{ "bomFormat": "CycloneDX", "specVersion": "1.5", "serialNumber": "urn:uuid:00000000-0000-4000-8000-000000000101", "version": 1, "metadata": { "timestamp": "2026-05-26T00:00:00Z", "component": { "type": "application", "name": "oss-report-lp-sample-app", "version": "1.0.0" }, "properties": [ { "name": "sample:purpose", "value": "Landing page sample input for the free OSS vulnerability report." }, { "name": "sample:warning", "value": "Contains intentionally outdated public packages, private-like package names, internal references, and one incomplete component." }, { "name": "sample:raw-file-policy", "value": "The LP processor extracts only sanitized dependency signals before submission." }, { "name": "sample:known-advisory-examples", "value": "lodash@4.17.20 GHSA-35jh-r3h4-6jhm; minimist@0.0.8 GHSA-vh95-rmgr-6w4m and GHSA-xvch-5gv4-984h; serialize-javascript@2.1.1 GHSA-hxcc-f52p-wc94; axios@0.21.0 GHSA-4w2v-q235-vp99." } ] }, "components": [ { "type": "library", "name": "lodash", "version": "4.17.20", "scope": "required", "purl": "pkg:npm/lodash@4.17.20", "hashes": [ { "alg": "SHA-512", "content": "sample-hash-lodash-should-not-be-submitted" } ], "externalReferences": [ { "type": "distribution", "url": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz" } ] }, { "type": "library", "name": "minimist", "version": "0.0.8", "scope": "required", "purl": "pkg:npm/minimist@0.0.8", "externalReferences": [ { "type": "distribution", "url": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz" } ] }, { "type": "library", "name": "serialize-javascript", "version": "2.1.1", "scope": "required", "purl": "pkg:npm/serialize-javascript@2.1.1", "externalReferences": [ { "type": "distribution", "url": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-2.1.1.tgz" } ] }, { "type": "library", