f150c4c66eee968186505ab93fcbb8ad6bf61" + } + ], + "licenses": [ + { + "license": { + "id": "WTFPL" + } + } + ], + "purl": "pkg:npm/utf8-byte-length@1.0.4", + "externalReferences": [ + { + "url": "https://github.com/parshap/utf8-byte-length#readme", + "type": "website" + }, + { + "url": "https://github.com/parshap/utf8-byte-length/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/parshap/utf8-byte-length.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/sanitize-html@1.4.2", + "name": "sanitize-html", + "version": "1.4.2", + "description": "Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis", + "hashes": [ + { + "alg": "SHA-1", + "content": "0bcc3dc92ba79d8b5dbea8b851c13d50d5ed3d58" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sanitize-html@1.4.2", + "externalReferences": [ + { + "url": "https://github.com/punkave/sanitize-html#readme", + "type": "website" + }, + { + "url": "https://github.com/punkave/sanitize-html/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/punkave/sanitize-html.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/he@0.4.1", + "name": "he", + "version": "0.4.1", + "description": "A robust HTML entities encoder/decoder with full Unicode support.", + "hashes": [ + { + "alg": "SHA-1", + "content": "c86667614d2dd71bc737a197c760fb2eec8a1921" + } + ], + "purl": "pkg:npm/he@0.4.1", + "externalReferences": [ + { + "url": "http://mths.be/he", + "type": "website" + }, + { + "url": "https://github.com/mathiasbynens/he/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mathiasbynens/he.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/htmlparser2@3.3.0", + "name": "htmlparser2", + "version": "3.3.0", + "description": "Fast \u0026 forgiving HTML/XML/RSS parser", + "hashes": [ + { + "alg": "SHA-1", + "content": "cc70d05a59f6542e43f0e685c982e14c924a9efe" + } + ], + "purl": "pkg:npm/htmlparser2@3.3.0", + "externalReferences": [ + { + "url": "https://github.com/fb55/htmlparser2#readme", + "type": "website" + }, + { + "url": "http://github.com/fb55/htmlparser2/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/fb55/htmlparser2.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/domelementtype@1.3.1", + "name": "domelementtype", + "version": "1.3.1", + "description": "all the types of nodes in htmlparser2\u0027s dom", + "hashes": [ + { + "alg": "SHA-1", + "content": "d048c44b37b0d10a7f2a3d5fee3f4333d790481f" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/domelementtype@1.3.1", + "externalReferences": [ + { + "url": "https://github.com/fb55/domelementtype#readme", + "type": "website" + }, + { + "url": "https://github.com/fb55/domelementtype/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/fb55/domelementtype.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/domhandler@2.1.0", + "name": "domhandler", + "version": "2.1.0", + "description": "handler for htmlparser2 that turns pages into a dom", + "hashes": [ + { + "alg": "SHA-1", + "content": "d2646f5e57f6c3bab11cf6cb05d3c0acf7412594" + } + ], + "purl": "pkg:npm/domhandler@2.1.0", + "externalReferences": [ + { + "url": "https://github.com/fb55/domhandler#readme", + "type": "website" + }, + { + "url": "https://github.com/fb55/domhandler/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/fb55/domhandler.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/domutils@1.1.6", + "name": "domutils", + "version": "1.1.6", + "description": "utilities for working with htmlparser2\u0027s dom", + "hashes": [ + { + "alg": "SHA-1", + "content": "bddc3de099b9a2efacc51c623f28f416ecc57485" + } + ], + "purl": "pkg:npm/domutils@1.1.6", + "externalReferences": [ + { + "url": "https://github.com/FB55/domutils#readme", + "type": "website" + }, + { + "url": "https://github.com/FB55/domutils/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/FB55/domutils.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/readable-stream@1.0.34", + "name": "readable-stream", + "version": "1.0.34", + "description": "Streams2, a user-land copy of the stream library from Node.js v0.10.x", + "hashes": [ + { + "alg": "SHA-1", + "content": "125820e34bc842d2f2aaafafe4c2916ee32c157c" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@1.0.34", + "externalReferences": [ + { + "url": "https://github.com/isaacs/readable-stream#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/readable-stream/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/isaacs/readable-stream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/lodash@2.4.2", + "name": "lodash", + "version": "2.4.2", + "description": "A utility library delivering consistency, customization, performance, \u0026 extras.", + "hashes": [ + { + "alg": "SHA-1", + "content": "fadd834b9683073da179b3eae6d9c0d15053f73e" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash@2.4.2", + "externalReferences": [ + { + "url": "http://lodash.com/", + "type": "website" + }, + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/lodash/lodash.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/semver@7.3.2", + "name": "semver", + "version": "7.3.2", + "description": "The semantic version parser used by npm.", + "hashes": [ + { + "alg": "SHA-1", + "content": "604962b052b81ed0786aae84389ffba70ffd3938" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@7.3.2", + "externalReferences": [ + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/npm/node-semver.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/sequelize@5.22.3", + "name": "sequelize", + "version": "5.22.3", + "description": "Multi dialect ORM for Node.JS", + "hashes": [ + { + "alg": "SHA-1", + "content": "7e7a92ddd355d883c9eb11cdb106d874d0d2636f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sequelize@5.22.3", + "externalReferences": [ + { + "url": "https://sequelize.org/", + "type": "website" + }, + { + "url": "https://github.com/sequelize/sequelize/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sequelize/sequelize.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/cls-bluebird@2.1.0", + "name": "cls-bluebird", + "version": "2.1.0", + "description": "Make bluebird work with the continuation-local-storage module.", + "hashes": [ + { + "alg": "SHA-1", + "content": "37ef1e080a8ffb55c2f4164f536f1919e7968aee" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/cls-bluebird@2.1.0", + "externalReferences": [ + { + "url": "https://github.com/TimBeyer/cls-bluebird#readme", + "type": "website" + }, + { + "url": "https://github.com/TimBeyer/cls-bluebird/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/TimBeyer/cls-bluebird.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-bluebird@1.0.2", + "name": "is-bluebird", + "version": "1.0.2", + "description": "Is this a bluebird promise I see before me?", + "hashes": [ + { + "alg": "SHA-1", + "content": "096439060f4aa411abee19143a84d6a55346d6e2" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-bluebird@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/overlookmotel/is-bluebird#readme", + "type": "website" + }, + { + "url": "https://github.com/overlookmotel/is-bluebird/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/overlookmotel/is-bluebird.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/shimmer@1.2.1", + "name": "shimmer", + "version": "1.2.1", + "description": "Safe(r) monkeypatching for JavaScript.", + "hashes": [ + { + "alg": "SHA-1", + "content": "610859f7de327b587efebf501fb43117f9aff337" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/shimmer@1.2.1", + "externalReferences": [ + { + "url": "https://github.com/othiym23/shimmer#readme", + "type": "website" + }, + { + "url": "https://github.com/othiym23/shimmer/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/othiym23/shimmer.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/debug@4.1.1", + "name": "debug", + "version": "4.1.1", + "description": "small debugging utility", + "hashes": [ + { + "alg": "SHA-1", + "content": "3b72260255109c6b589cee050f1d516139664791" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@4.1.1", + "externalReferences": [ + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/moment-timezone@0.5.31", + "name": "moment-timezone", + "version": "0.5.31", + "description": "Parse and display moments in any timezone.", + "hashes": [ + { + "alg": "SHA-1", + "content": "9c40d8c5026f0c7ab46eda3d63e49c155148de05" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/moment-timezone@0.5.31", + "externalReferences": [ + { + "url": "http://momentjs.com/timezone/", + "type": "website" + }, + { + "url": "https://github.com/moment/moment-timezone/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/moment/moment-timezone.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/retry-as-promised@3.2.0", + "name": "retry-as-promised", + "version": "3.2.0", + "description": "Retry a failed promise", + "hashes": [ + { + "alg": "SHA-1", + "content": "769f63d536bec4783549db0777cb56dadd9d8543" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/retry-as-promised@3.2.0", + "externalReferences": [ + { + "url": "https://github.com/mickhansen/retry-as-promised", + "type": "website" + }, + { + "url": "https://github.com/mickhansen/retry-as-promised/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mickhansen/retry-as-promised.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/any-promise@1.3.0", + "name": "any-promise", + "version": "1.3.0", + "description": "Resolve any installed ES6 compatible promise", + "hashes": [ + { + "alg": "SHA-1", + "content": "abc6afeedcea52e809cdc0376aed3ce39635d17f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/any-promise@1.3.0", + "externalReferences": [ + { + "url": "http://github.com/kevinbeaty/any-promise", + "type": "website" + }, + { + "url": "https://github.com/kevinbeaty/any-promise/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/kevinbeaty/any-promise.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/semver@6.3.0", + "name": "semver", + "version": "6.3.0", + "description": "The semantic version parser used by npm.", + "hashes": [ + { + "alg": "SHA-1", + "content": "ee0a64c8af5e8ceea67687b133761e1becbd1d3d" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@6.3.0", + "externalReferences": [ + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website" + }, + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/npm/node-semver.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/sequelize-pool@2.3.0", + "name": "sequelize-pool", + "version": "2.3.0", + "description": "Resource pooling for Node.JS", + "hashes": [ + { + "alg": "SHA-1", + "content": "64f1fe8744228172c474f530604b6133be64993d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sequelize-pool@2.3.0", + "externalReferences": [ + { + "url": "https://github.com/sushantdhiman/sequelize-pool#readme", + "type": "website" + }, + { + "url": "https://github.com/sushantdhiman/sequelize-pool/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/sushantdhiman/sequelize-pool.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/toposort-class@1.0.1", + "name": "toposort-class", + "version": "1.0.1", + "description": "Topological sort of directed acyclic graphs (like dependecy lists)", + "hashes": [ + { + "alg": "SHA-1", + "content": "7ffd1f78c8be28c3ba45cd4e1a3f5ee193bd9988" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/toposort-class@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/gustavohenke/toposort#readme", + "type": "website" + }, + { + "url": "https://github.com/gustavohenke/toposort/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/gustavohenke/toposort.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/validator@10.11.0", + "name": "validator", + "version": "10.11.0", + "description": "String validation and sanitization", + "hashes": [ + { + "alg": "SHA-1", + "content": "003108ea6e9a9874d31ccc9e5006856ccd76b228" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/validator@10.11.0", + "externalReferences": [ + { + "url": "https://github.com/chriso/validator.js", + "type": "website" + }, + { + "url": "https://github.com/chriso/validator.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/chriso/validator.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/wkx@0.4.8", + "name": "wkx", + "version": "0.4.8", + "description": "A WKT/WKB/EWKT/EWKB/TWKB/GeoJSON parser and serializer", + "hashes": [ + { + "alg": "SHA-1", + "content": "a092cf088d112683fdc7182fd31493b2c5820003" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wkx@0.4.8", + "externalReferences": [ + { + "url": "https://github.com/cschwarz/wkx#readme", + "type": "website" + }, + { + "url": "https://github.com/cschwarz/wkx/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/cschwarz/wkx.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/%40types/node@14.0.23", + "group": "@types", + "name": "node", + "version": "14.0.23", + "description": "TypeScript definitions for Node.js", + "hashes": [ + { + "alg": "SHA-1", + "content": "676fa0883450ed9da0bb24156213636290892806" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40types/node@14.0.23", + "externalReferences": [ + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme", + "type": "website" + }, + { + "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/DefinitelyTyped/DefinitelyTyped.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/sequelize-noupdate-attributes@1.0.0", + "name": "sequelize-noupdate-attributes", + "version": "1.0.0", + "description": "A very simple Sequelize plugin which adds no update and readonly attributes support.", + "hashes": [ + { + "alg": "SHA-1", + "content": "70ab724563742b2c6fbadc507c91c01041b5fb38" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/sequelize-noupdate-attributes@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/diosney/node-sequelize-noupdate-attributes", + "type": "website" + }, + { + "url": "https://github.com/diosney/node-sequelize-noupdate-attributes/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/diosney/node-sequelize-noupdate-attributes.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/serve-index@1.9.1", + "name": "serve-index", + "version": "1.9.1", + "description": "Serve directory listings", + "hashes": [ + { + "alg": "SHA-1", + "content": "d3768d69b1e7d82e5ce050fff5b453bea12a9239" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/serve-index@1.9.1", + "externalReferences": [ + { + "url": "https://github.com/expressjs/serve-index#readme", + "type": "website" + }, + { + "url": "https://github.com/expressjs/serve-index/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/expressjs/serve-index.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/batch@0.6.1", + "name": "batch", + "version": "0.6.1", + "description": "Simple async batch with concurrency control and progress reporting.", + "hashes": [ + { + "alg": "SHA-1", + "content": "dc34314f4e679318093fc760272525f94bf25c16" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/batch@0.6.1", + "externalReferences": [ + { + "url": "https://github.com/visionmedia/batch#readme", + "type": "website" + }, + { + "url": "https://github.com/visionmedia/batch/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/visionmedia/batch.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/http-errors@1.6.3", + "name": "http-errors", + "version": "1.6.3", + "description": "Create HTTP error objects", + "hashes": [ + { + "alg": "SHA-1", + "content": "8b55680bb4be283a0b5bf4ea2e38580be1d9320d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/http-errors@1.6.3", + "externalReferences": [ + { + "url": "https://github.com/jshttp/http-errors#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/http-errors/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/http-errors.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/setprototypeof@1.1.0", + "name": "setprototypeof", + "version": "1.1.0", + "description": "A small polyfill for Object.setprototypeof", + "hashes": [ + { + "alg": "SHA-1", + "content": "d0bd85536887b6fe7c0d818cb962d9d91c54e656" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/setprototypeof@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/wesleytodd/setprototypeof", + "type": "website" + }, + { + "url": "https://github.com/wesleytodd/setprototypeof/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/wesleytodd/setprototypeof.git", + "type": "vcs" + } + ] + }, + { + "type": "framework", + "bom-ref": "juice-shop@11.1.2:pkg:npm/socket.io@2.3.0", + "name": "socket.io", + "version": "2.3.0", + "description": "node.js realtime framework server", + "hashes": [ + { + "alg": "SHA-1", + "content": "cd762ed6a4faeca59bc1f3e243c0969311eb73fb" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socket.io@2.3.0", + "externalReferences": [ + { + "url": "https://github.com/socketio/socket.io#readme", + "type": "website" + }, + { + "url": "https://github.com/socketio/socket.io/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/socketio/socket.io.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/engine.io@3.4.2", + "name": "engine.io", + "version": "3.4.2", + "description": "The realtime engine behind Socket.IO. Provides the foundation of a bidirectional connection between client and server", + "hashes": [ + { + "alg": "SHA-1", + "content": "8fc84ee00388e3e228645e0a7d3dfaeed5bd122c" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/engine.io@3.4.2", + "externalReferences": [ + { + "url": "https://github.com/socketio/engine.io", + "type": "website" + }, + { + "url": "https://github.com/socketio/engine.io/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/socketio/engine.io.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/base64id@2.0.0", + "name": "base64id", + "version": "2.0.0", + "description": "Generates a base64 id", + "hashes": [ + { + "alg": "SHA-1", + "content": "2770ac6bc47d312af97a8bf9a634342e0cd25cb6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/base64id@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/faeldt/base64id#readme", + "type": "website" + }, + { + "url": "https://github.com/faeldt/base64id/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/faeldt/base64id.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/cookie@0.3.1", + "name": "cookie", + "version": "0.3.1", + "description": "HTTP server cookie parsing and serialization", + "hashes": [ + { + "alg": "SHA-1", + "content": "e7e0a1f9ef43b4c8ba925c5c5a96e806d16873bb" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/cookie@0.3.1", + "externalReferences": [ + { + "url": "https://github.com/jshttp/cookie#readme", + "type": "website" + }, + { + "url": "https://github.com/jshttp/cookie/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/jshttp/cookie.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/engine.io-parser@2.2.0", + "name": "engine.io-parser", + "version": "2.2.0", + "description": "Parser for the client for the realtime Engine", + "hashes": [ + { + "alg": "SHA-1", + "content": "312c4894f57d52a02b420868da7b5c1c84af80ed" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/engine.io-parser@2.2.0", + "externalReferences": [ + { + "url": "https://github.com/socketio/engine.io-parser", + "type": "website" + }, + { + "url": "https://github.com/socketio/engine.io-parser/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/socketio/engine.io-parser.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/after@0.8.2", + "name": "after", + "version": "0.8.2", + "description": "after - tiny flow control", + "hashes": [ + { + "alg": "SHA-1", + "content": "fedb394f9f0e02aa9768e702bda23b505fae7e1f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/after@0.8.2", + "externalReferences": [ + { + "url": "https://github.com/Raynos/after#readme", + "type": "website" + }, + { + "url": "https://github.com/Raynos/after/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/Raynos/after.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/arraybuffer.slice@0.0.7", + "name": "arraybuffer.slice", + "version": "0.0.7", + "description": "Exports a function for slicing ArrayBuffers (no polyfilling)", + "hashes": [ + { + "alg": "SHA-1", + "content": "3bbc4275dd584cc1b10809b89d4e8b63a69e7675" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/arraybuffer.slice@0.0.7", + "externalReferences": [ + { + "url": "https://github.com/rase-/arraybuffer.slice", + "type": "website" + }, + { + "url": "https://github.com/rase-/arraybuffer.slice/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/rase-/arraybuffer.slice.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/base64-arraybuffer@0.1.5", + "name": "base64-arraybuffer", + "version": "0.1.5", + "description": "Encode/decode base64 data into ArrayBuffers", + "hashes": [ + { + "alg": "SHA-1", + "content": "73926771923b5a19747ad666aa5cd4bf9c6e9ce8" + } + ], + "purl": "pkg:npm/base64-arraybuffer@0.1.5", + "externalReferences": [ + { + "url": "https://github.com/niklasvh/base64-arraybuffer", + "type": "website" + }, + { + "url": "https://github.com/niklasvh/base64-arraybuffer/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/niklasvh/base64-arraybuffer.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/blob@0.0.5", + "name": "blob", + "version": "0.0.5", + "description": "Abstracts out Blob and uses BlobBulder in cases where it is supported with any vendor prefix.", + "hashes": [ + { + "alg": "SHA-1", + "content": "d680eeef25f8cd91ad533f5b01eed48e64caf683" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/blob@0.0.5", + "externalReferences": [ + { + "url": "https://github.com/webmodules/blob", + "type": "website" + }, + { + "url": "https://github.com/webmodules/blob/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/webmodules/blob.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/has-binary2@1.0.3", + "name": "has-binary2", + "version": "1.0.3", + "description": "A function that takes anything in javascript and returns true if its argument contains binary data.", + "hashes": [ + { + "alg": "SHA-1", + "content": "7776ac627f3ea77250cfc332dab7ddf5e4f5d11d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-binary2@1.0.3" + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/isarray@2.0.1", + "name": "isarray", + "version": "2.0.1", + "description": "Array#isArray for older browsers", + "hashes": [ + { + "alg": "SHA-1", + "content": "a37d94ed9cda2d59865c9f76fe596ee1f338741e" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/isarray@2.0.1", + "externalReferences": [ + { + "url": "https://github.com/juliangruber/isarray", + "type": "website" + }, + { + "url": "https://github.com/juliangruber/isarray/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/juliangruber/isarray.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ws@7.3.1", + "name": "ws", + "version": "7.3.1", + "description": "Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js", + "hashes": [ + { + "alg": "SHA-1", + "content": "d0547bf67f7ce4f12a72dfe31262c68d7dc551c8" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ws@7.3.1", + "externalReferences": [ + { + "url": "https://github.com/websockets/ws", + "type": "website" + }, + { + "url": "https://github.com/websockets/ws/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/websockets/ws.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/socket.io-adapter@1.1.2", + "name": "socket.io-adapter", + "version": "1.1.2", + "description": "default socket.io in-memory adapter", + "hashes": [ + { + "alg": "SHA-1", + "content": "ab3f0d6f66b8fc7fca3959ab5991f82221789be9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socket.io-adapter@1.1.2", + "externalReferences": [ + { + "url": "https://github.com/socketio/socket.io-adapter#readme", + "type": "website" + }, + { + "url": "https://github.com/socketio/socket.io-adapter/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/socketio/socket.io-adapter.git", + "type": "vcs" + } + ] + }, + { + "type": "framework", + "bom-ref": "juice-shop@11.1.2:pkg:npm/socket.io-client@2.3.0", + "name": "socket.io-client", + "version": "2.3.0", + "description": "[![Build Status](https://secure.travis-ci.org/socketio/socket.io-client.svg?branch=master)](http://travis-ci.org/socketio/socket.io-client) [![Dependency Status](https://david-dm.org/socketio/socket.io-client.svg)](https://david-dm.org/socketio/socket.io-client) [![devDependency Status](https://david-dm.org/socketio/socket.io-client/dev-status.svg)](https://david-dm.org/socketio/socket.io-client#info=devDependencies) [![NPM version](https://badge.fury.io/js/socket.io-client.svg)](https://www.npmjs.com/package/socket.io-client) ![Downloads](http://img.shields.io/npm/dm/socket.io-client.svg?style=flat) [![](http://slack.socket.io/badge.svg?)](http://slack.socket.io)", + "hashes": [ + { + "alg": "SHA-1", + "content": "14d5ba2e00b9bcd145ae443ab96b3f86cbcc1bb4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socket.io-client@2.3.0", + "externalReferences": [ + { + "url": "https://github.com/Automattic/socket.io-client#readme", + "type": "website" + }, + { + "url": "https://github.com/Automattic/socket.io-client/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/Automattic/socket.io-client.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/backo2@1.0.2", + "name": "backo2", + "version": "1.0.2", + "description": "simple backoff based on segmentio/backo", + "hashes": [ + { + "alg": "SHA-1", + "content": "31ab1ac8b129363463e35b3ebb69f4dfcfba7947" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/backo2@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/mokesmokes/backo#readme", + "type": "website" + }, + { + "url": "https://github.com/mokesmokes/backo/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mokesmokes/backo.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/component-bind@1.0.0", + "name": "component-bind", + "version": "1.0.0", + "description": "function binding utility", + "hashes": [ + { + "alg": "SHA-1", + "content": "00c608ab7dcd93897c0009651b1d3a8e1e73bbd1" + } + ], + "purl": "pkg:npm/component-bind@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/component/bind#readme", + "type": "website" + }, + { + "url": "https://github.com/component/bind/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/component/bind.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/component-emitter@1.2.1", + "name": "component-emitter", + "version": "1.2.1", + "description": "Event emitter", + "hashes": [ + { + "alg": "SHA-1", + "content": "137918d6d78283f7df7a6b7c5a63e140e69425e6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/component-emitter@1.2.1", + "externalReferences": [ + { + "url": "https://github.com/component/emitter#readme", + "type": "website" + }, + { + "url": "https://github.com/component/emitter/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/component/emitter.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/engine.io-client@3.4.3", + "name": "engine.io-client", + "version": "3.4.3", + "description": "Client for the realtime Engine", + "hashes": [ + { + "alg": "SHA-1", + "content": "192d09865403e3097e3575ebfeb3861c4d01a66c" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/engine.io-client@3.4.3", + "externalReferences": [ + { + "url": "https://github.com/socketio/engine.io-client", + "type": "website" + }, + { + "url": "https://github.com/socketio/engine.io-client/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/socketio/engine.io-client.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/component-inherit@0.0.3", + "name": "component-inherit", + "version": "0.0.3", + "description": "Prototype inheritance utility", + "hashes": [ + { + "alg": "SHA-1", + "content": "645fc4adf58b72b649d5cae65135619db26ff143" + } + ], + "purl": "pkg:npm/component-inherit@0.0.3", + "externalReferences": [ + { + "url": "https://github.com/component/inherit#readme", + "type": "website" + }, + { + "url": "https://github.com/component/inherit/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/component/inherit.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/has-cors@1.1.0", + "name": "has-cors", + "version": "1.1.0", + "description": "Detects support for Cross-Origin Resource Sharing", + "hashes": [ + { + "alg": "SHA-1", + "content": "5e474793f7ea9843d1bb99c23eef49ff126fff39" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/has-cors@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/component/has-cors#readme", + "type": "website" + }, + { + "url": "https://github.com/component/has-cors/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/component/has-cors.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/indexof@0.0.1", + "name": "indexof", + "version": "0.0.1", + "description": "Microsoft sucks", + "hashes": [ + { + "alg": "SHA-1", + "content": "82dc336d232b9062179d05ab3293a66059fd435d" + } + ], + "purl": "pkg:npm/indexof@0.0.1" + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/parseqs@0.0.5", + "name": "parseqs", + "version": "0.0.5", + "description": "Provides methods for parsing a query string into an object, and vice versa.", + "hashes": [ + { + "alg": "SHA-1", + "content": "d5208a3738e46766e291ba2ea173684921a8b89d" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parseqs@0.0.5", + "externalReferences": [ + { + "url": "https://github.com/get/querystring", + "type": "website" + }, + { + "url": "https://github.com/get/querystring/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/get/querystring.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/better-assert@1.0.2", + "name": "better-assert", + "version": "1.0.2", + "description": "Better assertions for node, reporting the expr, filename, lineno etc", + "hashes": [ + { + "alg": "SHA-1", + "content": "40866b9e1b9e0b55b481894311e68faffaebc522" + } + ], + "purl": "pkg:npm/better-assert@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/visionmedia/better-assert#readme", + "type": "website" + }, + { + "url": "https://github.com/visionmedia/better-assert/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/visionmedia/better-assert.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/callsite@1.0.0", + "name": "callsite", + "version": "1.0.0", + "description": "access to v8\u0027s CallSites", + "hashes": [ + { + "alg": "SHA-1", + "content": "280398e5d664bd74038b6f0905153e6e8af1bc20" + } + ], + "purl": "pkg:npm/callsite@1.0.0" + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/parseuri@0.0.5", + "name": "parseuri", + "version": "0.0.5", + "description": "Method that parses a URI and returns an array of its components", + "hashes": [ + { + "alg": "SHA-1", + "content": "80204a50d4dbb779bfdc6ebe2778d90e4bce320a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parseuri@0.0.5", + "externalReferences": [ + { + "url": "https://github.com/get/parseuri", + "type": "website" + }, + { + "url": "https://github.com/get/parseuri/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/get/parseuri.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/ws@6.1.4", + "name": "ws", + "version": "6.1.4", + "description": "Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js", + "hashes": [ + { + "alg": "SHA-1", + "content": "5b5c8800afab925e94ccb29d153c8d02c1776ef9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ws@6.1.4", + "externalReferences": [ + { + "url": "https://github.com/websockets/ws", + "type": "website" + }, + { + "url": "https://github.com/websockets/ws/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/websockets/ws.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/async-limiter@1.0.1", + "name": "async-limiter", + "version": "1.0.1", + "description": "asynchronous function queue with adjustable concurrency", + "hashes": [ + { + "alg": "SHA-1", + "content": "dd379e94f0db8310b08291f9d64c3209766617fd" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async-limiter@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/strml/async-limiter#readme", + "type": "website" + }, + { + "url": "https://github.com/strml/async-limiter/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/strml/async-limiter.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/xmlhttprequest-ssl@1.5.5", + "name": "xmlhttprequest-ssl", + "version": "1.5.5", + "description": "XMLHttpRequest for Node", + "hashes": [ + { + "alg": "SHA-1", + "content": "c2876b06168aadc40e57d97e81191ac8f4398b3e" + } + ], + "purl": "pkg:npm/xmlhttprequest-ssl@1.5.5", + "externalReferences": [ + { + "url": "https://github.com/mjwwit/node-XMLHttpRequest#readme", + "type": "website" + }, + { + "url": "http://github.com/mjwwit/node-XMLHttpRequest/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/mjwwit/node-XMLHttpRequest.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/yeast@0.1.2", + "name": "yeast", + "version": "0.1.2", + "description": "Tiny but linear growing unique id generator", + "hashes": [ + { + "alg": "SHA-1", + "content": "008e06d8094320c372dbc2f8ed76a0ca6c8ac419" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yeast@0.1.2", + "externalReferences": [ + { + "url": "https://github.com/unshiftio/yeast", + "type": "website" + }, + { + "url": "https://github.com/unshiftio/yeast/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/unshiftio/yeast.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/object-component@0.0.3", + "name": "object-component", + "version": "0.0.3", + "description": "Object utils.", + "hashes": [ + { + "alg": "SHA-1", + "content": "f0c69aa50efc95b866c186f400a33769cb2f1291" + } + ], + "purl": "pkg:npm/object-component@0.0.3" + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/socket.io-parser@3.3.0", + "name": "socket.io-parser", + "version": "3.3.0", + "description": "socket.io protocol parser", + "hashes": [ + { + "alg": "SHA-1", + "content": "2b52a96a509fdf31440ba40fed6094c7d4f1262f" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socket.io-parser@3.3.0", + "externalReferences": [ + { + "url": "https://github.com/Automattic/socket.io-parser#readme", + "type": "website" + }, + { + "url": "https://github.com/Automattic/socket.io-parser/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/Automattic/socket.io-parser.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/debug@3.1.0", + "name": "debug", + "version": "3.1.0", + "description": "small debugging utility", + "hashes": [ + { + "alg": "SHA-1", + "content": "5bb5a0672628b64149566ba16819e61518c67261" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/debug@3.1.0", + "externalReferences": [ + { + "url": "https://github.com/visionmedia/debug#readme", + "type": "website" + }, + { + "url": "https://github.com/visionmedia/debug/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/visionmedia/debug.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/to-array@0.1.4", + "name": "to-array", + "version": "0.1.4", + "description": "Turn an array like into an array", + "hashes": [ + { + "alg": "SHA-1", + "content": "17e6c11f73dd4f3d74cda7a4ff3238e9ad9bf890" + } + ], + "purl": "pkg:npm/to-array@0.1.4", + "externalReferences": [ + { + "url": "https://github.com/Raynos/to-array", + "type": "website" + }, + { + "url": "https://github.com/Raynos/to-array/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/Raynos/to-array.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/socket.io-parser@3.4.1", + "name": "socket.io-parser", + "version": "3.4.1", + "description": "socket.io protocol parser", + "hashes": [ + { + "alg": "SHA-1", + "content": "b06af838302975837eab2dc980037da24054d64a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/socket.io-parser@3.4.1", + "externalReferences": [ + { + "url": "https://github.com/socketio/socket.io-parser#readme", + "type": "website" + }, + { + "url": "https://github.com/socketio/socket.io-parser/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/socketio/socket.io-parser.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/sqlite3@4.2.0", + "name": "sqlite3", + "version": "4.2.0", + "description": "Asynchronous, non-blocking SQLite3 bindings", + "hashes": [ + { + "alg": "SHA-1", + "content": "49026d665e9fc4f922e56fb9711ba5b4c85c4901" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/sqlite3@4.2.0", + "externalReferences": [ + { + "url": "https://github.com/mapbox/node-sqlite3", + "type": "website" + }, + { + "url": "https://github.com/mapbox/node-sqlite3/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/mapbox/node-sqlite3.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/node-pre-gyp@0.11.0", + "name": "node-pre-gyp", + "version": "0.11.0", + "description": "Node.js native addon binary install tool", + "hashes": [ + { + "alg": "SHA-1", + "content": "db1f33215272f692cd38f03238e3e9b47c5dd054" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/node-pre-gyp@0.11.0", + "externalReferences": [ + { + "url": "https://github.com/mapbox/node-pre-gyp#readme", + "type": "website" + }, + { + "url": "https://github.com/mapbox/node-pre-gyp/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/mapbox/node-pre-gyp.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/svg-captcha@1.4.0", + "name": "svg-captcha", + "version": "1.4.0", + "description": "generate svg captcha in node.js or express.js", + "hashes": [ + { + "alg": "SHA-1", + "content": "32ead3c6463936c218bb3bc9ed04fea4eeffe492" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/svg-captcha@1.4.0", + "externalReferences": [ + { + "url": "https://github.com/steambap/svg-captcha#readme", + "type": "website" + }, + { + "url": "https://github.com/steambap/svg-captcha/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/steambap/svg-captcha.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/opentype.js@0.7.3", + "name": "opentype.js", + "version": "0.7.3", + "description": "OpenType font parser", + "hashes": [ + { + "alg": "SHA-1", + "content": "40fb8ce18bfd60e74448efdfe442834098397aab" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/opentype.js@0.7.3", + "externalReferences": [ + { + "url": "https://github.com/nodebox/opentype.js#readme", + "type": "website" + }, + { + "url": "https://github.com/nodebox/opentype.js/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/nodebox/opentype.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/swagger-ui-express@4.1.4", + "name": "swagger-ui-express", + "version": "4.1.4", + "description": "Swagger UI Express", + "hashes": [ + { + "alg": "SHA-1", + "content": "8b814ad998b850a1cf90e71808d6d0a8a8daf742" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/swagger-ui-express@4.1.4", + "externalReferences": [ + { + "url": "https://github.com/scottie1984/swagger-ui-express", + "type": "website" + }, + { + "url": "https://github.com/scottie1984/swagger-ui-express/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/scottie1984/swagger-ui-express.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/swagger-ui-dist@3.28.0", + "name": "swagger-ui-dist", + "version": "3.28.0", + "description": "[![NPM version](https://badge.fury.io/js/swagger-ui-dist.svg)](http://badge.fury.io/js/swagger-ui-dist)", + "hashes": [ + { + "alg": "SHA-1", + "content": "7c30ece92f815c1f34de3d394e12983e97f3d421" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/swagger-ui-dist@3.28.0", + "externalReferences": [ + { + "url": "https://github.com/swagger-api/swagger-ui#readme", + "type": "website" + }, + { + "url": "https://github.com/swagger-api/swagger-ui/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/swagger-api/swagger-ui.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/unzipper@0.9.15", + "name": "unzipper", + "version": "0.9.15", + "description": "Unzip cross-platform streaming API ", + "hashes": [ + { + "alg": "SHA-1", + "content": "97d99203dad17698ee39882483c14e4845c7549c" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/unzipper@0.9.15", + "externalReferences": [ + { + "url": "https://github.com/ZJONSSON/node-unzipper#readme", + "type": "website" + }, + { + "url": "https://github.com/ZJONSSON/node-unzipper/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/ZJONSSON/node-unzipper.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/big-integer@1.6.48", + "name": "big-integer", + "version": "1.6.48", + "description": "An arbitrary length integer library for Javascript", + "hashes": [ + { + "alg": "SHA-1", + "content": "8fd88bd1632cba4a1c8c3e3d7159f08bb95b4b9e" + } + ], + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/big-integer@1.6.48", + "externalReferences": [ + { + "url": "https://github.com/peterolson/BigInteger.js#readme", + "type": "website" + }, + { + "url": "https://github.com/peterolson/BigInteger.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/peterolson/BigInteger.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/binary@0.3.0", + "name": "binary", + "version": "0.3.0", + "description": "Unpack multibyte binary values from buffers", + "hashes": [ + { + "alg": "SHA-1", + "content": "9f60553bc5ce8c3386f3b553cff47462adecaa79" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/binary@0.3.0", + "externalReferences": [ + { + "url": "https://github.com/substack/node-binary#readme", + "type": "website" + }, + { + "url": "https://github.com/substack/node-binary/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/substack/node-binary.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/buffers@0.1.1", + "name": "buffers", + "version": "0.1.1", + "description": "Treat a collection of Buffers as a single contiguous partially mutable Buffer.", + "hashes": [ + { + "alg": "SHA-1", + "content": "b24579c3bed4d6d396aeee6d9a8ae7f5482ab7bb" + } + ], + "purl": "pkg:npm/buffers@0.1.1", + "externalReferences": [ + { + "url": "https://github.com/substack/node-buffers#readme", + "type": "website" + }, + { + "url": "https://github.com/substack/node-buffers/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/substack/node-buffers.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/chainsaw@0.1.0", + "name": "chainsaw", + "version": "0.1.0", + "description": "Build chainable fluent interfaces the easy way... with a freakin\u0027 chainsaw!", + "hashes": [ + { + "alg": "SHA-1", + "content": "5eab50b28afe58074d0d58291388828b5e5fbc98" + } + ], + "licenses": [ + { + "license": { + "name": "MIT/X11" + } + } + ], + "purl": "pkg:npm/chainsaw@0.1.0", + "externalReferences": [ + { + "url": "https://github.com/substack/node-chainsaw#readme", + "type": "website" + }, + { + "url": "https://github.com/substack/node-chainsaw/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/substack/node-chainsaw.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/traverse@0.3.9", + "name": "traverse", + "version": "0.3.9", + "description": "Traverse and transform objects by visiting every node on a recursive walk", + "hashes": [ + { + "alg": "SHA-1", + "content": "717b8f220cc0bb7b44e40514c22b2e8bbc70d8b9" + } + ], + "licenses": [ + { + "license": { + "name": "MIT/X11" + } + } + ], + "purl": "pkg:npm/traverse@0.3.9", + "externalReferences": [ + { + "url": "https://github.com/substack/js-traverse#readme", + "type": "website" + }, + { + "url": "https://github.com/substack/js-traverse/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/substack/js-traverse.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/bluebird@3.4.7", + "name": "bluebird", + "version": "3.4.7", + "description": "Full featured Promises/A\u002B implementation with exceptionally good performance", + "hashes": [ + { + "alg": "SHA-1", + "content": "f72d760be09b7f76d08ed8fae98b289a8d05fab3" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bluebird@3.4.7", + "externalReferences": [ + { + "url": "https://github.com/petkaantonov/bluebird", + "type": "website" + }, + { + "url": "http://github.com/petkaantonov/bluebird/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/petkaantonov/bluebird.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/buffer-indexof-polyfill@1.0.1", + "name": "buffer-indexof-polyfill", + "version": "1.0.1", + "description": "This is a polyfill for Buffer#indexOf introduced in NodeJS 4.0.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a9fb806ce8145d5428510ce72f278bb363a638bf" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/buffer-indexof-polyfill@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/sarosia/buffer-indexof-polyfill#readme", + "type": "website" + }, + { + "url": "https://github.com/sarosia/buffer-indexof-polyfill/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sarosia/buffer-indexof-polyfill.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/fstream@1.0.12", + "name": "fstream", + "version": "1.0.12", + "description": "Advanced file system stream things", + "hashes": [ + { + "alg": "SHA-1", + "content": "4e8ba8ee2d48be4f7d0de505455548eae5932045" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/fstream@1.0.12", + "externalReferences": [ + { + "url": "https://github.com/npm/fstream#readme", + "type": "website" + }, + { + "url": "https://github.com/npm/fstream/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/npm/fstream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/listenercount@1.0.1", + "name": "listenercount", + "version": "1.0.1", + "description": "backwards compatible version of builtin events.listenercount", + "hashes": [ + { + "alg": "SHA-1", + "content": "84c8a72ab59c4725321480c975e6508342e70937" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/listenercount@1.0.1", + "externalReferences": [ + { + "url": "https://github.com/jden/node-listenercount#readme", + "type": "website" + }, + { + "url": "https://github.com/jden/node-listenercount/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/jden/node-listenercount.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/setimmediate@1.0.5", + "name": "setimmediate", + "version": "1.0.5", + "description": "A shim for the setImmediate efficient script yielding API", + "hashes": [ + { + "alg": "SHA-1", + "content": "290cbb232e306942d7d7ea9b83732ab7856f8285" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/setimmediate@1.0.5", + "externalReferences": [ + { + "url": "https://github.com/YuzuJS/setImmediate#readme", + "type": "website" + }, + { + "url": "https://github.com/YuzuJS/setImmediate/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/YuzuJS/setImmediate.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/winston@3.3.3", + "name": "winston", + "version": "3.3.3", + "description": "A logger for just about everything.", + "hashes": [ + { + "alg": "SHA-1", + "content": "ae6172042cafb29786afa3d09c8ff833ab7c9170" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/winston@3.3.3", + "externalReferences": [ + { + "url": "https://github.com/winstonjs/winston#readme", + "type": "website" + }, + { + "url": "https://github.com/winstonjs/winston/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/winstonjs/winston.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/%40dabh/diagnostics@2.0.2", + "group": "@dabh", + "name": "diagnostics", + "version": "2.0.2", + "description": "Tools for debugging your node.js modules and event loop", + "hashes": [ + { + "alg": "SHA-1", + "content": "290d08f7b381b8f94607dc8f471a12c675f9db31" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/%40dabh/diagnostics@2.0.2", + "externalReferences": [ + { + "url": "https://github.com/3rd-Eden/diagnostics", + "type": "website" + }, + { + "url": "https://github.com/3rd-Eden/diagnostics/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/3rd-Eden/diagnostics.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/colorspace@1.1.2", + "name": "colorspace", + "version": "1.1.2", + "description": "Generate HEX colors for a given namespace.", + "hashes": [ + { + "alg": "SHA-1", + "content": "e0128950d082b86a2168580796a0aa5d6c68d8c5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/colorspace@1.1.2", + "externalReferences": [ + { + "url": "https://github.com/3rd-Eden/colorspace", + "type": "website" + }, + { + "url": "https://github.com/3rd-Eden/colorspace/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/3rd-Eden/colorspace.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/color@3.0.0", + "name": "color", + "version": "3.0.0", + "description": "Color conversion and manipulation with CSS string support", + "hashes": [ + { + "alg": "SHA-1", + "content": "d920b4328d534a3ac8295d68f7bd4ba6c427be9a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color@3.0.0", + "externalReferences": [ + { + "url": "https://github.com/Qix-/color#readme", + "type": "website" + }, + { + "url": "https://github.com/Qix-/color/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/Qix-/color.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/color-string@1.5.3", + "name": "color-string", + "version": "1.5.3", + "description": "Parser and generator for CSS color strings", + "hashes": [ + { + "alg": "SHA-1", + "content": "c9bbc5f01b58b5492f3d6857459cb6590ce204cc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/color-string@1.5.3", + "externalReferences": [ + { + "url": "https://github.com/Qix-/color-string#readme", + "type": "website" + }, + { + "url": "https://github.com/Qix-/color-string/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/Qix-/color-string.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/simple-swizzle@0.2.2", + "name": "simple-swizzle", + "version": "0.2.2", + "description": "Simply swizzle your arguments", + "hashes": [ + { + "alg": "SHA-1", + "content": "a4da6b635ffcccca33f70d17cb92592de95e557a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/simple-swizzle@0.2.2", + "externalReferences": [ + { + "url": "https://github.com/qix-/node-simple-swizzle#readme", + "type": "website" + }, + { + "url": "https://github.com/qix-/node-simple-swizzle/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/qix-/node-simple-swizzle.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-arrayish@0.3.2", + "name": "is-arrayish", + "version": "0.3.2", + "description": "Determines if an object can be used as an array", + "hashes": [ + { + "alg": "SHA-1", + "content": "4574a2ae56f7ab206896fb431eaeed066fdf8f03" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.3.2", + "externalReferences": [ + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website" + }, + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/qix-/node-is-arrayish.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/text-hex@1.0.0", + "name": "text-hex", + "version": "1.0.0", + "description": "Generate a hex color from the given text", + "hashes": [ + { + "alg": "SHA-1", + "content": "69dc9c1b17446ee79a92bf5b884bb4b9127506f5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/text-hex@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/3rd-Eden/text-hex", + "type": "website" + }, + { + "url": "https://github.com/3rd-Eden/text-hex/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/3rd-Eden/text-hex.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/enabled@2.0.0", + "name": "enabled", + "version": "2.0.0", + "description": "Check if a certain debug flag is enabled.", + "hashes": [ + { + "alg": "SHA-1", + "content": "f9dd92ec2d6f4bbc0d5d1e64e21d61cd4665e7c2" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/enabled@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/3rd-Eden/enabled#readme", + "type": "website" + }, + { + "url": "https://github.com/3rd-Eden/enabled/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/3rd-Eden/enabled.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/kuler@2.0.0", + "name": "kuler", + "version": "2.0.0", + "description": "Color your terminal using CSS/hex color codes", + "hashes": [ + { + "alg": "SHA-1", + "content": "e2c570a3800388fb44407e851531c1d670b061b3" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/kuler@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/3rd-Eden/kuler", + "type": "website" + }, + { + "url": "https://github.com/3rd-Eden/kuler/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/3rd-Eden/kuler.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/async@3.2.0", + "name": "async", + "version": "3.2.0", + "description": "Higher-order functions and common patterns for asynchronous code", + "hashes": [ + { + "alg": "SHA-1", + "content": "b3a2685c5ebb641d3de02d161002c60fc9f85720" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/async@3.2.0", + "externalReferences": [ + { + "url": "https://caolan.github.io/async/", + "type": "website" + }, + { + "url": "https://github.com/caolan/async/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/caolan/async.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/is-stream@2.0.0", + "name": "is-stream", + "version": "2.0.0", + "description": "Check if something is a Node.js stream", + "hashes": [ + { + "alg": "SHA-1", + "content": "bde9c32680d6fae04129d6ac9d921ce7815f78e3" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-stream@2.0.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/is-stream#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/is-stream/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/is-stream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/logform@2.2.0", + "name": "logform", + "version": "2.2.0", + "description": "An mutable object-based log format designed for chaining \u0026 objectMode streams.", + "hashes": [ + { + "alg": "SHA-1", + "content": "40f036d19161fc76b68ab50fdc7fe495544492f2" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/logform@2.2.0", + "externalReferences": [ + { + "url": "https://github.com/winstonjs/logform#readme", + "type": "website" + }, + { + "url": "https://github.com/winstonjs/logform/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/winstonjs/logform.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/fast-safe-stringify@2.0.7", + "name": "fast-safe-stringify", + "version": "2.0.7", + "description": "Safely and quickly serialize JavaScript objects", + "hashes": [ + { + "alg": "SHA-1", + "content": "124aa885899261f68aedb42a7c080de9da608743" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fast-safe-stringify@2.0.7", + "externalReferences": [ + { + "url": "https://github.com/davidmarkclements/fast-safe-stringify#readme", + "type": "website" + }, + { + "url": "https://github.com/davidmarkclements/fast-safe-stringify/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/davidmarkclements/fast-safe-stringify.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/fecha@4.2.0", + "name": "fecha", + "version": "4.2.0", + "description": "Date formatting and parsing", + "hashes": [ + { + "alg": "SHA-1", + "content": "3ffb6395453e3f3efff850404f0a59b6747f5f41" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fecha@4.2.0", + "externalReferences": [ + { + "url": "https://github.com/taylorhakes/fecha", + "type": "website" + }, + { + "url": "https://github.com/taylorhakes/fecha/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://taylorhakes@github.com/taylorhakes/fecha.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/triple-beam@1.3.0", + "name": "triple-beam", + "version": "1.3.0", + "description": "Definitions of levels for logging purposes \u0026 shareable Symbol constants.", + "hashes": [ + { + "alg": "SHA-1", + "content": "a595214c7298db8339eeeee083e4d10bd8cb8dd9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/triple-beam@1.3.0", + "externalReferences": [ + { + "url": "https://github.com/winstonjs/triple-beam#readme", + "type": "website" + }, + { + "url": "https://github.com/winstonjs/triple-beam/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/winstonjs/triple-beam.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/one-time@1.0.0", + "name": "one-time", + "version": "1.0.0", + "description": "Run the supplied function exactly one time (once)", + "hashes": [ + { + "alg": "SHA-1", + "content": "e06bc174aed214ed58edede573b433bbf827cb45" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/one-time@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/3rd-Eden/one-time#readme", + "type": "website" + }, + { + "url": "https://github.com/3rd-Eden/one-time/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/3rd-Eden/one-time.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/fn.name@1.1.0", + "name": "fn.name", + "version": "1.1.0", + "description": "Extract names from functions", + "hashes": [ + { + "alg": "SHA-1", + "content": "26cad8017967aea8731bc42961d04a3d5988accc" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/fn.name@1.1.0", + "externalReferences": [ + { + "url": "https://github.com/3rd-Eden/fn.name", + "type": "website" + }, + { + "url": "https://github.com/3rd-Eden/fn.name/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/3rd-Eden/fn.name.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/readable-stream@3.6.0", + "name": "readable-stream", + "version": "3.6.0", + "description": "Streams3, a user-land copy of the stream library from Node.js", + "hashes": [ + { + "alg": "SHA-1", + "content": "337bbda3adc0706bd3e024426a286d4b4b2c9198" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/readable-stream@3.6.0", + "externalReferences": [ + { + "url": "https://github.com/nodejs/readable-stream#readme", + "type": "website" + }, + { + "url": "https://github.com/nodejs/readable-stream/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/nodejs/readable-stream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/stack-trace@0.0.10", + "name": "stack-trace", + "version": "0.0.10", + "description": "Get v8 stack traces as an array of CallSite objects.", + "hashes": [ + { + "alg": "SHA-1", + "content": "547c70b347e8d32b4e108ea1a2a159e5fdde19c0" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/stack-trace@0.0.10", + "externalReferences": [ + { + "url": "https://github.com/felixge/node-stack-trace", + "type": "website" + }, + { + "url": "https://github.com/felixge/node-stack-trace/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/felixge/node-stack-trace.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/winston-transport@4.4.0", + "name": "winston-transport", + "version": "4.4.0", + "description": "Base stream implementations for winston@3 and up.", + "hashes": [ + { + "alg": "SHA-1", + "content": "17af518daa690d5b2ecccaa7acf7b20ca7925e59" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/winston-transport@4.4.0", + "externalReferences": [ + { + "url": "https://github.com/winstonjs/winston-transport#readme", + "type": "website" + }, + { + "url": "https://github.com/winstonjs/winston-transport/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bssh://git@github.com/winstonjs/winston-transport.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/yaml-schema-validator@1.2.2", + "name": "yaml-schema-validator", + "version": "1.2.2", + "description": "Schema validator for yaml files", + "hashes": [ + { + "alg": "SHA-1", + "content": "48d85ccda92fed3acc51cdf706530c2927e09807" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yaml-schema-validator@1.2.2", + "externalReferences": [ + { + "url": "https://github.com/ketanTechracers/schema-validator#readme", + "type": "website" + }, + { + "url": "https://github.com/ketanTechracers/schema-validator/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/ketanTechracers/schema-validator.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/commander@2.20.3", + "name": "commander", + "version": "2.20.3", + "description": "the complete solution for node.js command-line programs", + "hashes": [ + { + "alg": "SHA-1", + "content": "fd485e84c03eb4881c20722ba48035e8531aeb33" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/commander@2.20.3", + "externalReferences": [ + { + "url": "https://github.com/tj/commander.js#readme", + "type": "website" + }, + { + "url": "https://github.com/tj/commander.js/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/tj/commander.js.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/validate@4.5.1", + "name": "validate", + "version": "4.5.1", + "description": "Validate object properties in javascript.", + "hashes": [ + { + "alg": "SHA-1", + "content": "ba36b8450b4bad4ccf52d666ba80abb2c01cace2" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/validate@4.5.1", + "externalReferences": [ + { + "url": "https://github.com/eivindfjeldstad/validate#readme", + "type": "website" + }, + { + "url": "https://github.com/eivindfjeldstad/validate/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/eivindfjeldstad/validate.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/component-type@1.2.1", + "name": "component-type", + "version": "1.2.1", + "description": "Cross-browser type assertions (less broken typeof)", + "hashes": [ + { + "alg": "SHA-1", + "content": "8a47901700238e4fc32269771230226f24b415a9" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/component-type@1.2.1", + "externalReferences": [ + { + "url": "https://github.com/component/type#readme", + "type": "website" + }, + { + "url": "https://github.com/component/type/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/component/type.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/eivindfjeldstad-dot@0.0.1", + "name": "eivindfjeldstad-dot", + "version": "0.0.1", + "description": "Get and set object properties with dot notation", + "hashes": [ + { + "alg": "SHA-1", + "content": "22fc976bfaf306e0839a31db8e8213480fafb893" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/eivindfjeldstad-dot@0.0.1", + "externalReferences": [ + { + "url": "https://github.com/eivindfjeldstad/dot", + "type": "website" + }, + { + "url": "https://github.com/eivindfjeldstad/dot/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/eivindfjeldstad/dot.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/typecast@0.0.1", + "name": "typecast", + "version": "0.0.1", + "description": "Simple typecasting", + "hashes": [ + { + "alg": "SHA-1", + "content": "fffb75dcb6bdf1def8e293b6b6e893d6c1ed19de" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/typecast@0.0.1", + "externalReferences": [ + { + "url": "https://github.com/eivindfjeldstad/typecast#readme", + "type": "website" + }, + { + "url": "https://github.com/eivindfjeldstad/typecast/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/eivindfjeldstad/typecast.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/z85@0.0.2", + "name": "z85", + "version": "0.0.2", + "description": "ZeroMQ Base-85 Encoding", + "hashes": [ + { + "alg": "SHA-1", + "content": "45d353b13e4ee3d376c3fbd37dcda85feed8b0d3" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/z85@0.0.2", + "externalReferences": [ + { + "url": "https://github.com/msealand/z85.node", + "type": "website" + }, + { + "url": "https://github.com/msealand/z85.node/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/msealand/z85.node.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/expand-template@2.0.3", + "name": "expand-template", + "version": "2.0.3", + "description": "Expand placeholders in a template string", + "hashes": [ + { + "alg": "SHA-1", + "content": "6e14b3fcee0f3a6340ecb57d2e8918692052a47c" + } + ], + "licenses": [ + { + "license": { + "name": "(MIT OR WTFPL)" + } + } + ], + "purl": "pkg:npm/expand-template@2.0.3", + "externalReferences": [ + { + "url": "https://github.com/ralphtheninja/expand-template", + "type": "website" + }, + { + "url": "https://github.com/ralphtheninja/expand-template/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/ralphtheninja/expand-template.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/github-from-package@0.0.0", + "name": "github-from-package", + "version": "0.0.0", + "description": "return the github url from a package.json file", + "hashes": [ + { + "alg": "SHA-1", + "content": "97fb5d96bfde8973313f20e8288ef9a167fa64ce" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/github-from-package@0.0.0", + "externalReferences": [ + { + "url": "https://github.com/substack/github-from-package", + "type": "website" + }, + { + "url": "https://github.com/substack/github-from-package/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/substack/github-from-package.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/iltorb@2.4.5", + "name": "iltorb", + "version": "2.4.5", + "description": "Brotli compression/decompression with native bindings", + "hashes": [ + { + "alg": "SHA-1", + "content": "d64434b527099125c6839ed48b666247a172ef87" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/iltorb@2.4.5", + "externalReferences": [ + { + "url": "https://github.com/nstepien/iltorb", + "type": "website" + }, + { + "url": "https://github.com/nstepien/iltorb/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/nstepien/iltorb.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/prebuild-install@5.3.5", + "name": "prebuild-install", + "version": "5.3.5", + "description": "A command line tool to easily install prebuilt binaries for multiple version of node/iojs on a specific platform", + "hashes": [ + { + "alg": "SHA-1", + "content": "e7e71e425298785ea9d22d4f958dbaccf8bb0e1b" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/prebuild-install@5.3.5", + "externalReferences": [ + { + "url": "https://github.com/prebuild/prebuild-install", + "type": "website" + }, + { + "url": "https://github.com/prebuild/prebuild-install/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/prebuild/prebuild-install.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/napi-build-utils@1.0.2", + "name": "napi-build-utils", + "version": "1.0.2", + "description": "A set of utilities to assist developers of tools that build N-API native add-ons", + "hashes": [ + { + "alg": "SHA-1", + "content": "b1fddc0b2c46e380a0b7a76f984dd47c41a13806" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/napi-build-utils@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/inspiredware/napi-build-utils#readme", + "type": "website" + }, + { + "url": "https://github.com/inspiredware/napi-build-utils/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/inspiredware/napi-build-utils.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/node-abi@2.18.0", + "name": "node-abi", + "version": "2.18.0", + "description": "Get the Node ABI for a given target and runtime, and vice versa.", + "hashes": [ + { + "alg": "SHA-1", + "content": "1f5486cfd7d38bd4f5392fa44a4ad4d9a0dffbf4" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/node-abi@2.18.0", + "externalReferences": [ + { + "url": "https://github.com/lgeiger/node-abi#readme", + "type": "website" + }, + { + "url": "https://github.com/lgeiger/node-abi/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/lgeiger/node-abi.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/noop-logger@0.1.1", + "name": "noop-logger", + "version": "0.1.1", + "description": "A logger that does exactly nothing.", + "hashes": [ + { + "alg": "SHA-1", + "content": "94a2b1633c4f1317553007d8966fd0e841b6a4c2" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/noop-logger@0.1.1", + "externalReferences": [ + { + "url": "https://github.com/segmentio/noop-logger#readme", + "type": "website" + }, + { + "url": "https://github.com/segmentio/noop-logger/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/segmentio/noop-logger.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/pump@3.0.0", + "name": "pump", + "version": "3.0.0", + "description": "pipe streams together and close all of them if one of them closes", + "hashes": [ + { + "alg": "SHA-1", + "content": "b4a2116815bde2f4e1ea602354e8c75565107a64" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pump@3.0.0", + "externalReferences": [ + { + "url": "https://github.com/mafintosh/pump#readme", + "type": "website" + }, + { + "url": "https://github.com/mafintosh/pump/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/mafintosh/pump.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/simple-get@3.1.0", + "name": "simple-get", + "version": "3.1.0", + "description": "Simplest way to make http get requests. Supports HTTPS, redirects, gzip/deflate, streams in \u003C 100 lines.", + "hashes": [ + { + "alg": "SHA-1", + "content": "b45be062435e50d159540b576202ceec40b9c6b3" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/simple-get@3.1.0", + "externalReferences": [ + { + "url": "https://github.com/feross/simple-get", + "type": "website" + }, + { + "url": "https://github.com/feross/simple-get/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/feross/simple-get.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/decompress-response@4.2.1", + "name": "decompress-response", + "version": "4.2.1", + "description": "Decompress a HTTP response if needed", + "hashes": [ + { + "alg": "SHA-1", + "content": "414023cc7a302da25ce2ec82d0d5238ccafd8986" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decompress-response@4.2.1", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/decompress-response#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/decompress-response/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/decompress-response.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/mimic-response@2.1.0", + "name": "mimic-response", + "version": "2.1.0", + "description": "Mimic a Node.js HTTP response stream", + "hashes": [ + { + "alg": "SHA-1", + "content": "d13763d35f613d09ec37ebb30bac0469c0ee8f43" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mimic-response@2.1.0", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/mimic-response#readme", + "type": "website" + }, + { + "url": "https://github.com/sindresorhus/mimic-response/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/sindresorhus/mimic-response.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/simple-concat@1.0.0", + "name": "simple-concat", + "version": "1.0.0", + "description": "Super-minimalist version of \u0060concat-stream\u0060. Less than 15 lines!", + "hashes": [ + { + "alg": "SHA-1", + "content": "7344cbb8b6e26fb27d66b2fc86f9f6d5997521c6" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/simple-concat@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/feross/simple-concat", + "type": "website" + }, + { + "url": "https://github.com/feross/simple-concat/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/feross/simple-concat.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/tar-fs@2.1.0", + "name": "tar-fs", + "version": "2.1.0", + "description": "filesystem bindings for tar-stream", + "hashes": [ + { + "alg": "SHA-1", + "content": "d1cdd121ab465ee0eb9ccde2d35049d3f3daf0d5" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tar-fs@2.1.0", + "externalReferences": [ + { + "url": "https://github.com/mafintosh/tar-fs", + "type": "website" + }, + { + "url": "https://github.com/mafintosh/tar-fs/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mafintosh/tar-fs.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/mkdirp-classic@0.5.3", + "name": "mkdirp-classic", + "version": "0.5.3", + "description": "Mirror of mkdirp 0.5.2", + "hashes": [ + { + "alg": "SHA-1", + "content": "fa10c9115cc6d8865be221ba47ee9bed78601113" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/mkdirp-classic@0.5.3", + "externalReferences": [ + { + "url": "https://github.com/mafintosh/mkdirp-classic", + "type": "website" + }, + { + "url": "https://github.com/mafintosh/mkdirp-classic/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mafintosh/mkdirp-classic.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/tar-stream@2.1.3", + "name": "tar-stream", + "version": "2.1.3", + "description": "tar-stream is a streaming tar parser and generator and nothing else. It is streams2 and operates purely using streams which means you can easily extract/parse tarballs without ever hitting the file system.", + "hashes": [ + { + "alg": "SHA-1", + "content": "1e2022559221b7866161660f118255e20fa79e41" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/tar-stream@2.1.3", + "externalReferences": [ + { + "url": "https://github.com/mafintosh/tar-stream", + "type": "website" + }, + { + "url": "https://github.com/mafintosh/tar-stream/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/mafintosh/tar-stream.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/bl@4.0.2", + "name": "bl", + "version": "4.0.2", + "description": "Buffer List: collect buffers and access with a standard readable Buffer interface, streamable too!", + "hashes": [ + { + "alg": "SHA-1", + "content": "52b71e9088515d0606d9dd9cc7aa48dc1f98e73a" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/bl@4.0.2", + "externalReferences": [ + { + "url": "https://github.com/rvagg/bl", + "type": "website" + }, + { + "url": "https://github.com/rvagg/bl/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/rvagg/bl.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/inherits@2.0.4", + "name": "inherits", + "version": "2.0.4", + "description": "Browser-friendly inheritance fully compatible with standard node.js inherits()", + "hashes": [ + { + "alg": "SHA-1", + "content": "0fa2c64f932917c3433a0ded55363aae37416b7c" + } + ], + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/inherits@2.0.4", + "externalReferences": [ + { + "url": "https://github.com/isaacs/inherits#readme", + "type": "website" + }, + { + "url": "https://github.com/isaacs/inherits/issues", + "type": "issue-tracker" + }, + { + "url": "git://github.com/isaacs/inherits.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/which-pm-runs@1.0.0", + "name": "which-pm-runs", + "version": "1.0.0", + "description": "Detects what package manager executes the process", + "hashes": [ + { + "alg": "SHA-1", + "content": "670b3afbc552e0b55df6b7780ca74615f23ad1cb" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/which-pm-runs@1.0.0", + "externalReferences": [ + { + "url": "https://github.com/zkochan/which-pm-runs#readme", + "type": "website" + }, + { + "url": "https://github.com/zkochan/which-pm-runs/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/zkochan/which-pm-runs.git", + "type": "vcs" + } + ] + }, + { + "type": "library", + "bom-ref": "juice-shop@11.1.2:pkg:npm/uglify-to-browserify@1.0.2", + "name": "uglify-to-browserify", + "version": "1.0.2", + "description": "A transform to make UglifyJS work in browserify.", + "hashes": [ + { + "alg": "SHA-1", + "content": "6e0924d6bda6b5afe349e39a6d632850a0f882b7" + } + ], + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/uglify-to-browserify@1.0.2", + "externalReferences": [ + { + "url": "https://github.com/ForbesLindesay/uglify-to-browserify#readme", + "type": "website" + }, + { + "url": "https://github.com/ForbesLindesay/uglify-to-browserify/issues", + "type": "issue-tracker" + }, + { + "url": "git\u002Bhttps://github.com/ForbesLindesay/uglify-to-browserify.git", + "type": "vcs" + } + ] + } + ] + }, + { + "type": "file", + "bom-ref": ".@:af63bd4c8601b7f1", + "name": ".", + "components": [ + { + "type": "library", + "bom-ref": ".@:pkg:gem/actioncable@6.0.0?package-id=7ed6cbf7a1b3708b", + "name": "actioncable", + "version": "6.0.0", + "cpe": "cpe:2.3:a:actioncable:actioncable:6.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/actioncable@6.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:actioncable:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:actioncable:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:actioncable:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:actioncable:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/actionmailbox@6.0.0?package-id=ed0004e9bb29cba5", + "name": "actionmailbox", + "version": "6.0.0", + "cpe": "cpe:2.3:a:actionmailbox:actionmailbox:6.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/actionmailbox@6.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:actionmailbox:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:actionmailbox:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:actionmailbox:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:actionmailbox:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/actionmailer@6.0.0?package-id=4ac68c63617942a", + "name": "actionmailer", + "version": "6.0.0", + "cpe": "cpe:2.3:a:actionmailer:actionmailer:6.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/actionmailer@6.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:actionmailer:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:actionmailer:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:actionmailer:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:actionmailer:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/actionpack@6.0.0?package-id=2cd9fb97e41ca90f", + "name": "actionpack", + "version": "6.0.0", + "cpe": "cpe:2.3:a:actionpack:actionpack:6.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/actionpack@6.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:actionpack:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:actionpack:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:actionpack:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:actionpack:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/actiontext@6.0.0?package-id=3c9642a3903b6bc5", + "name": "actiontext", + "version": "6.0.0", + "cpe": "cpe:2.3:a:actiontext:actiontext:6.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/actiontext@6.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:actiontext:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:actiontext:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:actiontext:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:actiontext:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/actionview@6.0.0?package-id=85737a1217d50631", + "name": "actionview", + "version": "6.0.0", + "cpe": "cpe:2.3:a:actionview:actionview:6.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/actionview@6.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:actionview:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:actionview:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:actionview:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:actionview:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/activejob@6.0.0?package-id=c7fa06df652ad579", + "name": "activejob", + "version": "6.0.0", + "cpe": "cpe:2.3:a:activejob:activejob:6.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/activejob@6.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:activejob:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:activejob:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:activejob:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:activejob:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/activemodel@6.0.0?package-id=b874cc0e3e8f0d7e", + "name": "activemodel", + "version": "6.0.0", + "cpe": "cpe:2.3:a:activemodel:activemodel:6.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/activemodel@6.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:activemodel:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:activemodel:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:activemodel:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:activemodel:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/activerecord@6.0.0?package-id=ec0f097f32b1f6e0", + "name": "activerecord", + "version": "6.0.0", + "cpe": "cpe:2.3:a:activerecord:activerecord:6.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/activerecord@6.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:activerecord:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:activerecord:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:activerecord:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:activerecord:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/activestorage@6.0.0?package-id=44092806a1454ee2", + "name": "activestorage", + "version": "6.0.0", + "cpe": "cpe:2.3:a:activestorage:activestorage:6.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/activestorage@6.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:activestorage:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:activestorage:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:activestorage:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:activestorage:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/activesupport@6.0.0?package-id=39409bad135d482a", + "name": "activesupport", + "version": "6.0.0", + "cpe": "cpe:2.3:a:activesupport:activesupport:6.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/activesupport@6.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:activesupport:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:activesupport:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:activesupport:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:activesupport:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/addressable@2.7.0?package-id=8c87a985795a5e52", + "name": "addressable", + "version": "2.7.0", + "cpe": "cpe:2.3:a:addressable:addressable:2.7.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/addressable@2.7.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:addressable:2.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:addressable:2.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:addressable:2.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:addressable:2.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/aruba@0.14.12?package-id=dafc2484acbeb43a", + "name": "aruba", + "version": "0.14.12", + "cpe": "cpe:2.3:a:ruby-lang:aruba:0.14.12:*:*:*:*:*:*:*", + "purl": "pkg:gem/aruba@0.14.12", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:aruba:0.14.12:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:aruba:aruba:0.14.12:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:aruba:0.14.12:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:aruba:0.14.12:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/ast@2.4.0?package-id=aa95ac890f495e7f", + "name": "ast", + "version": "2.4.0", + "cpe": "cpe:2.3:a:ruby-lang:ast:2.4.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/ast@2.4.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:ast:2.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:ast:2.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ast:ast:2.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:ast:2.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/backports@3.15.0?package-id=8d86c4cd10385ec2", + "name": "backports", + "version": "3.15.0", + "cpe": "cpe:2.3:a:backports:backports:3.15.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/backports@3.15.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:backports:3.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:backports:3.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:backports:3.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:backports:3.15.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/bcrypt@3.1.13?package-id=91a727e0319bf660", + "name": "bcrypt", + "version": "3.1.13", + "cpe": "cpe:2.3:a:ruby-lang:bcrypt:3.1.13:*:*:*:*:*:*:*", + "purl": "pkg:gem/bcrypt@3.1.13", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:bcrypt:3.1.13:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bcrypt:bcrypt:3.1.13:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:bcrypt:3.1.13:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:bcrypt:3.1.13:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/better_errors@2.5.1?package-id=71a837cd2c0b6dbc", + "name": "better_errors", + "version": "2.5.1", + "cpe": "cpe:2.3:a:better-errors:better-errors:2.5.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/better_errors@2.5.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:better-errors:better_errors:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:better_errors:better-errors:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:better_errors:better_errors:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:better-errors:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:better_errors:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:better-errors:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:better_errors:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:better:better-errors:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:better:better_errors:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:better-errors:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:better_errors:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:better-errors:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:better_errors:2.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/binding_of_caller@0.8.0?package-id=b08c7cee6519f6ac", + "name": "binding_of_caller", + "version": "0.8.0", + "cpe": "cpe:2.3:a:binding-of-caller:binding-of-caller:0.8.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/binding_of_caller@0.8.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:binding-of-caller:binding_of_caller:0.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:binding_of_caller:binding-of-caller:0.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:binding_of_caller:binding_of_caller:0.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:binding-of:binding-of-caller:0.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:binding-of:binding_of_caller:0.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:binding_of:binding-of-caller:0.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:binding_of:binding_of_caller:0.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:binding-of-caller:0.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:binding_of_caller:0.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:binding-of-caller:0.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:binding_of_caller:0.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:binding:binding-of-caller:0.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:binding:binding_of_caller:0.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:binding-of-caller:0.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:binding_of_caller:0.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:binding-of-caller:0.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:binding_of_caller:0.8.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/builder@3.2.3?package-id=fe55b0f2bb170704", + "name": "builder", + "version": "3.2.3", + "cpe": "cpe:2.3:a:ruby-lang:builder:3.2.3:*:*:*:*:*:*:*", + "purl": "pkg:gem/builder@3.2.3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:builder:3.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:builder:builder:3.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:builder:3.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:builder:3.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/bundler-audit@0.6.1?package-id=b79029d06ed4ca98", + "name": "bundler-audit", + "version": "0.6.1", + "cpe": "cpe:2.3:a:bundler-audit:bundler-audit:0.6.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/bundler-audit@0.6.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bundler-audit:bundler_audit:0.6.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bundler_audit:bundler-audit:0.6.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bundler_audit:bundler_audit:0.6.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:bundler-audit:0.6.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:bundler_audit:0.6.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:bundler-audit:0.6.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:bundler_audit:0.6.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bundler:bundler-audit:0.6.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:bundler:bundler_audit:0.6.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:bundler-audit:0.6.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:bundler_audit:0.6.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:bundler-audit:0.6.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:bundler_audit:0.6.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/capybara@3.29.0?package-id=3b3ea66cf12c825d", + "name": "capybara", + "version": "3.29.0", + "cpe": "cpe:2.3:a:ruby-lang:capybara:3.29.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/capybara@3.29.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:capybara:3.29.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:capybara:capybara:3.29.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:capybara:3.29.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:capybara:3.29.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/childprocess@3.0.0?package-id=e5414301bd050548", + "name": "childprocess", + "version": "3.0.0", + "cpe": "cpe:2.3:a:childprocess:childprocess:3.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/childprocess@3.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:childprocess:3.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:childprocess:3.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:childprocess:3.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:childprocess:3.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/cliver@0.3.2?package-id=916f4a0256c019d7", + "name": "cliver", + "version": "0.3.2", + "cpe": "cpe:2.3:a:ruby-lang:cliver:0.3.2:*:*:*:*:*:*:*", + "purl": "pkg:gem/cliver@0.3.2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:cliver:0.3.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cliver:cliver:0.3.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:cliver:0.3.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:cliver:0.3.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/coderay@1.1.2?package-id=c616ec1f8cd20586", + "name": "coderay", + "version": "1.1.2", + "cpe": "cpe:2.3:a:ruby-lang:coderay:1.1.2:*:*:*:*:*:*:*", + "purl": "pkg:gem/coderay@1.1.2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:coderay:1.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coderay:coderay:1.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:coderay:1.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:coderay:1.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/coffee-rails@5.0.0?package-id=b1d35a0911b5dfa7", + "name": "coffee-rails", + "version": "5.0.0", + "cpe": "cpe:2.3:a:coffee-rails:coffee-rails:5.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/coffee-rails@5.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coffee-rails:coffee_rails:5.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coffee_rails:coffee-rails:5.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coffee_rails:coffee_rails:5.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:coffee-rails:5.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:coffee_rails:5.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:coffee-rails:5.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:coffee_rails:5.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coffee:coffee-rails:5.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coffee:coffee_rails:5.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:coffee-rails:5.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:coffee_rails:5.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:coffee-rails:5.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:coffee_rails:5.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/coffee-script@2.4.1?package-id=97090437492af293", + "name": "coffee-script", + "version": "2.4.1", + "cpe": "cpe:2.3:a:coffee-script:coffee-script:2.4.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/coffee-script@2.4.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coffee-script:coffee_script:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coffee_script:coffee-script:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coffee_script:coffee_script:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:coffee-script:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:coffee_script:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:coffee-script:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:coffee_script:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coffee:coffee-script:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coffee:coffee_script:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:coffee-script:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:coffee_script:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:coffee-script:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:coffee_script:2.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/coffee-script-source@1.12.2?package-id=a778b2eea07faee2", + "name": "coffee-script-source", + "version": "1.12.2", + "cpe": "cpe:2.3:a:coffee-script-source:coffee-script-source:1.12.2:*:*:*:*:*:*:*", + "purl": "pkg:gem/coffee-script-source@1.12.2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coffee-script-source:coffee_script_source:1.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coffee_script_source:coffee-script-source:1.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coffee_script_source:coffee_script_source:1.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coffee-script:coffee-script-source:1.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coffee-script:coffee_script_source:1.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coffee_script:coffee-script-source:1.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coffee_script:coffee_script_source:1.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:coffee-script-source:1.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:coffee_script_source:1.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:coffee-script-source:1.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:coffee_script_source:1.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coffee:coffee-script-source:1.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:coffee:coffee_script_source:1.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:coffee-script-source:1.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:coffee_script_source:1.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:coffee-script-source:1.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:coffee_script_source:1.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/concurrent-ruby@1.1.5?package-id=8b4cd7bf41fed1e0", + "name": "concurrent-ruby", + "version": "1.1.5", + "cpe": "cpe:2.3:a:concurrent-ruby:concurrent-ruby:1.1.5:*:*:*:*:*:*:*", + "purl": "pkg:gem/concurrent-ruby@1.1.5", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:concurrent-ruby:concurrent_ruby:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:concurrent_ruby:concurrent-ruby:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:concurrent_ruby:concurrent_ruby:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:concurrent:concurrent-ruby:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:concurrent:concurrent_ruby:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:concurrent-ruby:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:concurrent_ruby:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:concurrent-ruby:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:concurrent_ruby:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:concurrent-ruby:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:concurrent_ruby:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:concurrent-ruby:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:concurrent_ruby:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/contracts@0.16.0?package-id=de8099bde5c07d41", + "name": "contracts", + "version": "0.16.0", + "cpe": "cpe:2.3:a:contracts:contracts:0.16.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/contracts@0.16.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:contracts:0.16.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:contracts:0.16.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:contracts:0.16.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:contracts:0.16.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/crass@1.0.5?package-id=e900a3a26bd54be1", + "name": "crass", + "version": "1.0.5", + "cpe": "cpe:2.3:a:ruby-lang:crass:1.0.5:*:*:*:*:*:*:*", + "purl": "pkg:gem/crass@1.0.5", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:crass:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:crass:crass:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:crass:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:crass:1.0.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/cucumber@3.1.2?package-id=10aad838a7547213", + "name": "cucumber", + "version": "3.1.2", + "cpe": "cpe:2.3:a:ruby-lang:cucumber:3.1.2:*:*:*:*:*:*:*", + "purl": "pkg:gem/cucumber@3.1.2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:cucumber:3.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber:cucumber:3.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:cucumber:3.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:cucumber:3.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/cucumber-core@3.2.1?package-id=f4170da2ccf9df16", + "name": "cucumber-core", + "version": "3.2.1", + "cpe": "cpe:2.3:a:cucumber-core:cucumber-core:3.2.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/cucumber-core@3.2.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber-core:cucumber_core:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber_core:cucumber-core:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber_core:cucumber_core:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:cucumber-core:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:cucumber_core:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:cucumber-core:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:cucumber_core:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber:cucumber-core:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber:cucumber_core:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:cucumber-core:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:cucumber_core:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:cucumber-core:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:cucumber_core:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/cucumber-expressions@6.0.1?package-id=1c09f8b1355ee2fc", + "name": "cucumber-expressions", + "version": "6.0.1", + "cpe": "cpe:2.3:a:cucumber-expressions:cucumber-expressions:6.0.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/cucumber-expressions@6.0.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber-expressions:cucumber_expressions:6.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber_expressions:cucumber-expressions:6.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber_expressions:cucumber_expressions:6.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:cucumber-expressions:6.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:cucumber_expressions:6.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:cucumber-expressions:6.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:cucumber_expressions:6.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber:cucumber-expressions:6.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber:cucumber_expressions:6.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:cucumber-expressions:6.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:cucumber_expressions:6.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:cucumber-expressions:6.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:cucumber_expressions:6.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/cucumber-tag_expressions@1.1.1?package-id=de04ddaf834aa4b2", + "name": "cucumber-tag_expressions", + "version": "1.1.1", + "cpe": "cpe:2.3:a:cucumber-tag-expressions:cucumber-tag-expressions:1.1.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/cucumber-tag_expressions@1.1.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber-tag-expressions:cucumber-tag_expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber-tag-expressions:cucumber_tag_expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber-tag_expressions:cucumber-tag-expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber-tag_expressions:cucumber-tag_expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber-tag_expressions:cucumber_tag_expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber_tag_expressions:cucumber-tag-expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber_tag_expressions:cucumber-tag_expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber_tag_expressions:cucumber_tag_expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber-tag:cucumber-tag-expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber-tag:cucumber-tag_expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber-tag:cucumber_tag_expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber_tag:cucumber-tag-expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber_tag:cucumber-tag_expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber_tag:cucumber_tag_expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:cucumber-tag-expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:cucumber-tag_expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:cucumber_tag_expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:cucumber-tag-expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:cucumber-tag_expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:cucumber_tag_expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber:cucumber-tag-expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber:cucumber-tag_expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber:cucumber_tag_expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:cucumber-tag-expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:cucumber-tag_expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:cucumber_tag_expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:cucumber-tag-expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:cucumber-tag_expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:cucumber_tag_expressions:1.1.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/cucumber-wire@0.0.1?package-id=1932e28271d6aa59", + "name": "cucumber-wire", + "version": "0.0.1", + "cpe": "cpe:2.3:a:cucumber-wire:cucumber-wire:0.0.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/cucumber-wire@0.0.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber-wire:cucumber_wire:0.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber_wire:cucumber-wire:0.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber_wire:cucumber_wire:0.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:cucumber-wire:0.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:cucumber_wire:0.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:cucumber-wire:0.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:cucumber_wire:0.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber:cucumber-wire:0.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:cucumber:cucumber_wire:0.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:cucumber-wire:0.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:cucumber_wire:0.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:cucumber-wire:0.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:cucumber_wire:0.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/database_cleaner@1.7.0?package-id=bf6e440540dc01c1", + "name": "database_cleaner", + "version": "1.7.0", + "cpe": "cpe:2.3:a:database-cleaner:database-cleaner:1.7.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/database_cleaner@1.7.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:database-cleaner:database_cleaner:1.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:database_cleaner:database-cleaner:1.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:database_cleaner:database_cleaner:1.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:database-cleaner:1.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:database_cleaner:1.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:database-cleaner:1.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:database_cleaner:1.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:database:database-cleaner:1.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:database:database_cleaner:1.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:database-cleaner:1.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:database_cleaner:1.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:database-cleaner:1.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:database_cleaner:1.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/debug_inspector@0.0.3?package-id=93f7c0279261f55d", + "name": "debug_inspector", + "version": "0.0.3", + "cpe": "cpe:2.3:a:debug-inspector:debug-inspector:0.0.3:*:*:*:*:*:*:*", + "purl": "pkg:gem/debug_inspector@0.0.3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:debug-inspector:debug_inspector:0.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:debug_inspector:debug-inspector:0.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:debug_inspector:debug_inspector:0.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:debug-inspector:0.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:debug_inspector:0.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:debug-inspector:0.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:debug_inspector:0.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:debug:debug-inspector:0.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:debug:debug_inspector:0.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:debug-inspector:0.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:debug_inspector:0.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:debug-inspector:0.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:debug_inspector:0.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/diff-lcs@1.3?package-id=21768b75f81840f0", + "name": "diff-lcs", + "version": "1.3", + "cpe": "cpe:2.3:a:ruby-lang:diff-lcs:1.3:*:*:*:*:*:*:*", + "purl": "pkg:gem/diff-lcs@1.3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:diff_lcs:1.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:diff-lcs:1.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:diff_lcs:1.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:diff-lcs:diff-lcs:1.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:diff-lcs:diff_lcs:1.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:diff_lcs:diff-lcs:1.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:diff_lcs:diff_lcs:1.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:diff:diff-lcs:1.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:diff:diff_lcs:1.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:diff-lcs:1.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:diff_lcs:1.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:diff-lcs:1.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:diff_lcs:1.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/docile@1.3.2?package-id=604e597fb5e5db48", + "name": "docile", + "version": "1.3.2", + "cpe": "cpe:2.3:a:ruby-lang:docile:1.3.2:*:*:*:*:*:*:*", + "purl": "pkg:gem/docile@1.3.2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:docile:1.3.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:docile:docile:1.3.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:docile:1.3.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:docile:1.3.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/em-websocket@0.5.1?package-id=cecbfd6f3240f387", + "name": "em-websocket", + "version": "0.5.1", + "cpe": "cpe:2.3:a:em-websocket:em-websocket:0.5.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/em-websocket@0.5.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:em-websocket:em_websocket:0.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:em_websocket:em-websocket:0.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:em_websocket:em_websocket:0.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:em-websocket:0.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:em_websocket:0.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:em-websocket:0.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:em_websocket:0.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:em-websocket:0.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:em_websocket:0.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:em:em-websocket:0.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:em:em_websocket:0.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:em-websocket:0.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:em_websocket:0.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/erubi@1.9.0?package-id=96a6b4bef50a87c6", + "name": "erubi", + "version": "1.9.0", + "cpe": "cpe:2.3:a:ruby-lang:erubi:1.9.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/erubi@1.9.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:erubi:1.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:erubi:erubi:1.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:erubi:1.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:erubi:1.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/eventmachine@1.2.7?package-id=5a084c3f5148cf2e", + "name": "eventmachine", + "version": "1.2.7", + "cpe": "cpe:2.3:a:eventmachine:eventmachine:1.2.7:*:*:*:*:*:*:*", + "purl": "pkg:gem/eventmachine@1.2.7", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:eventmachine:1.2.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:eventmachine:1.2.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:eventmachine:1.2.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:eventmachine:1.2.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/execjs@2.7.0?package-id=a6f1c0383455a5a7", + "name": "execjs", + "version": "2.7.0", + "cpe": "cpe:2.3:a:ruby-lang:execjs:2.7.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/execjs@2.7.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:execjs:2.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:execjs:execjs:2.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:execjs:2.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:execjs:2.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/ffi@1.11.1?package-id=bb5971240672fd03", + "name": "ffi", + "version": "1.11.1", + "cpe": "cpe:2.3:a:ruby-lang:ffi:1.11.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/ffi@1.11.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:ffi:1.11.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:ffi:1.11.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ffi:ffi:1.11.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:ffi:1.11.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/foreman@0.86.0?package-id=25f8aaff8856a9f", + "name": "foreman", + "version": "0.86.0", + "cpe": "cpe:2.3:a:ruby-lang:foreman:0.86.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/foreman@0.86.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:foreman:0.86.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:foreman:foreman:0.86.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:foreman:0.86.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:foreman:0.86.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/formatador@0.2.5?package-id=eb4340fbde779455", + "name": "formatador", + "version": "0.2.5", + "cpe": "cpe:2.3:a:formatador:formatador:0.2.5:*:*:*:*:*:*:*", + "purl": "pkg:gem/formatador@0.2.5", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:formatador:0.2.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:formatador:0.2.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:formatador:0.2.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:formatador:0.2.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/gherkin@5.1.0?package-id=655c7831a81f05d1", + "name": "gherkin", + "version": "5.1.0", + "cpe": "cpe:2.3:a:ruby-lang:gherkin:5.1.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/gherkin@5.1.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:gherkin:5.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:gherkin:gherkin:5.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:gherkin:5.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:gherkin:5.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/globalid@0.4.2?package-id=7f273c622b71a1c0", + "name": "globalid", + "version": "0.4.2", + "cpe": "cpe:2.3:a:ruby-lang:globalid:0.4.2:*:*:*:*:*:*:*", + "purl": "pkg:gem/globalid@0.4.2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:globalid:0.4.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:globalid:globalid:0.4.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:globalid:0.4.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:globalid:0.4.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/guard@2.16.1?package-id=c5b8a5a81567cf6e", + "name": "guard", + "version": "2.16.1", + "cpe": "cpe:2.3:a:ruby-lang:guard:2.16.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/guard@2.16.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:guard:2.16.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard:guard:2.16.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:guard:2.16.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:guard:2.16.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/guard-compat@1.2.1?package-id=c6b1b3b24fc70936", + "name": "guard-compat", + "version": "1.2.1", + "cpe": "cpe:2.3:a:guard-compat:guard-compat:1.2.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/guard-compat@1.2.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard-compat:guard_compat:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard_compat:guard-compat:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard_compat:guard_compat:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:guard-compat:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:guard_compat:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:guard-compat:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:guard_compat:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard:guard-compat:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard:guard_compat:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:guard-compat:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:guard_compat:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:guard-compat:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:guard_compat:1.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/guard-livereload@2.5.2?package-id=5b7f8e25372555c8", + "name": "guard-livereload", + "version": "2.5.2", + "cpe": "cpe:2.3:a:guard-livereload:guard-livereload:2.5.2:*:*:*:*:*:*:*", + "purl": "pkg:gem/guard-livereload@2.5.2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard-livereload:guard_livereload:2.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard_livereload:guard-livereload:2.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard_livereload:guard_livereload:2.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:guard-livereload:2.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:guard_livereload:2.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:guard-livereload:2.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:guard_livereload:2.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard:guard-livereload:2.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard:guard_livereload:2.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:guard-livereload:2.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:guard_livereload:2.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:guard-livereload:2.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:guard_livereload:2.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/guard-rspec@4.7.3?package-id=bcf9f2808aeb14d5", + "name": "guard-rspec", + "version": "4.7.3", + "cpe": "cpe:2.3:a:guard-rspec:guard-rspec:4.7.3:*:*:*:*:*:*:*", + "purl": "pkg:gem/guard-rspec@4.7.3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard-rspec:guard_rspec:4.7.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard_rspec:guard-rspec:4.7.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard_rspec:guard_rspec:4.7.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:guard-rspec:4.7.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:guard_rspec:4.7.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:guard-rspec:4.7.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:guard_rspec:4.7.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard:guard-rspec:4.7.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard:guard_rspec:4.7.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:guard-rspec:4.7.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:guard_rspec:4.7.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:guard-rspec:4.7.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:guard_rspec:4.7.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/guard-shell@0.7.1?package-id=858f428e435dd2e", + "name": "guard-shell", + "version": "0.7.1", + "cpe": "cpe:2.3:a:guard-shell:guard-shell:0.7.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/guard-shell@0.7.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard-shell:guard_shell:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard_shell:guard-shell:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard_shell:guard_shell:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:guard-shell:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:guard_shell:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:guard-shell:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:guard_shell:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard:guard-shell:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:guard:guard_shell:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:guard-shell:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:guard_shell:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:guard-shell:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:guard_shell:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/http_parser.rb@0.6.0?package-id=a5060285a1de9bcc", + "name": "http_parser.rb", + "version": "0.6.0", + "cpe": "cpe:2.3:a:http-parser.rb:http-parser.rb:0.6.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/http_parser.rb@0.6.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http-parser.rb:http_parser.rb:0.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http_parser.rb:http-parser.rb:0.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http_parser.rb:http_parser.rb:0.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:http-parser.rb:0.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:http_parser.rb:0.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:http-parser.rb:0.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:http_parser.rb:0.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http:http-parser.rb:0.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:http:http_parser.rb:0.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:http-parser.rb:0.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:http_parser.rb:0.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:http-parser.rb:0.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:http_parser.rb:0.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/i18n@1.7.0?package-id=5f4d4c8d278abd1f", + "name": "i18n", + "version": "1.7.0", + "cpe": "cpe:2.3:a:ruby-lang:i18n:1.7.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/i18n@1.7.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:i18n:1.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:i18n:i18n:1.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:i18n:1.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:i18n:1.7.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/jaro_winkler@1.5.4?package-id=4d45dc5c75666ffc", + "name": "jaro_winkler", + "version": "1.5.4", + "cpe": "cpe:2.3:a:jaro-winkler:jaro-winkler:1.5.4:*:*:*:*:*:*:*", + "purl": "pkg:gem/jaro_winkler@1.5.4", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:jaro-winkler:jaro_winkler:1.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:jaro_winkler:jaro-winkler:1.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:jaro_winkler:jaro_winkler:1.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:jaro-winkler:1.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:jaro_winkler:1.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:jaro-winkler:1.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:jaro_winkler:1.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:jaro:jaro-winkler:1.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:jaro:jaro_winkler:1.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:jaro-winkler:1.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:jaro_winkler:1.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:jaro-winkler:1.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:jaro_winkler:1.5.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/jquery-fileupload-rails@1.0.0?package-id=e37e6ab28b808767", + "name": "jquery-fileupload-rails", + "version": "1.0.0", + "cpe": "cpe:2.3:a:jquery-fileupload-rails:jquery-fileupload-rails:1.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/jquery-fileupload-rails@1.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:jquery-fileupload-rails:jquery_fileupload_rails:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:jquery_fileupload_rails:jquery-fileupload-rails:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:jquery_fileupload_rails:jquery_fileupload_rails:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:jquery-fileupload:jquery-fileupload-rails:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:jquery-fileupload:jquery_fileupload_rails:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:jquery_fileupload:jquery-fileupload-rails:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:jquery_fileupload:jquery_fileupload_rails:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:jquery-fileupload-rails:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:jquery_fileupload_rails:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:jquery-fileupload-rails:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:jquery_fileupload_rails:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:jquery:jquery-fileupload-rails:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:jquery:jquery_fileupload_rails:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:jquery-fileupload-rails:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:jquery_fileupload_rails:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:jquery-fileupload-rails:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:jquery_fileupload_rails:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/jquery-rails@4.3.5?package-id=ae04515574bd8367", + "name": "jquery-rails", + "version": "4.3.5", + "cpe": "cpe:2.3:a:jquery-rails:jquery-rails:4.3.5:*:*:*:*:*:*:*", + "purl": "pkg:gem/jquery-rails@4.3.5", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:jquery-rails:jquery_rails:4.3.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:jquery_rails:jquery-rails:4.3.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:jquery_rails:jquery_rails:4.3.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:jquery-rails:4.3.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:jquery_rails:4.3.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:jquery-rails:4.3.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:jquery_rails:4.3.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:jquery:jquery-rails:4.3.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:jquery:jquery_rails:4.3.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:jquery-rails:4.3.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:jquery_rails:4.3.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:jquery-rails:4.3.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:jquery_rails:4.3.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/json@2.3.1?package-id=a5f5185f4511ebe4", + "name": "json", + "version": "2.3.1", + "cpe": "cpe:2.3:a:ruby-lang:json:2.3.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/json@2.3.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:json:2.3.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:json:json:2.3.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:json:2.3.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:json:2.3.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/kgio@2.11.2?package-id=722659219e5f9567", + "name": "kgio", + "version": "2.11.2", + "cpe": "cpe:2.3:a:ruby-lang:kgio:2.11.2:*:*:*:*:*:*:*", + "purl": "pkg:gem/kgio@2.11.2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:kgio:2.11.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:kgio:kgio:2.11.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:kgio:2.11.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:kgio:2.11.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/launchy@2.4.3?package-id=57c135be6f621598", + "name": "launchy", + "version": "2.4.3", + "cpe": "cpe:2.3:a:ruby-lang:launchy:2.4.3:*:*:*:*:*:*:*", + "purl": "pkg:gem/launchy@2.4.3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:launchy:2.4.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:launchy:launchy:2.4.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:launchy:2.4.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:launchy:2.4.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/libv8@3.16.14.19?package-id=b55b549cf4ef441b", + "name": "libv8", + "version": "3.16.14.19", + "cpe": "cpe:2.3:a:ruby-lang:libv8:3.16.14.19:*:*:*:*:*:*:*", + "purl": "pkg:gem/libv8@3.16.14.19", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:libv8:3.16.14.19:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:libv8:libv8:3.16.14.19:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:libv8:3.16.14.19:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:libv8:3.16.14.19:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/listen@3.2.0?package-id=6588d4703956d448", + "name": "listen", + "version": "3.2.0", + "cpe": "cpe:2.3:a:ruby-lang:listen:3.2.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/listen@3.2.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:listen:3.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:listen:listen:3.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:listen:3.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:listen:3.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/loofah@2.3.1?package-id=46601baf6e48116d", + "name": "loofah", + "version": "2.3.1", + "cpe": "cpe:2.3:a:ruby-lang:loofah:2.3.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/loofah@2.3.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:loofah:2.3.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:loofah:loofah:2.3.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:loofah:2.3.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:loofah:2.3.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/lumberjack@1.0.13?package-id=13c9bb00ebca00a6", + "name": "lumberjack", + "version": "1.0.13", + "cpe": "cpe:2.3:a:lumberjack:lumberjack:1.0.13:*:*:*:*:*:*:*", + "purl": "pkg:gem/lumberjack@1.0.13", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:lumberjack:1.0.13:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:lumberjack:1.0.13:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:lumberjack:1.0.13:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:lumberjack:1.0.13:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/mail@2.7.1?package-id=a87e15c7be02655c", + "name": "mail", + "version": "2.7.1", + "cpe": "cpe:2.3:a:ruby-lang:mail:2.7.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/mail@2.7.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:mail:2.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mail:mail:2.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:mail:2.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:mail:2.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/marcel@0.3.3?package-id=ac84e9c43ad46546", + "name": "marcel", + "version": "0.3.3", + "cpe": "cpe:2.3:a:ruby-lang:marcel:0.3.3:*:*:*:*:*:*:*", + "purl": "pkg:gem/marcel@0.3.3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:marcel:0.3.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:marcel:marcel:0.3.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:marcel:0.3.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:marcel:0.3.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/method_source@0.9.2?package-id=44147ad97b252659", + "name": "method_source", + "version": "0.9.2", + "cpe": "cpe:2.3:a:method-source:method-source:0.9.2:*:*:*:*:*:*:*", + "purl": "pkg:gem/method_source@0.9.2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:method-source:method_source:0.9.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:method_source:method-source:0.9.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:method_source:method_source:0.9.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:method-source:0.9.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:method_source:0.9.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:method-source:0.9.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:method_source:0.9.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:method:method-source:0.9.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:method:method_source:0.9.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:method-source:0.9.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:method_source:0.9.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:method-source:0.9.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:method_source:0.9.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/mimemagic@0.3.9?package-id=da6fe103bf3d6fe6", + "name": "mimemagic", + "version": "0.3.9", + "cpe": "cpe:2.3:a:mimemagic:mimemagic:0.3.9:*:*:*:*:*:*:*", + "purl": "pkg:gem/mimemagic@0.3.9", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:mimemagic:0.3.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:mimemagic:0.3.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:mimemagic:0.3.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:mimemagic:0.3.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/mini_mime@1.0.2?package-id=d52fd0c32f2e2fb2", + "name": "mini_mime", + "version": "1.0.2", + "cpe": "cpe:2.3:a:mini-mime:mini-mime:1.0.2:*:*:*:*:*:*:*", + "purl": "pkg:gem/mini_mime@1.0.2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mini-mime:mini_mime:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mini_mime:mini-mime:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mini_mime:mini_mime:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:mini-mime:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:mini_mime:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:mini-mime:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:mini_mime:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mini:mini-mime:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mini:mini_mime:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:mini-mime:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:mini_mime:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:mini-mime:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:mini_mime:1.0.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/mini_portile2@2.4.0?package-id=21b0a2fc300f1a71", + "name": "mini_portile2", + "version": "2.4.0", + "cpe": "cpe:2.3:a:mini-portile2:mini-portile2:2.4.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/mini_portile2@2.4.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mini-portile2:mini_portile2:2.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mini_portile2:mini-portile2:2.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mini_portile2:mini_portile2:2.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:mini-portile2:2.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:mini_portile2:2.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:mini-portile2:2.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:mini_portile2:2.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mini:mini-portile2:2.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mini:mini_portile2:2.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:mini-portile2:2.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:mini_portile2:2.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:mini-portile2:2.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:mini_portile2:2.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/minitest@5.13.0?package-id=ac8a36b998ddd22e", + "name": "minitest", + "version": "5.13.0", + "cpe": "cpe:2.3:a:ruby-lang:minitest:5.13.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/minitest@5.13.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:minitest:5.13.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:minitest:minitest:5.13.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:minitest:5.13.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:minitest:5.13.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/multi_json@1.14.1?package-id=553858c0ebe55b2e", + "name": "multi_json", + "version": "1.14.1", + "cpe": "cpe:2.3:a:multi-json:multi-json:1.14.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/multi_json@1.14.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:multi-json:multi_json:1.14.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:multi_json:multi-json:1.14.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:multi_json:multi_json:1.14.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:multi-json:1.14.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:multi_json:1.14.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:multi-json:1.14.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:multi_json:1.14.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:multi:multi-json:1.14.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:multi:multi_json:1.14.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:multi-json:1.14.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:multi_json:1.14.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:multi-json:1.14.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:multi_json:1.14.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/multi_test@0.1.2?package-id=1a66888a268fb65a", + "name": "multi_test", + "version": "0.1.2", + "cpe": "cpe:2.3:a:multi-test:multi-test:0.1.2:*:*:*:*:*:*:*", + "purl": "pkg:gem/multi_test@0.1.2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:multi-test:multi_test:0.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:multi_test:multi-test:0.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:multi_test:multi_test:0.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:multi-test:0.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:multi_test:0.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:multi-test:0.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:multi_test:0.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:multi:multi-test:0.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:multi:multi_test:0.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:multi-test:0.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:multi_test:0.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:multi-test:0.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:multi_test:0.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/mysql2@0.5.2?package-id=37fbc60885227d75", + "name": "mysql2", + "version": "0.5.2", + "cpe": "cpe:2.3:a:ruby-lang:mysql2:0.5.2:*:*:*:*:*:*:*", + "purl": "pkg:gem/mysql2@0.5.2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:mysql2:0.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:mysql2:mysql2:0.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:mysql2:0.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:mysql2:0.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/nenv@0.3.0?package-id=5bddf83fe625e4b0", + "name": "nenv", + "version": "0.3.0", + "cpe": "cpe:2.3:a:ruby-lang:nenv:0.3.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/nenv@0.3.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:nenv:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:nenv:nenv:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:nenv:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:nenv:0.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/nio4r@2.5.2?package-id=bbee6fef718e0a69", + "name": "nio4r", + "version": "2.5.2", + "cpe": "cpe:2.3:a:ruby-lang:nio4r:2.5.2:*:*:*:*:*:*:*", + "purl": "pkg:gem/nio4r@2.5.2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:nio4r:2.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:nio4r:nio4r:2.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:nio4r:2.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:nio4r:2.5.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/nokogiri@1.10.10?package-id=e9ae1622e6aa2cdc", + "name": "nokogiri", + "version": "1.10.10", + "cpe": "cpe:2.3:a:ruby-lang:nokogiri:1.10.10:*:*:*:*:*:*:*", + "purl": "pkg:gem/nokogiri@1.10.10", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:nokogiri:1.10.10:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:nokogiri:nokogiri:1.10.10:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:nokogiri:1.10.10:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:nokogiri:1.10.10:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/notiffany@0.1.3?package-id=9d8b0363ff8dccfa", + "name": "notiffany", + "version": "0.1.3", + "cpe": "cpe:2.3:a:notiffany:notiffany:0.1.3:*:*:*:*:*:*:*", + "purl": "pkg:gem/notiffany@0.1.3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:notiffany:0.1.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:notiffany:0.1.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:notiffany:0.1.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:notiffany:0.1.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/parallel@1.18.0?package-id=11519dec6ff4406d", + "name": "parallel", + "version": "1.18.0", + "cpe": "cpe:2.3:a:ruby-lang:parallel:1.18.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/parallel@1.18.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:parallel:1.18.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:parallel:parallel:1.18.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:parallel:1.18.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:parallel:1.18.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/parser@2.6.5.0?package-id=ff271e847238d36a", + "name": "parser", + "version": "2.6.5.0", + "cpe": "cpe:2.3:a:ruby-lang:parser:2.6.5.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/parser@2.6.5.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:parser:2.6.5.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:parser:parser:2.6.5.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:parser:2.6.5.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:parser:2.6.5.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/pg@1.2.3?package-id=dc7914c5821dceaf", + "name": "pg", + "version": "1.2.3", + "cpe": "cpe:2.3:a:ruby-lang:pg:1.2.3:*:*:*:*:*:*:*", + "purl": "pkg:gem/pg@1.2.3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:pg:1.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:pg:1.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pg:pg:1.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:pg:1.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/poltergeist@1.18.1?package-id=45754f73d339cdfd", + "name": "poltergeist", + "version": "1.18.1", + "cpe": "cpe:2.3:a:poltergeist:poltergeist:1.18.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/poltergeist@1.18.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:poltergeist:1.18.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:poltergeist:1.18.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:poltergeist:1.18.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:poltergeist:1.18.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/powder@0.4.0?package-id=abb8659f4a161ba4", + "name": "powder", + "version": "0.4.0", + "cpe": "cpe:2.3:a:ruby-lang:powder:0.4.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/powder@0.4.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:powder:0.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:powder:powder:0.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:powder:0.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:powder:0.4.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/power_assert@1.1.5?package-id=77c862e9bf5011a0", + "name": "power_assert", + "version": "1.1.5", + "cpe": "cpe:2.3:a:power-assert:power-assert:1.1.5:*:*:*:*:*:*:*", + "purl": "pkg:gem/power_assert@1.1.5", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:power-assert:power_assert:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:power_assert:power-assert:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:power_assert:power_assert:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:power-assert:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:power_assert:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:power-assert:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:power_assert:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:power:power-assert:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:power:power_assert:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:power-assert:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:power_assert:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:power-assert:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:power_assert:1.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/pry@0.12.2?package-id=235fe47e067f00c6", + "name": "pry", + "version": "0.12.2", + "cpe": "cpe:2.3:a:ruby-lang:pry:0.12.2:*:*:*:*:*:*:*", + "purl": "pkg:gem/pry@0.12.2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:pry:0.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:pry:0.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pry:pry:0.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:pry:0.12.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/pry-rails@0.3.9?package-id=493a4b3f7849e0b4", + "name": "pry-rails", + "version": "0.3.9", + "cpe": "cpe:2.3:a:pry-rails:pry-rails:0.3.9:*:*:*:*:*:*:*", + "purl": "pkg:gem/pry-rails@0.3.9", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pry-rails:pry_rails:0.3.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pry_rails:pry-rails:0.3.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pry_rails:pry_rails:0.3.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:pry-rails:0.3.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:pry_rails:0.3.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:pry-rails:0.3.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:pry_rails:0.3.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:pry-rails:0.3.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:pry_rails:0.3.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pry:pry-rails:0.3.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:pry:pry_rails:0.3.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:pry-rails:0.3.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:pry_rails:0.3.9:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/public_suffix@4.0.1?package-id=2ca28a5fbcb644df", + "name": "public_suffix", + "version": "4.0.1", + "cpe": "cpe:2.3:a:public-suffix:public-suffix:4.0.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/public_suffix@4.0.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:public-suffix:public_suffix:4.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:public_suffix:public-suffix:4.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:public_suffix:public_suffix:4.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:public-suffix:4.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:public_suffix:4.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:public-suffix:4.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:public_suffix:4.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:public:public-suffix:4.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:public:public_suffix:4.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:public-suffix:4.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:public_suffix:4.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:public-suffix:4.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:public_suffix:4.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/puma@4.3.5?package-id=be84aebd22402f67", + "name": "puma", + "version": "4.3.5", + "cpe": "cpe:2.3:a:ruby-lang:puma:4.3.5:*:*:*:*:*:*:*", + "purl": "pkg:gem/puma@4.3.5", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:puma:4.3.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:puma:puma:4.3.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:puma:4.3.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:puma:4.3.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/rack@2.2.3?package-id=b91bf0da1f42df46", + "name": "rack", + "version": "2.2.3", + "cpe": "cpe:2.3:a:ruby-lang:rack:2.2.3:*:*:*:*:*:*:*", + "purl": "pkg:gem/rack@2.2.3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rack:2.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rack:rack:2.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rack:2.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rack:2.2.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/rack-livereload@0.3.17?package-id=e8be45a846a7d2e8", + "name": "rack-livereload", + "version": "0.3.17", + "cpe": "cpe:2.3:a:rack-livereload:rack-livereload:0.3.17:*:*:*:*:*:*:*", + "purl": "pkg:gem/rack-livereload@0.3.17", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rack-livereload:rack_livereload:0.3.17:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rack_livereload:rack-livereload:0.3.17:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rack_livereload:rack_livereload:0.3.17:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rack-livereload:0.3.17:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rack_livereload:0.3.17:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rack-livereload:0.3.17:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rack_livereload:0.3.17:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rack:rack-livereload:0.3.17:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rack:rack_livereload:0.3.17:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rack-livereload:0.3.17:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rack_livereload:0.3.17:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rack-livereload:0.3.17:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rack_livereload:0.3.17:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/rack-test@1.1.0?package-id=77ae7289349347dd", + "name": "rack-test", + "version": "1.1.0", + "cpe": "cpe:2.3:a:rack-test:rack-test:1.1.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/rack-test@1.1.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rack-test:rack_test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rack_test:rack-test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rack_test:rack_test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rack-test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rack_test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rack-test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rack_test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rack:rack-test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rack:rack_test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rack-test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rack_test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rack-test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rack_test:1.1.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/rails@6.0.0?package-id=74a0b8f965300d43", + "name": "rails", + "version": "6.0.0", + "cpe": "cpe:2.3:a:ruby-lang:rails:6.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/rails@6.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rails:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails:rails:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rails:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rails:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/rails-dom-testing@2.0.3?package-id=ce8b938d3fca9ace", + "name": "rails-dom-testing", + "version": "2.0.3", + "cpe": "cpe:2.3:a:rails-dom-testing:rails-dom-testing:2.0.3:*:*:*:*:*:*:*", + "purl": "pkg:gem/rails-dom-testing@2.0.3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails-dom-testing:rails_dom_testing:2.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails_dom_testing:rails-dom-testing:2.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails_dom_testing:rails_dom_testing:2.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails-dom:rails-dom-testing:2.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails-dom:rails_dom_testing:2.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails_dom:rails-dom-testing:2.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails_dom:rails_dom_testing:2.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rails-dom-testing:2.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rails_dom_testing:2.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rails-dom-testing:2.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rails_dom_testing:2.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails:rails-dom-testing:2.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails:rails_dom_testing:2.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rails-dom-testing:2.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rails_dom_testing:2.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rails-dom-testing:2.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rails_dom_testing:2.0.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/rails-html-sanitizer@1.3.0?package-id=c9093dcc14fe4896", + "name": "rails-html-sanitizer", + "version": "1.3.0", + "cpe": "cpe:2.3:a:rails-html-sanitizer:rails-html-sanitizer:1.3.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/rails-html-sanitizer@1.3.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails-html-sanitizer:rails_html_sanitizer:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails_html_sanitizer:rails-html-sanitizer:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails_html_sanitizer:rails_html_sanitizer:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails-html:rails-html-sanitizer:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails-html:rails_html_sanitizer:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails_html:rails-html-sanitizer:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails_html:rails_html_sanitizer:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rails-html-sanitizer:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rails_html_sanitizer:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rails-html-sanitizer:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rails_html_sanitizer:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails:rails-html-sanitizer:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails:rails_html_sanitizer:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rails-html-sanitizer:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rails_html_sanitizer:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rails-html-sanitizer:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rails_html_sanitizer:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/rails-perftest@0.0.7?package-id=8d2ef25d47596549", + "name": "rails-perftest", + "version": "0.0.7", + "cpe": "cpe:2.3:a:rails-perftest:rails-perftest:0.0.7:*:*:*:*:*:*:*", + "purl": "pkg:gem/rails-perftest@0.0.7", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails-perftest:rails_perftest:0.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails_perftest:rails-perftest:0.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails_perftest:rails_perftest:0.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rails-perftest:0.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rails_perftest:0.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rails-perftest:0.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rails_perftest:0.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails:rails-perftest:0.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rails:rails_perftest:0.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rails-perftest:0.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rails_perftest:0.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rails-perftest:0.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rails_perftest:0.0.7:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/railties@6.0.0?package-id=ed1caf33caaeb507", + "name": "railties", + "version": "6.0.0", + "cpe": "cpe:2.3:a:ruby-lang:railties:6.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/railties@6.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:railties:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:railties:railties:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:railties:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:railties:6.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/rainbow@3.0.0?package-id=9ca6c16d5d13f866", + "name": "rainbow", + "version": "3.0.0", + "cpe": "cpe:2.3:a:ruby-lang:rainbow:3.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/rainbow@3.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rainbow:3.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rainbow:rainbow:3.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rainbow:3.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rainbow:3.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/raindrops@0.19.0?package-id=47d8f8324d6da11f", + "name": "raindrops", + "version": "0.19.0", + "cpe": "cpe:2.3:a:raindrops:raindrops:0.19.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/raindrops@0.19.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:raindrops:0.19.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:raindrops:0.19.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:raindrops:0.19.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:raindrops:0.19.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/rake@13.0.0?package-id=da49de69ddcf2db6", + "name": "rake", + "version": "13.0.0", + "cpe": "cpe:2.3:a:ruby-lang:rake:13.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/rake@13.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rake:13.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rake:rake:13.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rake:13.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rake:13.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/rb-fsevent@0.10.3?package-id=ee714793282b087b", + "name": "rb-fsevent", + "version": "0.10.3", + "cpe": "cpe:2.3:a:rb-fsevent:rb-fsevent:0.10.3:*:*:*:*:*:*:*", + "purl": "pkg:gem/rb-fsevent@0.10.3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rb-fsevent:rb_fsevent:0.10.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rb_fsevent:rb-fsevent:0.10.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rb_fsevent:rb_fsevent:0.10.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rb-fsevent:0.10.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rb_fsevent:0.10.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rb-fsevent:0.10.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rb_fsevent:0.10.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rb-fsevent:0.10.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rb_fsevent:0.10.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rb:rb-fsevent:0.10.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rb:rb_fsevent:0.10.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rb-fsevent:0.10.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rb_fsevent:0.10.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/rb-inotify@0.10.0?package-id=37d9e7b55b262a1", + "name": "rb-inotify", + "version": "0.10.0", + "cpe": "cpe:2.3:a:rb-inotify:rb-inotify:0.10.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/rb-inotify@0.10.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rb-inotify:rb_inotify:0.10.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rb_inotify:rb-inotify:0.10.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rb_inotify:rb_inotify:0.10.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rb-inotify:0.10.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rb_inotify:0.10.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rb-inotify:0.10.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rb_inotify:0.10.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rb-inotify:0.10.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rb_inotify:0.10.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rb:rb-inotify:0.10.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rb:rb_inotify:0.10.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rb-inotify:0.10.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rb_inotify:0.10.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/ref@2.0.0?package-id=92754cd5758138f8", + "name": "ref", + "version": "2.0.0", + "cpe": "cpe:2.3:a:ruby-lang:ref:2.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/ref@2.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:ref:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:ref:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ref:ref:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:ref:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/regexp_parser@1.6.0?package-id=9b1dedcaf2ea7839", + "name": "regexp_parser", + "version": "1.6.0", + "cpe": "cpe:2.3:a:regexp-parser:regexp-parser:1.6.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/regexp_parser@1.6.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:regexp-parser:regexp_parser:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:regexp_parser:regexp-parser:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:regexp_parser:regexp_parser:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:regexp-parser:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:regexp_parser:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:regexp-parser:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:regexp_parser:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:regexp:regexp-parser:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:regexp:regexp_parser:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:regexp-parser:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:regexp_parser:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:regexp-parser:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:regexp_parser:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/responders@3.0.0?package-id=715851cbd668e3bf", + "name": "responders", + "version": "3.0.0", + "cpe": "cpe:2.3:a:responders:responders:3.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/responders@3.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:responders:3.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:responders:3.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:responders:3.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:responders:3.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/rspec@3.9.0?package-id=3f4749e56b5bc810", + "name": "rspec", + "version": "3.9.0", + "cpe": "cpe:2.3:a:ruby-lang:rspec:3.9.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/rspec@3.9.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rspec:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec:rspec:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rspec:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rspec:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/rspec-core@3.9.0?package-id=acf4387141f2f665", + "name": "rspec-core", + "version": "3.9.0", + "cpe": "cpe:2.3:a:rspec-core:rspec-core:3.9.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/rspec-core@3.9.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec-core:rspec_core:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec_core:rspec-core:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec_core:rspec_core:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rspec-core:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rspec_core:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rspec-core:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rspec_core:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec:rspec-core:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec:rspec_core:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rspec-core:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rspec_core:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rspec-core:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rspec_core:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/rspec-expectations@3.9.0?package-id=828112666799e255", + "name": "rspec-expectations", + "version": "3.9.0", + "cpe": "cpe:2.3:a:rspec-expectations:rspec-expectations:3.9.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/rspec-expectations@3.9.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec-expectations:rspec_expectations:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec_expectations:rspec-expectations:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec_expectations:rspec_expectations:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rspec-expectations:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rspec_expectations:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rspec-expectations:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rspec_expectations:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec:rspec-expectations:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec:rspec_expectations:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rspec-expectations:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rspec_expectations:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rspec-expectations:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rspec_expectations:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/rspec-mocks@3.9.0?package-id=fdf44de3d88d43da", + "name": "rspec-mocks", + "version": "3.9.0", + "cpe": "cpe:2.3:a:rspec-mocks:rspec-mocks:3.9.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/rspec-mocks@3.9.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec-mocks:rspec_mocks:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec_mocks:rspec-mocks:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec_mocks:rspec_mocks:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rspec-mocks:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rspec_mocks:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rspec-mocks:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rspec_mocks:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec:rspec-mocks:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec:rspec_mocks:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rspec-mocks:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rspec_mocks:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rspec-mocks:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rspec_mocks:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/rspec-rails@4.0.0.beta3?package-id=98f26b6f779470f3", + "name": "rspec-rails", + "version": "4.0.0.beta3", + "cpe": "cpe:2.3:a:rspec-rails:rspec-rails:4.0.0.beta3:*:*:*:*:*:*:*", + "purl": "pkg:gem/rspec-rails@4.0.0.beta3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec-rails:rspec_rails:4.0.0.beta3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec_rails:rspec-rails:4.0.0.beta3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec_rails:rspec_rails:4.0.0.beta3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rspec-rails:4.0.0.beta3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rspec_rails:4.0.0.beta3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rspec-rails:4.0.0.beta3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rspec_rails:4.0.0.beta3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec:rspec-rails:4.0.0.beta3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec:rspec_rails:4.0.0.beta3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rspec-rails:4.0.0.beta3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rspec_rails:4.0.0.beta3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rspec-rails:4.0.0.beta3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rspec_rails:4.0.0.beta3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/rspec-support@3.9.0?package-id=eb96dcc50331b375", + "name": "rspec-support", + "version": "3.9.0", + "cpe": "cpe:2.3:a:rspec-support:rspec-support:3.9.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/rspec-support@3.9.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec-support:rspec_support:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec_support:rspec-support:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec_support:rspec_support:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rspec-support:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rspec_support:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rspec-support:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rspec_support:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec:rspec-support:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rspec:rspec_support:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rspec-support:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rspec_support:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rspec-support:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rspec_support:3.9.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/rubocop@0.76.0?package-id=24153313c136863", + "name": "rubocop", + "version": "0.76.0", + "cpe": "cpe:2.3:a:ruby-lang:rubocop:0.76.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/rubocop@0.76.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rubocop:0.76.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rubocop:rubocop:0.76.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rubocop:0.76.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rubocop:0.76.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/rubocop-github@0.13.0?package-id=98f37b585a5df84f", + "name": "rubocop-github", + "version": "0.13.0", + "cpe": "cpe:2.3:a:rubocop-github:rubocop-github:0.13.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/rubocop-github@0.13.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rubocop-github:rubocop_github:0.13.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rubocop_github:rubocop-github:0.13.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rubocop_github:rubocop_github:0.13.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rubocop-github:0.13.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rubocop_github:0.13.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rubocop-github:0.13.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rubocop_github:0.13.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rubocop:rubocop-github:0.13.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rubocop:rubocop_github:0.13.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rubocop-github:0.13.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rubocop_github:0.13.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rubocop-github:0.13.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rubocop_github:0.13.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/rubocop-performance@1.3.0?package-id=2161f59b1495c396", + "name": "rubocop-performance", + "version": "1.3.0", + "cpe": "cpe:2.3:a:rubocop-performance:rubocop-performance:1.3.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/rubocop-performance@1.3.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rubocop-performance:rubocop_performance:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rubocop_performance:rubocop-performance:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rubocop_performance:rubocop_performance:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rubocop-performance:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:rubocop_performance:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rubocop-performance:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:rubocop_performance:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rubocop:rubocop-performance:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:rubocop:rubocop_performance:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rubocop-performance:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:rubocop_performance:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rubocop-performance:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:rubocop_performance:1.3.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/ruby-prof@1.0.0?package-id=170e4a46d5327610", + "name": "ruby-prof", + "version": "1.0.0", + "cpe": "cpe:2.3:a:ruby-lang:ruby-prof:1.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/ruby-prof@1.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:ruby_prof:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-prof:ruby-prof:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-prof:ruby_prof:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:ruby-prof:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:ruby_prof:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_prof:ruby-prof:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_prof:ruby_prof:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:ruby-prof:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:ruby_prof:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:ruby-prof:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:ruby_prof:1.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/ruby-progressbar@1.10.1?package-id=de860ec4e2ccff44", + "name": "ruby-progressbar", + "version": "1.10.1", + "cpe": "cpe:2.3:a:ruby-progressbar:ruby-progressbar:1.10.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/ruby-progressbar@1.10.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-progressbar:ruby_progressbar:1.10.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_progressbar:ruby-progressbar:1.10.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_progressbar:ruby_progressbar:1.10.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:ruby-progressbar:1.10.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:ruby_progressbar:1.10.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:ruby-progressbar:1.10.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:ruby_progressbar:1.10.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:ruby-progressbar:1.10.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:ruby_progressbar:1.10.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:ruby-progressbar:1.10.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:ruby_progressbar:1.10.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/sassc@2.2.1?package-id=af2d06e2815d3a2a", + "name": "sassc", + "version": "2.2.1", + "cpe": "cpe:2.3:a:ruby-lang:sassc:2.2.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/sassc@2.2.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:sassc:2.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:sassc:sassc:2.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:sassc:2.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:sassc:2.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/sassc-rails@2.1.2?package-id=f15880164cd67125", + "name": "sassc-rails", + "version": "2.1.2", + "cpe": "cpe:2.3:a:sassc-rails:sassc-rails:2.1.2:*:*:*:*:*:*:*", + "purl": "pkg:gem/sassc-rails@2.1.2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:sassc-rails:sassc_rails:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:sassc_rails:sassc-rails:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:sassc_rails:sassc_rails:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:sassc-rails:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:sassc_rails:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:sassc-rails:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:sassc_rails:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:sassc:sassc-rails:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:sassc:sassc_rails:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:sassc-rails:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:sassc_rails:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:sassc-rails:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:sassc_rails:2.1.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/shellany@0.0.1?package-id=1bb2b6fb071d42ba", + "name": "shellany", + "version": "0.0.1", + "cpe": "cpe:2.3:a:ruby-lang:shellany:0.0.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/shellany@0.0.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:shellany:0.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:shellany:shellany:0.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:shellany:0.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:shellany:0.0.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/simplecov@0.17.1?package-id=d5131cfc0a033bb4", + "name": "simplecov", + "version": "0.17.1", + "cpe": "cpe:2.3:a:ruby-lang:simplecov:0.17.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/simplecov@0.17.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:simplecov:0.17.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:simplecov:simplecov:0.17.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:simplecov:0.17.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:simplecov:0.17.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/simplecov-html@0.10.2?package-id=8f8bc6167604ba8b", + "name": "simplecov-html", + "version": "0.10.2", + "cpe": "cpe:2.3:a:simplecov-html:simplecov-html:0.10.2:*:*:*:*:*:*:*", + "purl": "pkg:gem/simplecov-html@0.10.2", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:simplecov-html:simplecov_html:0.10.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:simplecov_html:simplecov-html:0.10.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:simplecov_html:simplecov_html:0.10.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:simplecov-html:0.10.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:simplecov_html:0.10.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:simplecov-html:0.10.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:simplecov_html:0.10.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:simplecov:simplecov-html:0.10.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:simplecov:simplecov_html:0.10.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:simplecov-html:0.10.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:simplecov_html:0.10.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:simplecov-html:0.10.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:simplecov_html:0.10.2:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/sprockets@4.0.0?package-id=95924e7879eefca5", + "name": "sprockets", + "version": "4.0.0", + "cpe": "cpe:2.3:a:ruby-lang:sprockets:4.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/sprockets@4.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:sprockets:4.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:sprockets:sprockets:4.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:sprockets:4.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:sprockets:4.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/sprockets-rails@3.2.1?package-id=eae248929b7a5f7e", + "name": "sprockets-rails", + "version": "3.2.1", + "cpe": "cpe:2.3:a:sprockets-rails:sprockets-rails:3.2.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/sprockets-rails@3.2.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:sprockets-rails:sprockets_rails:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:sprockets_rails:sprockets-rails:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:sprockets_rails:sprockets_rails:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:sprockets-rails:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:sprockets_rails:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:sprockets-rails:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:sprockets_rails:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:sprockets:sprockets-rails:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:sprockets:sprockets_rails:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:sprockets-rails:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:sprockets_rails:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:sprockets-rails:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:sprockets_rails:3.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/sqlite3@1.4.1?package-id=4fa7e4d586c921b0", + "name": "sqlite3", + "version": "1.4.1", + "cpe": "cpe:2.3:a:ruby-lang:sqlite3:1.4.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/sqlite3@1.4.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:sqlite3:1.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:sqlite3:sqlite3:1.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:sqlite3:1.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:sqlite3:1.4.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/test-unit@3.3.4?package-id=b3274b3811d04d89", + "name": "test-unit", + "version": "3.3.4", + "cpe": "cpe:2.3:a:ruby-lang:test-unit:3.3.4:*:*:*:*:*:*:*", + "purl": "pkg:gem/test-unit@3.3.4", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:test_unit:3.3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:test-unit:3.3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:test_unit:3.3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:test-unit:test-unit:3.3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:test-unit:test_unit:3.3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:test_unit:test-unit:3.3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:test_unit:test_unit:3.3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:test-unit:3.3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:test_unit:3.3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:test:test-unit:3.3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:test:test_unit:3.3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:test-unit:3.3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:test_unit:3.3.4:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/therubyracer@0.12.3?package-id=99fc6a9283fd90d1", + "name": "therubyracer", + "version": "0.12.3", + "cpe": "cpe:2.3:a:therubyracer:therubyracer:0.12.3:*:*:*:*:*:*:*", + "purl": "pkg:gem/therubyracer@0.12.3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:therubyracer:0.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:therubyracer:0.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:therubyracer:0.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:therubyracer:0.12.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/thor@0.20.3?package-id=2142a56c9eb8f491", + "name": "thor", + "version": "0.20.3", + "cpe": "cpe:2.3:a:ruby-lang:thor:0.20.3:*:*:*:*:*:*:*", + "purl": "pkg:gem/thor@0.20.3", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:thor:0.20.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:thor:0.20.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:thor:thor:0.20.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:thor:0.20.3:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/thread_safe@0.3.6?package-id=a16947ef2e12022a", + "name": "thread_safe", + "version": "0.3.6", + "cpe": "cpe:2.3:a:thread-safe:thread-safe:0.3.6:*:*:*:*:*:*:*", + "purl": "pkg:gem/thread_safe@0.3.6", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:thread-safe:thread_safe:0.3.6:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:thread_safe:thread-safe:0.3.6:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:thread_safe:thread_safe:0.3.6:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:thread-safe:0.3.6:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:thread_safe:0.3.6:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:thread-safe:0.3.6:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:thread_safe:0.3.6:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:thread:thread-safe:0.3.6:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:thread:thread_safe:0.3.6:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:thread-safe:0.3.6:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:thread_safe:0.3.6:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:thread-safe:0.3.6:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:thread_safe:0.3.6:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/tilt@2.0.10?package-id=607ae1c3396e4272", + "name": "tilt", + "version": "2.0.10", + "cpe": "cpe:2.3:a:ruby-lang:tilt:2.0.10:*:*:*:*:*:*:*", + "purl": "pkg:gem/tilt@2.0.10", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:tilt:2.0.10:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:tilt:2.0.10:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:tilt:tilt:2.0.10:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:tilt:2.0.10:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/travis-lint@2.0.0?package-id=8be5d364c2b166a5", + "name": "travis-lint", + "version": "2.0.0", + "cpe": "cpe:2.3:a:travis-lint:travis-lint:2.0.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/travis-lint@2.0.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:travis-lint:travis_lint:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:travis_lint:travis-lint:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:travis_lint:travis_lint:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:travis-lint:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:travis_lint:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:travis-lint:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:travis_lint:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:travis:travis-lint:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:travis:travis_lint:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:travis-lint:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:travis_lint:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:travis-lint:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:travis_lint:2.0.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/turbolinks@5.2.1?package-id=b72626c2a7e3071b", + "name": "turbolinks", + "version": "5.2.1", + "cpe": "cpe:2.3:a:turbolinks:turbolinks:5.2.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/turbolinks@5.2.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:turbolinks:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:turbolinks:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:turbolinks:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:turbolinks:5.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/turbolinks-source@5.2.0?package-id=db15fad2aa9077c9", + "name": "turbolinks-source", + "version": "5.2.0", + "cpe": "cpe:2.3:a:turbolinks-source:turbolinks-source:5.2.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/turbolinks-source@5.2.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:turbolinks-source:turbolinks_source:5.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:turbolinks_source:turbolinks-source:5.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:turbolinks_source:turbolinks_source:5.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:turbolinks:turbolinks-source:5.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:turbolinks:turbolinks_source:5.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:turbolinks-source:5.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:turbolinks_source:5.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:turbolinks-source:5.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:turbolinks_source:5.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:turbolinks-source:5.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:turbolinks_source:5.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:turbolinks-source:5.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:turbolinks_source:5.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/tzinfo@1.2.5?package-id=91ca7a11d1d31930", + "name": "tzinfo", + "version": "1.2.5", + "cpe": "cpe:2.3:a:ruby-lang:tzinfo:1.2.5:*:*:*:*:*:*:*", + "purl": "pkg:gem/tzinfo@1.2.5", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:tzinfo:1.2.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:tzinfo:tzinfo:1.2.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:tzinfo:1.2.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:tzinfo:1.2.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/uglifier@4.2.0?package-id=e271f9babb8aadf2", + "name": "uglifier", + "version": "4.2.0", + "cpe": "cpe:2.3:a:ruby-lang:uglifier:4.2.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/uglifier@4.2.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:uglifier:4.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:uglifier:uglifier:4.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:uglifier:4.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:uglifier:4.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/unicode-display_width@1.6.0?package-id=7c8cd20e311e0a10", + "name": "unicode-display_width", + "version": "1.6.0", + "cpe": "cpe:2.3:a:unicode-display-width:unicode-display-width:1.6.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/unicode-display_width@1.6.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:unicode-display-width:unicode-display_width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:unicode-display-width:unicode_display_width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:unicode-display_width:unicode-display-width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:unicode-display_width:unicode-display_width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:unicode-display_width:unicode_display_width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:unicode_display_width:unicode-display-width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:unicode_display_width:unicode-display_width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:unicode_display_width:unicode_display_width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:unicode-display:unicode-display-width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:unicode-display:unicode-display_width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:unicode-display:unicode_display_width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:unicode_display:unicode-display-width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:unicode_display:unicode-display_width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:unicode_display:unicode_display_width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:unicode-display-width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:unicode-display_width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:unicode_display_width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:unicode-display-width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:unicode-display_width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:unicode_display_width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:unicode:unicode-display-width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:unicode:unicode-display_width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:unicode:unicode_display_width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:unicode-display-width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:unicode-display_width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:unicode_display_width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:unicode-display-width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:unicode-display_width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:unicode_display_width:1.6.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/unicorn@5.5.1?package-id=e822c7adb91d9e3c", + "name": "unicorn", + "version": "5.5.1", + "cpe": "cpe:2.3:a:ruby-lang:unicorn:5.5.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/unicorn@5.5.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:unicorn:5.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:unicorn:unicorn:5.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:unicorn:5.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:unicorn:5.5.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/websocket-driver@0.7.1?package-id=e2f9daf8742288e7", + "name": "websocket-driver", + "version": "0.7.1", + "cpe": "cpe:2.3:a:websocket-driver:websocket-driver:0.7.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/websocket-driver@0.7.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:websocket-driver:websocket_driver:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:websocket_driver:websocket-driver:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:websocket_driver:websocket_driver:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:websocket-driver:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:websocket_driver:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:websocket-driver:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:websocket_driver:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:websocket:websocket-driver:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:websocket:websocket_driver:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:websocket-driver:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:websocket_driver:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:websocket-driver:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:websocket_driver:0.7.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/websocket-extensions@0.1.5?package-id=5c3fbaa5d9601593", + "name": "websocket-extensions", + "version": "0.1.5", + "cpe": "cpe:2.3:a:websocket-extensions:websocket-extensions:0.1.5:*:*:*:*:*:*:*", + "purl": "pkg:gem/websocket-extensions@0.1.5", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:websocket-extensions:websocket_extensions:0.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:websocket_extensions:websocket-extensions:0.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:websocket_extensions:websocket_extensions:0.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:websocket-extensions:0.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby-lang:websocket_extensions:0.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:websocket-extensions:0.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:websocket_extensions:0.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:websocket:websocket-extensions:0.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:websocket:websocket_extensions:0.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:websocket-extensions:0.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:websocket_extensions:0.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:websocket-extensions:0.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:websocket_extensions:0.1.5:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/xpath@3.2.0?package-id=f25eeb27e51f56d5", + "name": "xpath", + "version": "3.2.0", + "cpe": "cpe:2.3:a:ruby-lang:xpath:3.2.0:*:*:*:*:*:*:*", + "purl": "pkg:gem/xpath@3.2.0", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:xpath:3.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:xpath:xpath:3.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:xpath:3.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:xpath:3.2.0:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + }, + { + "type": "library", + "bom-ref": ".@:pkg:gem/zeitwerk@2.2.1?package-id=13b0e0a320df9271", + "name": "zeitwerk", + "version": "2.2.1", + "cpe": "cpe:2.3:a:ruby-lang:zeitwerk:2.2.1:*:*:*:*:*:*:*", + "purl": "pkg:gem/zeitwerk@2.2.1", + "properties": [ + { + "name": "syft:package:foundBy", + "value": "ruby-gemfile-cataloger" + }, + { + "name": "syft:package:language", + "value": "ruby" + }, + { + "name": "syft:package:type", + "value": "gem" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby_lang:zeitwerk:2.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:zeitwerk:zeitwerk:2.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:ruby:zeitwerk:2.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:cpe23", + "value": "cpe:2.3:a:*:zeitwerk:2.2.1:*:*:*:*:*:*:*" + }, + { + "name": "syft:location:0:path", + "value": "Gemfile.lock" + } + ] + } + ] + } + ], + "dependencies": [ + { + "ref": "test@1.1", + "dependsOn": [ + "juice-shop@11.1.2:pkg:npm/juice-shop@11.1.2", + ".@:af63bd4c8601b7f1" + ] + } + ] +} \ No newline at end of file diff --git a/cmd/root.go b/cmd/root.go index 6c44b01..1236bf0 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -9,7 +9,6 @@ import ( "strings" "github.com/devops-kung-fu/common/github" - "github.com/devops-kung-fu/common/util" "github.com/gookit/color" "github.com/spf13/afero" "github.com/spf13/cobra" @@ -31,7 +30,7 @@ var ( if !debug { log.SetOutput(io.Discard) } - util.DoIf(output != "json", func() { + if output != "json" { log.Println("Start") fmt.Println() color.Style{color.FgWhite, color.OpBold}.Println(" ██▄ ▄▀▄ █▄ ▄█ ██▄ ██▀ █▀▄") @@ -45,7 +44,7 @@ var ( if !strings.Contains(latestVersion, version) { color.Yellow.Printf("A newer version of bomber is available (%s)\n\n", latestVersion) } - }) + } }, } ) diff --git a/lib/loader.go b/lib/loader.go index d3fc016..269baa5 100644 --- a/lib/loader.go +++ b/lib/loader.go @@ -6,7 +6,6 @@ import ( "bytes" "crypto/sha256" "encoding/json" - "encoding/xml" "fmt" "io" "log" @@ -76,10 +75,10 @@ func loadFilePurls(afs *afero.Afero, arg string) (scanned []models.ScannedFile, if isCycloneDXXML(b) { log.Println("Detected CycloneDX XML") - return processCycloneDX(b, scanned, xml.Unmarshal) + return processCycloneDX(cyclone.BOMFileFormatXML, b, scanned) } else if isCycloneDXJSON(b) { log.Println("Detected CycloneDX JSON") - return processCycloneDX(b, scanned, json.Unmarshal) + return processCycloneDX(cyclone.BOMFileFormatJSON, b, scanned) } else if isSPDX(b) { log.Println("Detected SPDX") var sbom spdx.BOM @@ -123,9 +122,13 @@ func isSyft(b []byte) bool { return bytes.Contains(b, []byte("https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-")) } -func processCycloneDX(b []byte, s []models.ScannedFile, unmarshal func([]byte, interface{}) error) (scanned []models.ScannedFile, purls []string, licenses []string, err error) { +func processCycloneDX(format cyclone.BOMFileFormat, b []byte, s []models.ScannedFile) (scanned []models.ScannedFile, purls []string, licenses []string, err error) { var sbom cyclone.BOM - if err = unmarshal(b, &sbom); err == nil { + + reader := bytes.NewReader(b) + decoder := cyclone.NewBOMDecoder(reader, format) + err = decoder.Decode(&sbom) + if err == nil { return s, cyclonedx.Purls(&sbom), cyclonedx.Licenses(&sbom), err } return diff --git a/lib/scanner.go b/lib/scanner.go index 2c4b229..1325613 100644 --- a/lib/scanner.go +++ b/lib/scanner.go @@ -201,9 +201,31 @@ func (s *Scanner) processResults(scanned []models.ScannedFile, licenses []string // exitWithCodeIfRequired exits the program with the appropriate code based on severity. func (s *Scanner) exitWithCodeIfRequired(results models.Results) int { if s.ExitCode { - code := HighestSeverityExitCode(FlattenVulnerabilities(results.Packages)) + code := highestSeverityExitCode(FlattenVulnerabilities(results.Packages)) log.Printf("fail severity: %d", code) return code } return 0 } + +// HighestSeverityExitCode returns the exit code of the highest vulnerability +func highestSeverityExitCode(vulnerabilities []models.Vulnerability) int { + severityExitCodes := map[string]int{ + "UNDEFINED": int(models.UNDEFINED), + "LOW": int(models.LOW), + "MODERATE": int(models.MODERATE), + "HIGH": int(models.HIGH), + "CRITICAL": int(models.CRITICAL), + } + + highestSeverity := "UNDEFINED" // Initialize with the lowest severity + for _, vulnerability := range vulnerabilities { + if exitCode, ok := severityExitCodes[vulnerability.Severity]; ok { + if exitCode > severityExitCodes[highestSeverity] { + highestSeverity = vulnerability.Severity + } + } + } + + return severityExitCodes[highestSeverity] +} diff --git a/lib/scanner_test.go b/lib/scanner_test.go index fdb0dc3..0f05720 100644 --- a/lib/scanner_test.go +++ b/lib/scanner_test.go @@ -198,3 +198,21 @@ func Test_ScannerGetProviderInfo(t *testing.T) { assert.Equal(t, "N/A", result) }) } + +func TestHighestSeverityExitCode(t *testing.T) { + // Sample vulnerabilities with different severities + vulnerabilities := []models.Vulnerability{ + {Severity: "LOW"}, + {Severity: "CRITICAL"}, + {Severity: "MODERATE"}, + {Severity: "HIGH"}, + {Severity: "UNDEFINED"}, + } + + // Calculate the expected exit code based on the highest severity + expectedExitCode := 14 // CRITICAL has the highest severity + + // Call the function and check the result using assert + actualExitCode := highestSeverityExitCode(vulnerabilities) + assert.Equal(t, expectedExitCode, actualExitCode) +} diff --git a/lib/util.go b/lib/util.go index 58461b3..170b744 100644 --- a/lib/util.go +++ b/lib/util.go @@ -62,28 +62,6 @@ func ParseSeverity(severity string) int { } } -// HighestSeverityExitCode returns the exit code of the highest vulnerability -func HighestSeverityExitCode(vulnerabilities []models.Vulnerability) int { - severityExitCodes := map[string]int{ - "UNDEFINED": int(models.UNDEFINED), - "LOW": int(models.LOW), - "MODERATE": int(models.MODERATE), - "HIGH": int(models.HIGH), - "CRITICAL": int(models.CRITICAL), - } - - highestSeverity := "UNDEFINED" // Initialize with the lowest severity - for _, vulnerability := range vulnerabilities { - if exitCode, ok := severityExitCodes[vulnerability.Severity]; ok { - if exitCode > severityExitCodes[highestSeverity] { - highestSeverity = vulnerability.Severity - } - } - } - - return severityExitCodes[highestSeverity] -} - // FlattenVulnerabilities flattens all vulnerabilities for a package func FlattenVulnerabilities(packages []models.Package) []models.Vulnerability { var flattenedVulnerabilities []models.Vulnerability @@ -95,7 +73,7 @@ func FlattenVulnerabilities(packages []models.Package) []models.Vulnerability { return flattenedVulnerabilities } -// UniqueFieldValues returns a slice of unique field values from a slice of structs given the property +// UniqueFieldValues returns a slice of unique field values from a slice of structs given a field name func UniqueFieldValues[T any](input []T, fieldName string) []interface{} { // Use a map to store unique field values fieldValuesMap := make(map[interface{}]struct{}) diff --git a/lib/util_test.go b/lib/util_test.go index 605b921..8a95f2b 100644 --- a/lib/util_test.go +++ b/lib/util_test.go @@ -104,24 +104,6 @@ func TestParseSeverity(t *testing.T) { }) } -func TestHighestSeverityExitCode(t *testing.T) { - // Sample vulnerabilities with different severities - vulnerabilities := []models.Vulnerability{ - {Severity: "LOW"}, - {Severity: "CRITICAL"}, - {Severity: "MODERATE"}, - {Severity: "HIGH"}, - {Severity: "UNDEFINED"}, - } - - // Calculate the expected exit code based on the highest severity - expectedExitCode := 14 // CRITICAL has the highest severity - - // Call the function and check the result using assert - actualExitCode := HighestSeverityExitCode(vulnerabilities) - assert.Equal(t, expectedExitCode, actualExitCode) -} - func TestFlattenVulnerabilities(t *testing.T) { // Create some sample data for testing pkg1 := models.Package{ From aeaac9cc8dd9090df7c4c589db6326b0d58d800c Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Tue, 21 Nov 2023 15:38:05 -0700 Subject: [PATCH 13/20] Refactors loader and afero references --- lib/loader.go | 53 ++++++++++++++++++++++------------------ lib/loader_test.go | 59 +++++++++++++++++++++++++++++++++++---------- lib/scanner.go | 13 +++++++--- lib/scanner_test.go | 20 +++++++-------- 4 files changed, 94 insertions(+), 51 deletions(-) diff --git a/lib/loader.go b/lib/loader.go index 269baa5..a9a8d1b 100644 --- a/lib/loader.go +++ b/lib/loader.go @@ -22,12 +22,16 @@ import ( "github.com/devops-kung-fu/bomber/models" ) +type Loader struct { + Afs *afero.Afero +} + // Load retrieves a slice of Purls from various types of SBOMs -func Load(afs *afero.Afero, args []string) (scanned []models.ScannedFile, purls []string, licenses []string, err error) { +func (l *Loader) Load(args []string) (scanned []models.ScannedFile, purls []string, licenses []string, err error) { for _, arg := range args { - isDir, _ := afs.IsDir(arg) + isDir, _ := l.Afs.IsDir(arg) if isDir { - s, values, lic, err := loadFolderPurls(afs, arg) + s, values, lic, err := l.loadFolderPurls(arg) if err != nil { return scanned, nil, nil, err } @@ -35,7 +39,7 @@ func Load(afs *afero.Afero, args []string) (scanned []models.ScannedFile, purls purls = append(purls, values...) licenses = append(licenses, lic...) } else { - scanned, purls, licenses, err = loadFilePurls(afs, arg) + scanned, purls, licenses, err = l.loadFilePurls(arg) } purls = slices.RemoveDuplicates(purls) licenses = slices.RemoveDuplicates(licenses) @@ -43,15 +47,15 @@ func Load(afs *afero.Afero, args []string) (scanned []models.ScannedFile, purls return } -func loadFolderPurls(afs *afero.Afero, arg string) (scanned []models.ScannedFile, purls []string, licenses []string, err error) { +func (l *Loader) loadFolderPurls(arg string) (scanned []models.ScannedFile, purls []string, licenses []string, err error) { absPath, err := filepath.Abs(arg) if err != nil { return scanned, nil, nil, err } - files, err := afs.ReadDir(absPath) + files, err := l.Afs.ReadDir(absPath) for _, file := range files { path := filepath.Join(absPath, file.Name()) - s, values, lic, err := loadFilePurls(afs, path) + s, values, lic, err := l.loadFilePurls(path) if err != nil { log.Println(path, err) } @@ -62,8 +66,8 @@ func loadFolderPurls(afs *afero.Afero, arg string) (scanned []models.ScannedFile return } -func loadFilePurls(afs *afero.Afero, arg string) (scanned []models.ScannedFile, purls []string, licenses []string, err error) { - b, err := readFile(afs, arg) +func (l *Loader) loadFilePurls(arg string) (scanned []models.ScannedFile, purls []string, licenses []string, err error) { + b, err := l.readFile(arg) if err != nil { return scanned, nil, nil, err } @@ -73,19 +77,19 @@ func loadFilePurls(afs *afero.Afero, arg string) (scanned []models.ScannedFile, SHA256: fmt.Sprintf("%x", sha256.Sum256(b)), }) - if isCycloneDXXML(b) { + if l.isCycloneDXXML(b) { log.Println("Detected CycloneDX XML") - return processCycloneDX(cyclone.BOMFileFormatXML, b, scanned) - } else if isCycloneDXJSON(b) { + return l.processCycloneDX(cyclone.BOMFileFormatXML, b, scanned) + } else if l.isCycloneDXJSON(b) { log.Println("Detected CycloneDX JSON") - return processCycloneDX(cyclone.BOMFileFormatJSON, b, scanned) - } else if isSPDX(b) { + return l.processCycloneDX(cyclone.BOMFileFormatJSON, b, scanned) + } else if l.isSPDX(b) { log.Println("Detected SPDX") var sbom spdx.BOM if err = json.Unmarshal(b, &sbom); err == nil { return scanned, sbom.Purls(), sbom.Licenses(), err } - } else if isSyft(b) { + } else if l.isSyft(b) { log.Println("Detected Syft") var sbom syft.BOM if err = json.Unmarshal(b, &sbom); err == nil { @@ -94,35 +98,36 @@ func loadFilePurls(afs *afero.Afero, arg string) (scanned []models.ScannedFile, } log.Printf("WARNING: %v isn't a valid SBOM", arg) + log.Println(err) return scanned, nil, nil, fmt.Errorf("%v is not a SBOM recognized by bomber", arg) } -func readFile(afs *afero.Afero, arg string) ([]byte, error) { +func (l *Loader) readFile(arg string) ([]byte, error) { if arg == "-" { log.Printf("Reading from stdin") return io.ReadAll(bufio.NewReader(os.Stdin)) } log.Printf("Reading: %v", arg) - return afs.ReadFile(arg) + return l.Afs.ReadFile(arg) } -func isCycloneDXXML(b []byte) bool { +func (l *Loader) isCycloneDXXML(b []byte) bool { return bytes.Contains(b, []byte("xmlns")) && bytes.Contains(b, []byte("CycloneDX")) } -func isCycloneDXJSON(b []byte) bool { +func (l *Loader) isCycloneDXJSON(b []byte) bool { return bytes.Contains(b, []byte("bomFormat")) && bytes.Contains(b, []byte("CycloneDX")) } -func isSPDX(b []byte) bool { +func (l *Loader) isSPDX(b []byte) bool { return bytes.Contains(b, []byte("SPDXRef-DOCUMENT")) } -func isSyft(b []byte) bool { +func (l *Loader) isSyft(b []byte) bool { return bytes.Contains(b, []byte("https://raw.githubusercontent.com/anchore/syft/main/schema/json/schema-")) } -func processCycloneDX(format cyclone.BOMFileFormat, b []byte, s []models.ScannedFile) (scanned []models.ScannedFile, purls []string, licenses []string, err error) { +func (l *Loader) processCycloneDX(format cyclone.BOMFileFormat, b []byte, s []models.ScannedFile) (scanned []models.ScannedFile, purls []string, licenses []string, err error) { var sbom cyclone.BOM reader := bytes.NewReader(b) @@ -135,8 +140,8 @@ func processCycloneDX(format cyclone.BOMFileFormat, b []byte, s []models.Scanned } // LoadIgnore loads a list of CVEs entered one on each line from the filename -func LoadIgnore(afs *afero.Afero, ignoreFile string) (cves []string, err error) { - f, err := afs.Open(ignoreFile) +func (l *Loader) LoadIgnore(ignoreFile string) (cves []string, err error) { + f, err := l.Afs.Open(ignoreFile) if err != nil { log.Printf("error opening ignore: %v\n", err) return diff --git a/lib/loader_test.go b/lib/loader_test.go index 8675d09..f6079a0 100644 --- a/lib/loader_test.go +++ b/lib/loader_test.go @@ -20,8 +20,10 @@ func TestLoad_cyclonedx(t *testing.T) { files, _ := afs.ReadDir("/") assert.Len(t, files, 1) - - scanned, purls, _, err := Load(afs, []string{"/"}) + l := Loader{ + Afs: afs, + } + scanned, purls, _, err := l.Load([]string{"/"}) assert.NotNil(t, scanned) assert.NoError(t, err) @@ -51,7 +53,11 @@ func TestLoad_cyclonedx_stdin(t *testing.T) { os.Stdin = tmpfile - scanned, purls, _, err := Load(afs, []string{"-"}) + l := &Loader{ + Afs: afs, + } + + scanned, purls, _, err := l.Load([]string{"-"}) assert.NotNil(t, scanned) assert.NoError(t, err) @@ -70,7 +76,12 @@ func TestLoad_SPDX(t *testing.T) { files, _ := afs.ReadDir("/") assert.Len(t, files, 1) - scanned, purls, _, err := Load(afs, []string{"/"}) + + l := &Loader{ + Afs: afs, + } + + scanned, purls, _, err := l.Load([]string{"/"}) assert.NotNil(t, scanned) assert.NoError(t, err) @@ -89,7 +100,11 @@ func TestLoad_syft(t *testing.T) { files, _ := afs.ReadDir("/") assert.Len(t, files, 1) - scanned, purls, _, err := Load(afs, []string{"/"}) + l := &Loader{ + Afs: afs, + } + + scanned, purls, _, err := l.Load([]string{"/"}) assert.NotNil(t, scanned) assert.NoError(t, err) @@ -110,7 +125,11 @@ func TestLoad_BadJSON_SPDX(t *testing.T) { err := afs.WriteFile("/test-spdx.json", fudgedFile, 0644) assert.NoError(t, err) - _, _, _, err = loadFilePurls(afs, "/test-spdx.json") + l := &Loader{ + Afs: afs, + } + + _, _, _, err = l.loadFilePurls("/test-spdx.json") assert.Error(t, err) assert.Equal(t, "/test-spdx.json is not a SBOM recognized by bomber", err.Error()) } @@ -121,15 +140,22 @@ func TestLoad_garbage(t *testing.T) { err := afs.WriteFile("/not-a-sbom.json", []byte("test"), 0644) assert.NoError(t, err) - _, _, _, err = loadFilePurls(afs, "/not-a-sbom.json") + l := &Loader{ + Afs: afs, + } + + _, _, _, err = l.loadFilePurls("/not-a-sbom.json") assert.Error(t, err) assert.Equal(t, "/not-a-sbom.json is not a SBOM recognized by bomber", err.Error()) } -func Test_loadFilePurls(t *testing.T) { - afs := &afero.Afero{Fs: afero.NewMemMapFs()} +func TestloadFilePurls(t *testing.T) { - _, _, _, err := loadFilePurls(afs, "no-file.json") + l := &Loader{ + Afs: &afero.Afero{Fs: afero.NewMemMapFs()}, + } + + _, _, _, err := l.loadFilePurls("no-file.json") assert.Error(t, err) } @@ -145,7 +171,11 @@ func TestLoad_multiple_cyclonedx(t *testing.T) { err = afs.WriteFile("/test2/test2-cyclonedx.json", cyclonedx.TestBytes(), 0644) assert.NoError(t, err) - scanned, purls, _, err := Load(afs, []string{"/"}) + l := &Loader{ + Afs: afs, + } + + scanned, purls, _, err := l.Load([]string{"/"}) assert.NotNil(t, scanned) assert.NoError(t, err) @@ -161,10 +191,13 @@ func TestLoadIgnore(t *testing.T) { afs.WriteFile("test.ignore", []byte("test\ntest2"), 0644) - cves, err := LoadIgnore(afs, "test.ignore") + l := &Loader{ + Afs: afs, + } + cves, err := l.LoadIgnore("test.ignore") assert.NoError(t, err) assert.Len(t, cves, 2) - _, err = LoadIgnore(afs, "tst.ignore") + _, err = l.LoadIgnore("tst.ignore") assert.Error(t, err) } diff --git a/lib/scanner.go b/lib/scanner.go index 1325613..8d0aba8 100644 --- a/lib/scanner.go +++ b/lib/scanner.go @@ -33,10 +33,15 @@ type Scanner struct { Afs *afero.Afero } +var loader Loader + // Scan performs the vulnerability scan. func (s *Scanner) Scan(args []string) (exitCode int, err error) { + loader := Loader{ + s.Afs, + } // Load packages and associated data - scanned, purls, licenses, err := Load(s.Afs, args) + scanned, purls, licenses, err := loader.Load(args) if err != nil { log.Print(err) return @@ -77,7 +82,7 @@ func (s *Scanner) scanPackages(purls []string) (response []models.Package, err e } // Load ignore data if specified - ignoredCVE, err := s.loadIgnoreData(s.Afs, s.IgnoreFile) + ignoredCVE, err := s.loadIgnoreData(s.IgnoreFile) if err != nil { util.PrintWarningf("Ignore flag set, but there was an error: %s", err) } @@ -135,9 +140,9 @@ func (s *Scanner) getProviderInfo() string { } // loadIgnoreData loads the ignore data from a file if specified. -func (s *Scanner) loadIgnoreData(afs *afero.Afero, ignoreFile string) ([]string, error) { +func (s *Scanner) loadIgnoreData(ignoreFile string) ([]string, error) { if ignoreFile != "" { - return LoadIgnore(afs, ignoreFile) + return loader.LoadIgnore(ignoreFile) } return nil, nil } diff --git a/lib/scanner_test.go b/lib/scanner_test.go index 0f05720..1fb6285 100644 --- a/lib/scanner_test.go +++ b/lib/scanner_test.go @@ -24,7 +24,7 @@ func (mp MockProvider) Info() string { return "MockProviderInfo" } -func Test_detectEcosystems(t *testing.T) { +func TestdetectEcosystems(t *testing.T) { scanner := Scanner{} purls := []string{ @@ -38,28 +38,28 @@ func Test_detectEcosystems(t *testing.T) { assert.ElementsMatch(t, []string{"golang", "npm"}, result, "Detected ecosystems do not match expected result") } -func Test_loadIgnoreData(t *testing.T) { +func TestloadIgnoreData(t *testing.T) { afs := &afero.Afero{Fs: afero.NewMemMapFs()} err := afs.WriteFile("/.bomber.ignore", []byte("CVE-2022-31163"), 0644) assert.NoError(t, err) scanner := Scanner{} - results, err := scanner.loadIgnoreData(afs, "/.bomber.ignore") + results, err := scanner.loadIgnoreData("/.bomber.ignore") assert.NoError(t, err) assert.Len(t, results, 1) assert.Equal(t, results[0], "CVE-2022-31163") - _, err = scanner.loadIgnoreData(afs, "test") + _, err = scanner.loadIgnoreData("test") assert.Error(t, err) - results, err = scanner.loadIgnoreData(afs, "") + results, err = scanner.loadIgnoreData("") assert.NoError(t, err) assert.Len(t, results, 0) } -func Test_Scanner_Scan(t *testing.T) { +func TestScanner_Scan(t *testing.T) { output := util.CaptureOutput(func() { afs := &afero.Afero{Fs: afero.NewMemMapFs()} @@ -88,7 +88,7 @@ func Test_Scanner_Scan(t *testing.T) { assert.NotNil(t, output) } -func Test_Scanner_exitWithCodeIfRequired(t *testing.T) { +func TestScanner_exitWithCodeIfRequired(t *testing.T) { scanner := Scanner{ ExitCode: false, } @@ -100,7 +100,7 @@ func Test_Scanner_exitWithCodeIfRequired(t *testing.T) { assert.Equal(t, 10, code) } -func Test_Scanner_enrichAndIgnoreVulnerabilities(t *testing.T) { +func TestScanner_enrichAndIgnoreVulnerabilities(t *testing.T) { t.Run("EnrichVulnerabilities", func(t *testing.T) { // Create a sample Scanner instance scanner := Scanner{} @@ -146,7 +146,7 @@ func Test_Scanner_enrichAndIgnoreVulnerabilities(t *testing.T) { }) } -func Test_FilterVulnerabilities(t *testing.T) { +func TestFilterVulnerabilities(t *testing.T) { // Create a sample Scanner instance with a severity filter scanner := Scanner{Severity: "HIGH"} @@ -183,7 +183,7 @@ func Test_FilterVulnerabilities(t *testing.T) { assert.Equal(t, 0, len(response[1].Vulnerabilities)-2) // Expecting LOW severity to be filtered out } -func Test_ScannerGetProviderInfo(t *testing.T) { +func TestScannerGetProviderInfo(t *testing.T) { t.Run("WithMockProvider", func(t *testing.T) { scanner := Scanner{Provider: MockProvider{}} result := scanner.getProviderInfo() From 77791cc95a7b255bcab4f2066b887cc1008fd0b9 Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Tue, 21 Nov 2023 16:12:21 -0700 Subject: [PATCH 14/20] Version bump to 0.4.8 --- cmd/root.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/root.go b/cmd/root.go index 1236bf0..af83919 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -15,7 +15,7 @@ import ( ) var ( - version = "0.4.7" + version = "0.4.8" output string //Afs stores a global OS Filesystem that is used throughout bomber Afs = &afero.Afero{Fs: afero.NewOsFs()} From 460c046aa1b7499d707b49bf0a7298168b85d437 Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Tue, 21 Nov 2023 16:29:34 -0700 Subject: [PATCH 15/20] Refactored loader tests --- lib/loader_test.go | 72 ++++++++++++++-------------------------------- 1 file changed, 21 insertions(+), 51 deletions(-) diff --git a/lib/loader_test.go b/lib/loader_test.go index f6079a0..a92b567 100644 --- a/lib/loader_test.go +++ b/lib/loader_test.go @@ -12,17 +12,24 @@ import ( syft "github.com/devops-kung-fu/bomber/formats/syft" ) -func TestLoad_cyclonedx(t *testing.T) { - afs := &afero.Afero{Fs: afero.NewMemMapFs()} +var ( + afs *afero.Afero + l Loader +) +func SetupTest() { + afs = &afero.Afero{Fs: afero.NewMemMapFs()} + l = Loader{Afs: afs} +} + +func TestLoad_cyclonedx(t *testing.T) { + SetupTest() err := afs.WriteFile("/test-cyclonedx.json", cyclonedx.TestBytes(), 0644) assert.NoError(t, err) files, _ := afs.ReadDir("/") assert.Len(t, files, 1) - l := Loader{ - Afs: afs, - } + scanned, purls, _, err := l.Load([]string{"/"}) assert.NotNil(t, scanned) @@ -35,8 +42,7 @@ func TestLoad_cyclonedx(t *testing.T) { } func TestLoad_cyclonedx_stdin(t *testing.T) { - afs := &afero.Afero{Fs: afero.NewMemMapFs()} - + SetupTest() tmpfile, err := os.CreateTemp("", "test-cyclonedx.json") assert.NoError(t, err) @@ -53,10 +59,6 @@ func TestLoad_cyclonedx_stdin(t *testing.T) { os.Stdin = tmpfile - l := &Loader{ - Afs: afs, - } - scanned, purls, _, err := l.Load([]string{"-"}) assert.NotNil(t, scanned) @@ -69,18 +71,13 @@ func TestLoad_cyclonedx_stdin(t *testing.T) { } func TestLoad_SPDX(t *testing.T) { - afs := &afero.Afero{Fs: afero.NewMemMapFs()} - + SetupTest() err := afs.WriteFile("/test-spdx.json", spdx.TestBytes(), 0644) assert.NoError(t, err) files, _ := afs.ReadDir("/") assert.Len(t, files, 1) - l := &Loader{ - Afs: afs, - } - scanned, purls, _, err := l.Load([]string{"/"}) assert.NotNil(t, scanned) @@ -93,16 +90,12 @@ func TestLoad_SPDX(t *testing.T) { } func TestLoad_syft(t *testing.T) { - afs := &afero.Afero{Fs: afero.NewMemMapFs()} - + SetupTest() err := afs.WriteFile("/test-syft.json", syft.TestBytes(), 0644) assert.NoError(t, err) files, _ := afs.ReadDir("/") assert.Len(t, files, 1) - l := &Loader{ - Afs: afs, - } scanned, purls, _, err := l.Load([]string{"/"}) @@ -116,8 +109,7 @@ func TestLoad_syft(t *testing.T) { } func TestLoad_BadJSON_SPDX(t *testing.T) { - afs := &afero.Afero{Fs: afero.NewMemMapFs()} - + SetupTest() fudgedFile := spdx.TestBytes() bogusString := "bogus" fudgedFile = append(fudgedFile, bogusString...) @@ -125,43 +117,29 @@ func TestLoad_BadJSON_SPDX(t *testing.T) { err := afs.WriteFile("/test-spdx.json", fudgedFile, 0644) assert.NoError(t, err) - l := &Loader{ - Afs: afs, - } - _, _, _, err = l.loadFilePurls("/test-spdx.json") assert.Error(t, err) assert.Equal(t, "/test-spdx.json is not a SBOM recognized by bomber", err.Error()) } func TestLoad_garbage(t *testing.T) { - afs := &afero.Afero{Fs: afero.NewMemMapFs()} - + SetupTest() err := afs.WriteFile("/not-a-sbom.json", []byte("test"), 0644) assert.NoError(t, err) - l := &Loader{ - Afs: afs, - } - _, _, _, err = l.loadFilePurls("/not-a-sbom.json") assert.Error(t, err) assert.Equal(t, "/not-a-sbom.json is not a SBOM recognized by bomber", err.Error()) } -func TestloadFilePurls(t *testing.T) { - - l := &Loader{ - Afs: &afero.Afero{Fs: afero.NewMemMapFs()}, - } - +func Test_loadFilePurls(t *testing.T) { + SetupTest() _, _, _, err := l.loadFilePurls("no-file.json") assert.Error(t, err) } func TestLoad_multiple_cyclonedx(t *testing.T) { - afs := &afero.Afero{Fs: afero.NewMemMapFs()} - + SetupTest() err := afs.WriteFile("/test-cyclonedx.json", cyclonedx.TestBytes(), 0644) assert.NoError(t, err) @@ -171,10 +149,6 @@ func TestLoad_multiple_cyclonedx(t *testing.T) { err = afs.WriteFile("/test2/test2-cyclonedx.json", cyclonedx.TestBytes(), 0644) assert.NoError(t, err) - l := &Loader{ - Afs: afs, - } - scanned, purls, _, err := l.Load([]string{"/"}) assert.NotNil(t, scanned) @@ -187,13 +161,9 @@ func TestLoad_multiple_cyclonedx(t *testing.T) { } func TestLoadIgnore(t *testing.T) { - afs := &afero.Afero{Fs: afero.NewMemMapFs()} - + SetupTest() afs.WriteFile("test.ignore", []byte("test\ntest2"), 0644) - l := &Loader{ - Afs: afs, - } cves, err := l.LoadIgnore("test.ignore") assert.NoError(t, err) assert.Len(t, cves, 2) From 2fbe5193eaef567859c920295251592f434d7d5c Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Tue, 21 Nov 2023 17:09:04 -0700 Subject: [PATCH 16/20] HTML and STDIN renderers show filtering information if the severity flag is set --- .vscode/launch.json | 2 +- lib/scanner.go | 7 +------ models/structs.go | 24 +++++++++++++----------- renderers/html/html.go | 13 +++++++++++++ renderers/html/html_test.go | 6 +++--- renderers/json/json_test.go | 2 +- renderers/stdout/stdout.go | 24 ++++++++++++++++++++---- renderers/stdout/stdout_test.go | 2 +- 8 files changed, 53 insertions(+), 27 deletions(-) diff --git a/.vscode/launch.json b/.vscode/launch.json index d1d8c89..43b268d 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -98,7 +98,7 @@ "request": "launch", "mode": "auto", "program": "${workspaceFolder}/main.go", - "args": ["--provider=ossindex", "--debug=true", "--output=html", "scan", "./_TESTDATA_/sbom/juiceshop.cyclonedx.json"] + "args": ["--provider=ossindex", "--debug=true", "--output=html", "--severity=high", "scan", "./_TESTDATA_/sbom/juiceshop.cyclonedx.json"] }, { "name": "Debug File, Output HTML (osv - juiceshop)", diff --git a/lib/scanner.go b/lib/scanner.go index 8d0aba8..d523fa8 100644 --- a/lib/scanner.go +++ b/lib/scanner.go @@ -122,11 +122,6 @@ func (s *Scanner) printHeader(purlCount int, ecosystems []string, issues []model util.PrintInfof("Scanning %v packages for vulnerabilities...\n", purlCount) util.PrintInfo("Vulnerability Provider:", s.getProviderInfo(), "\n") - if s.Severity != "" { - util.PrintInfof("Showing vulnerabilities with a severity of %s or higher", strings.ToUpper(s.Severity)) - fmt.Println() - } - spinner.Suffix = fmt.Sprintf(" Fetching vulnerability data from %s", s.ProviderName) spinner.Start() } @@ -190,7 +185,7 @@ func (s *Scanner) processResults(scanned []models.ScannedFile, licenses []string } log.Println("Creating results") // Create results object - results := models.NewResults(response, s.SeveritySummary, scanned, licenses, s.Version, s.ProviderName) + results := models.NewResults(response, s.SeveritySummary, scanned, licenses, s.Version, s.ProviderName, s.Severity) // Render results using the specified renderer if s.Renderer != nil { diff --git a/models/structs.go b/models/structs.go index 64c558a..ab68319 100644 --- a/models/structs.go +++ b/models/structs.go @@ -49,11 +49,12 @@ type Results struct { // Meta contains system and execution information about the results from bomber type Meta struct { - Generator string `json:"generator"` - URL string `json:"url"` - Version string `json:"version"` - Provider string `json:"provider"` - Date time.Time `json:"date"` + Generator string `json:"generator"` + URL string `json:"url"` + Version string `json:"version"` + Provider string `json:"provider"` + SeverityFilter string `json:"severityFilter"` + Date time.Time `json:"date"` } // ScannedFile contains the absolute name and sha256 of a processed file @@ -69,14 +70,15 @@ type Credentials struct { } // NewResults defines the high level output of bomber -func NewResults(packages []Package, summary Summary, scanned []ScannedFile, licenses []string, version, providerName string) Results { +func NewResults(packages []Package, summary Summary, scanned []ScannedFile, licenses []string, version, providerName string, severityFilter string) Results { return Results{ Meta: Meta{ - Generator: "bomber", - URL: "https://github.com/devops-kung-fu/bomber", - Version: version, - Provider: providerName, - Date: time.Now(), + Generator: "bomber", + URL: "https://github.com/devops-kung-fu/bomber", + Version: version, + Provider: providerName, + Date: time.Now(), + SeverityFilter: severityFilter, }, Files: scanned, Summary: summary, diff --git a/renderers/html/html.go b/renderers/html/html.go index fe6ba59..49de68b 100644 --- a/renderers/html/html.go +++ b/renderers/html/html.go @@ -217,12 +217,25 @@ func genTemplate(output string) (t *template.Template) { {{ end }} {{ if ne (len .Packages) 0 }}

Vulnerability Summary

+ {{ if ne (len .Meta.SeverityFilter) 0 }} +

Only showing vulnerabilities with a severity of {{ .Meta.SeverityFilter }} or higher.

+ {{ end }} + {{if gt .Summary.Critical 0}} + {{ end }} + {{if gt .Summary.High 0}} + {{ end }} + {{if gt .Summary.Moderate 0}} + {{ end }} + {{if gt .Summary.Low 0}} + {{ end }} + {{if gt .Summary.Unspecified 0}} + {{ end }}
Critical:{{ .Summary.Critical }}
High:{{ .Summary.High }}
Moderate:{{ .Summary.Moderate }}
Low:{{ .Summary.Low }}
Unspecified:{{ .Summary.Unspecified }}

Vulnerability Details

{{ range .Packages }} diff --git a/renderers/html/html_test.go b/renderers/html/html_test.go index b513623..f0db6c2 100644 --- a/renderers/html/html_test.go +++ b/renderers/html/html_test.go @@ -15,7 +15,7 @@ import ( func Test_writeTemplate(t *testing.T) { afs := &afero.Afero{Fs: afero.NewMemMapFs()} - err := writeTemplate(afs, "test.html", models.NewResults([]models.Package{}, models.Summary{}, []models.ScannedFile{}, []string{"GPL"}, "0.0.0", "test")) + err := writeTemplate(afs, "test.html", models.NewResults([]models.Package{}, models.Summary{}, []models.ScannedFile{}, []string{"GPL"}, "0.0.0", "test", "")) assert.NoError(t, err) b, err := afs.ReadFile("test.html") @@ -37,7 +37,7 @@ func Test_genTemplate(t *testing.T) { func TestRenderer_Render(t *testing.T) { output := util.CaptureOutput(func() { renderer := Renderer{} - err := renderer.Render(models.NewResults([]models.Package{}, models.Summary{}, []models.ScannedFile{}, []string{"GPL"}, "0.0.0", "test")) + err := renderer.Render(models.NewResults([]models.Package{}, models.Summary{}, []models.ScannedFile{}, []string{"GPL"}, "0.0.0", "test", "")) if err != nil { fmt.Println(err) } @@ -82,7 +82,7 @@ func Test_markdownToHTML(t *testing.T) { }, }, } - results := models.NewResults(packages, models.Summary{}, []models.ScannedFile{}, []string{"GPL"}, "0.0.0", "test") + results := models.NewResults(packages, models.Summary{}, []models.ScannedFile{}, []string{"GPL"}, "0.0.0", "test", "") markdownToHTML(results) assert.NotNil(t, results) diff --git a/renderers/json/json_test.go b/renderers/json/json_test.go index 1c376b0..35c6796 100644 --- a/renderers/json/json_test.go +++ b/renderers/json/json_test.go @@ -12,7 +12,7 @@ import ( func TestRenderer_Render(t *testing.T) { output := util.CaptureOutput(func() { renderer := Renderer{} - renderer.Render(models.NewResults([]models.Package{}, models.Summary{}, []models.ScannedFile{}, []string{"GPL"}, "0.0.0", "test")) + renderer.Render(models.NewResults([]models.Package{}, models.Summary{}, []models.ScannedFile{}, []string{"GPL"}, "0.0.0", "test", "")) }) assert.NotNil(t, output) assert.Contains(t, output, "generator\": \"bomber\"") diff --git a/renderers/stdout/stdout.go b/renderers/stdout/stdout.go index bdd8ce1..3d4314c 100644 --- a/renderers/stdout/stdout.go +++ b/renderers/stdout/stdout.go @@ -86,6 +86,11 @@ func renderFooter(vulnCount int, results models.Results) { fmt.Println() renderSeveritySummary(results.Summary) fmt.Println() + if results.Meta.SeverityFilter != "" { + util.PrintWarningf("Only displaying vulnerabilities with a severity of %s or higher", strings.ToUpper(results.Meta.SeverityFilter)) + fmt.Println() + } + fmt.Println() fmt.Println("NOTES:") fmt.Println() fmt.Println("1. The list of vulnerabilities displayed may differ from provider to provider. This list") @@ -108,10 +113,21 @@ func renderSeveritySummary(summary models.Summary) { t := table.NewWriter() t.SetOutputMirror(os.Stdout) t.AppendHeader(table.Row{"Rating", "Count"}) - t.AppendRow([]interface{}{"CRITICAL", summary.Critical}) - t.AppendRow([]interface{}{"HIGH", summary.High}) - t.AppendRow([]interface{}{"MODERATE", summary.Moderate}) - t.AppendRow([]interface{}{"LOW", summary.Low}) + if summary.Critical > 0 { + t.AppendRow([]interface{}{"CRITICAL", summary.Critical}) + } + if summary.High > 0 { + t.AppendRow([]interface{}{"HIGH", summary.High}) + } + if summary.Moderate > 0 { + t.AppendRow([]interface{}{"MODERATE", summary.Moderate}) + } + if summary.Low > 0 { + t.AppendRow([]interface{}{"LOW", summary.Low}) + } + if summary.Unspecified > 0 { + t.AppendRow([]interface{}{"UNSPECIFIED", summary.Unspecified}) + } if summary.Unspecified > 0 { t.AppendRow([]interface{}{"UNSPECIFIED", summary.Unspecified}) } diff --git a/renderers/stdout/stdout_test.go b/renderers/stdout/stdout_test.go index b44893f..8dbd2db 100644 --- a/renderers/stdout/stdout_test.go +++ b/renderers/stdout/stdout_test.go @@ -23,7 +23,7 @@ func TestRenderer_Render(t *testing.T) { }, } renderer := Renderer{} - renderer.Render(models.NewResults(packages, models.Summary{}, []models.ScannedFile{}, []string{"GPL"}, "0.0.0", "test")) + renderer.Render(models.NewResults(packages, models.Summary{}, []models.ScannedFile{}, []string{"GPL"}, "0.0.0", "test", "")) }) assert.NotNil(t, output) assert.Contains(t, output, "golang │ spinner │ v1.19.0 │ CRITICAL") From 2d713c486b653c6da7d5ceab0f466980579990c2 Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Tue, 21 Nov 2023 17:10:55 -0700 Subject: [PATCH 17/20] Test case coverage --- renderers/html/html_test.go | 2 +- renderers/stdout/stdout_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/renderers/html/html_test.go b/renderers/html/html_test.go index f0db6c2..f5a32ae 100644 --- a/renderers/html/html_test.go +++ b/renderers/html/html_test.go @@ -15,7 +15,7 @@ import ( func Test_writeTemplate(t *testing.T) { afs := &afero.Afero{Fs: afero.NewMemMapFs()} - err := writeTemplate(afs, "test.html", models.NewResults([]models.Package{}, models.Summary{}, []models.ScannedFile{}, []string{"GPL"}, "0.0.0", "test", "")) + err := writeTemplate(afs, "test.html", models.NewResults([]models.Package{}, models.Summary{}, []models.ScannedFile{}, []string{"GPL"}, "0.0.0", "test", "low")) assert.NoError(t, err) b, err := afs.ReadFile("test.html") diff --git a/renderers/stdout/stdout_test.go b/renderers/stdout/stdout_test.go index 8dbd2db..586fb8b 100644 --- a/renderers/stdout/stdout_test.go +++ b/renderers/stdout/stdout_test.go @@ -23,7 +23,7 @@ func TestRenderer_Render(t *testing.T) { }, } renderer := Renderer{} - renderer.Render(models.NewResults(packages, models.Summary{}, []models.ScannedFile{}, []string{"GPL"}, "0.0.0", "test", "")) + renderer.Render(models.NewResults(packages, models.Summary{}, []models.ScannedFile{}, []string{"GPL"}, "0.0.0", "test", "low")) }) assert.NotNil(t, output) assert.Contains(t, output, "golang │ spinner │ v1.19.0 │ CRITICAL") From 40ee4dd55178b5d82a67b95067a8b5274792900b Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Tue, 5 Dec 2023 10:43:38 -0700 Subject: [PATCH 18/20] More test cases --- .gitignore | 3 ++- Makefile | 1 + go.mod | 8 +++--- go.sum | 8 ++++++ lib/loader_test.go | 16 +++++++++++ renderers/json/json.go | 8 +----- renderers/stdout/stdout_test.go | 47 +++++++++++++++++++++++++++++++++ 7 files changed, 79 insertions(+), 12 deletions(-) diff --git a/.gitignore b/.gitignore index e85d231..f1e4b6d 100644 --- a/.gitignore +++ b/.gitignore @@ -22,4 +22,5 @@ bomber /rest -*-results.html \ No newline at end of file +*-results.html +coverage.html \ No newline at end of file diff --git a/Makefile b/Makefile index dd16854..2a9251a 100644 --- a/Makefile +++ b/Makefile @@ -19,6 +19,7 @@ build: ## Builds the application test: ## Runs tests and coverage go test -v -coverprofile=coverage.out ./... && go tool cover -func=coverage.out + go tool cover -html=coverage.out -o coverage.html check: build ## Tests the pre-commit hooks if they exist hookz reset --verbose --debug --verbose-output diff --git a/go.mod b/go.mod index 152769f..581ad4a 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/microcosm-cc/bluemonday v1.0.26 github.com/package-url/packageurl-go v0.1.2 github.com/remeh/sizedwaitgroup v1.0.0 - github.com/spf13/afero v1.10.0 + github.com/spf13/afero v1.11.0 github.com/spf13/cobra v1.8.0 github.com/stretchr/testify v1.8.4 ) @@ -24,7 +24,7 @@ require ( github.com/kr/pretty v0.3.0 // indirect github.com/rogpeppe/go-internal v1.8.0 // indirect golang.org/x/exp v0.0.0-20230202163644-54bba9f4231b // indirect - golang.org/x/term v0.14.0 // indirect + golang.org/x/term v0.15.0 // indirect ) require ( @@ -41,8 +41,8 @@ require ( github.com/rivo/uniseg v0.4.4 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect - golang.org/x/net v0.18.0 // indirect - golang.org/x/sys v0.14.0 // indirect + golang.org/x/net v0.19.0 // indirect + golang.org/x/sys v0.15.0 // indirect golang.org/x/text v0.14.0 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 0d3460b..c289b78 100644 --- a/go.sum +++ b/go.sum @@ -189,6 +189,8 @@ github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6po github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/spf13/afero v1.10.0 h1:EaGW2JJh15aKOejeuJ+wpFSHnbd7GE6Wvp3TsNhb6LY= github.com/spf13/afero v1.10.0/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= +github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= +github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -298,6 +300,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg= golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= +golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= +golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -357,9 +361,13 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8= golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= +golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/lib/loader_test.go b/lib/loader_test.go index a92b567..b16771d 100644 --- a/lib/loader_test.go +++ b/lib/loader_test.go @@ -4,6 +4,7 @@ import ( "os" "testing" + cyclone "github.com/CycloneDX/cyclonedx-go" "github.com/spf13/afero" "github.com/stretchr/testify/assert" @@ -171,3 +172,18 @@ func TestLoadIgnore(t *testing.T) { _, err = l.LoadIgnore("tst.ignore") assert.Error(t, err) } + +func TestProcessCycloneDX_InvalidFormat(t *testing.T) { + + invalidFile := []byte("{{") + + loader := Loader{} + + _, _, _, err := loader.processCycloneDX( + cyclone.BOMFileFormatJSON, + invalidFile, + nil, + ) + + assert.Error(t, err) +} diff --git a/renderers/json/json.go b/renderers/json/json.go index 25e3f6c..123ff90 100644 --- a/renderers/json/json.go +++ b/renderers/json/json.go @@ -4,7 +4,6 @@ package json import ( "encoding/json" "fmt" - "log" "github.com/devops-kung-fu/bomber/models" ) @@ -14,12 +13,7 @@ type Renderer struct{} // Render outputs json to STDOUT func (Renderer) Render(results models.Results) error { - b, err := json.MarshalIndent(results, "", "\t") - if err != nil { - log.Println(err) - return err - } - + b, _ := json.MarshalIndent(results, "", "\t") fmt.Println(string(b)) return nil } diff --git a/renderers/stdout/stdout_test.go b/renderers/stdout/stdout_test.go index 586fb8b..9723b63 100644 --- a/renderers/stdout/stdout_test.go +++ b/renderers/stdout/stdout_test.go @@ -63,3 +63,50 @@ func Test_renderSeveritySummary(t *testing.T) { assert.NotNil(t, output) assert.Contains(t, output, "│ RATING") } + +func TestRenderFooter(t *testing.T) { + output := util.CaptureOutput(func() { + + results := models.Results{ + Summary: models.Summary{ + Critical: 1, + High: 2, + Moderate: 3, + Low: 4, + }, + Meta: models.Meta{ + Provider: "test", + SeverityFilter: "HIGH", + }, + } + + renderFooter(1, results) + + }) + + assert.Contains(t, output, "Rendering Severity Summary\n") + assert.Contains(t, output, "CRITICAL │ 1") + assert.Contains(t, output, "Only displaying vulnerabilities with a severity of") + + assert.NotNil(t, output) + + output = util.CaptureOutput(func() { + + results := models.Results{ + Summary: models.Summary{ + Critical: 1, + High: 2, + Moderate: 3, + Low: 4, + }, + Meta: models.Meta{ + Provider: "test", + SeverityFilter: "HIGH", + }, + } + + renderFooter(0, results) + }) + assert.Contains(t, output, "\nNOTE: Just because bomber didn't find any vulnerabilities") + +} From d5dcfb44f03138ac24841f2d87f0b3606debb511 Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Tue, 5 Dec 2023 10:59:22 -0700 Subject: [PATCH 19/20] More test coverage, and handling if passed a botched arg --- go.sum | 432 -------------------------------------------- lib/loader.go | 7 +- lib/scanner_test.go | 9 + 3 files changed, 14 insertions(+), 434 deletions(-) diff --git a/go.sum b/go.sum index c289b78..7ef343e 100644 --- a/go.sum +++ b/go.sum @@ -1,43 +1,3 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= -cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/CycloneDX/cyclonedx-go v0.7.2 h1:kKQ0t1dPOlugSIYVOMiMtFqeXI2wp/f5DBIdfux8gnQ= github.com/CycloneDX/cyclonedx-go v0.7.2/go.mod h1:K2bA+324+Og0X84fA8HhN2X066K7Bxz4rpMQ4ZhjtSk= github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk= @@ -46,14 +6,6 @@ github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oM github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= github.com/briandowns/spinner v1.23.0 h1:alDF2guRWqa/FOZZYWjlMIx2L6H0wyewPxo/CH4Pt2A= github.com/briandowns/spinner v1.23.0/go.mod h1:rPG4gmXeN3wQV/TsAY4w8lPdIM6RX3yqeBQJSrbXjuE= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -61,93 +13,22 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/devops-kung-fu/common v0.2.6 h1:HNL9suXELXHiSg7Ze0VinNkbngrBjovKYWPOckuarKc= github.com/devops-kung-fu/common v0.2.6/go.mod h1:ZLp6W5ewDWxmx45KF/Oj3IfJ3EhRALBkcfqLQnz23OU= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/gomarkdown/markdown v0.0.0-20231115200524-a660076da3fd h1:PppHBegd3uPZ3Y/Iax/2mlCFJm1w4Qf/zP1MdW4ju2o= github.com/gomarkdown/markdown v0.0.0-20231115200524-a660076da3fd/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gookit/color v1.5.4 h1:FZmqs7XOyGgCAxmWyPslpiok1k05wmY3SJTytgvYFs0= github.com/gookit/color v1.5.4/go.mod h1:pZJOeOS8DM43rXbp4AZo1n9zCU2qjpcRko0b6/QJi9w= github.com/gorilla/css v1.0.1 h1:ntNaBIghp6JmvWnxbZKANoLyuXTPZ4cAMlo6RyhlbO8= github.com/gorilla/css v1.0.1/go.mod h1:BvnYkspnSzMmwRK+b8/xgNPLiIuNZr6vbZBTPQ2A3b0= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc= github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg= github.com/jedib0t/go-pretty/v6 v6.4.9 h1:vZ6bjGg2eBSrJn365qlxGcaWu09Id+LHtrfDWlB2Usc= github.com/jedib0t/go-pretty/v6 v6.4.9/go.mod h1:Ndk3ase2CkQbXLLNf5QDHoYb6J9WtVfmHZu9n8rk2xs= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/kirinlabs/HttpRequest v1.1.1 h1:eBbFzpRd/Y7vQhRY30frHK3yAJiT1wDlB31Ryzyklc0= github.com/kirinlabs/HttpRequest v1.1.1/go.mod h1:XV38fA4rXZox83tlEV9KIQ7Cdsut319x6NGzVLuRlB8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= @@ -171,24 +52,18 @@ github.com/microcosm-cc/bluemonday v1.0.26/go.mod h1:JyzOCs9gkyQyjs+6h10UEVSe02C github.com/package-url/packageurl-go v0.1.2 h1:0H2DQt6DHd/NeRlVwW4EZ4oEI6Bn40XlNPRqegcxuo4= github.com/package-url/packageurl-go v0.1.2/go.mod h1:uQd4a7Rh3ZsVg5j0lNyAfyxIeGde9yrlhjF78GzeW0c= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/profile v1.6.0/go.mod h1:qBsxPvzyUincmltOk6iyRVxHYg4adc0OFOv72ZdLa18= -github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/remeh/sizedwaitgroup v1.0.0 h1:VNGGFwNo/R5+MJBf6yrsr110p0m4/OX4S3DCy7Kyl5E= github.com/remeh/sizedwaitgroup v1.0.0/go.mod h1:3j2R4OIe/SeS6YDhICBy22RWjJC5eNCJ1V+9+NVNYlo= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8= github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/spf13/afero v1.10.0 h1:EaGW2JJh15aKOejeuJ+wpFSHnbd7GE6Wvp3TsNhb6LY= -github.com/spf13/afero v1.10.0/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= @@ -197,9 +72,6 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.4/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= @@ -214,328 +86,24 @@ github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no= github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= -golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20230202163644-54bba9f4231b h1:EqBVA+nNsObCwQoBEHy4wLU0pi7i8a4AL3pbItPdPkE= golang.org/x/exp v0.0.0-20230202163644-54bba9f4231b/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg= -golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= -golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8= -golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= -google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= -google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/lib/loader.go b/lib/loader.go index a9a8d1b..3028472 100644 --- a/lib/loader.go +++ b/lib/loader.go @@ -29,7 +29,10 @@ type Loader struct { // Load retrieves a slice of Purls from various types of SBOMs func (l *Loader) Load(args []string) (scanned []models.ScannedFile, purls []string, licenses []string, err error) { for _, arg := range args { - isDir, _ := l.Afs.IsDir(arg) + isDir, err := l.Afs.IsDir(arg) + if err != nil && arg != "-" { + return scanned, purls, licenses, err + } if isDir { s, values, lic, err := l.loadFolderPurls(arg) if err != nil { @@ -39,7 +42,7 @@ func (l *Loader) Load(args []string) (scanned []models.ScannedFile, purls []stri purls = append(purls, values...) licenses = append(licenses, lic...) } else { - scanned, purls, licenses, err = l.loadFilePurls(arg) + scanned, purls, licenses, _ = l.loadFilePurls(arg) } purls = slices.RemoveDuplicates(purls) licenses = slices.RemoveDuplicates(licenses) diff --git a/lib/scanner_test.go b/lib/scanner_test.go index 1fb6285..93fb471 100644 --- a/lib/scanner_test.go +++ b/lib/scanner_test.go @@ -88,6 +88,15 @@ func TestScanner_Scan(t *testing.T) { assert.NotNil(t, output) } +func TestScanner_Scan_BadFileName(t *testing.T) { + scanner := Scanner{ + ExitCode: false, + Afs: &afero.Afero{Fs: afero.NewMemMapFs()}, + } + _, err := scanner.Scan([]string{"test**.json"}) + assert.Error(t, err) +} + func TestScanner_exitWithCodeIfRequired(t *testing.T) { scanner := Scanner{ ExitCode: false, From 9d86bb12b047e00ea89724fe2a37f5b1880d3c43 Mon Sep 17 00:00:00 2001 From: DJ Schleen Date: Tue, 5 Dec 2023 15:20:30 -0700 Subject: [PATCH 20/20] More test cases --- .vscode/settings.json | 3 +++ lib/enrichment/epss_test.go | 15 +++++++++++++++ renderers/html/html.go | 10 ++-------- renderers/rendererfactory_test.go | 3 ++- 4 files changed, 22 insertions(+), 9 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index 787731b..9378eb2 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -14,9 +14,12 @@ "Distro", "DKFM", "dpkg", + "DXJSON", + "DXXML", "Encricher", "Epss", "errcheck", + "exitcode", "gofmt", "gomod", "gookit", diff --git a/lib/enrichment/epss_test.go b/lib/enrichment/epss_test.go index c174d9b..852ea50 100644 --- a/lib/enrichment/epss_test.go +++ b/lib/enrichment/epss_test.go @@ -3,6 +3,7 @@ package enrichment import ( "testing" + "github.com/jarcoal/httpmock" "github.com/stretchr/testify/assert" "github.com/devops-kung-fu/bomber/models" @@ -32,3 +33,17 @@ func TestEnrich(t *testing.T) { assert.Equal(t, enriched[0].Epss.Cve, "CVE-2021-43138") } + +func TestEnrich_Error(t *testing.T) { + + httpmock.Activate() + defer httpmock.DeactivateAndReset() + + httpmock.RegisterResponder("GET", "https://api.first.org/data/v1/epss", + httpmock.NewBytesResponder(404, []byte{})) + + cves := []string{"CVE-2021-43138", "CVE-2020-15084", "CVE-2020-28282", "sonatype-2020-1214"} + _, err := fetchEpssData(cves) + assert.Error(t, err) + assert.Contains(t, err.Error(), "EPSS API request failed with status code") +} diff --git a/renderers/html/html.go b/renderers/html/html.go index 49de68b..c0360b2 100644 --- a/renderers/html/html.go +++ b/renderers/html/html.go @@ -36,9 +36,7 @@ func (Renderer) Render(results models.Results) error { util.PrintInfo("Writing filename:", filename) err := writeTemplate(afs, filename, results) - if err != nil { - log.Println(err) - } + return err } @@ -75,12 +73,8 @@ func writeTemplate(afs *afero.Afero, filename string, results models.Results) er } err = afs.Fs.Chmod(filename, 0777) - if err != nil { - log.Println(err) - return err - } - return nil + return err } // processPercentiles calculates and updates the percentile values for diff --git a/renderers/rendererfactory_test.go b/renderers/rendererfactory_test.go index 16b2477..89284ef 100644 --- a/renderers/rendererfactory_test.go +++ b/renderers/rendererfactory_test.go @@ -10,7 +10,7 @@ import ( "github.com/devops-kung-fu/bomber/renderers/stdout" ) -func TestNewProvider(t *testing.T) { +func TestNewRenderer(t *testing.T) { renderer, err := NewRenderer("stdout") assert.NoError(t, err) assert.IsType(t, stdout.Renderer{}, renderer) @@ -20,6 +20,7 @@ func TestNewProvider(t *testing.T) { assert.IsType(t, json.Renderer{}, renderer) renderer, err = NewRenderer("html") + assert.NoError(t, err) assert.IsType(t, html.Renderer{}, renderer)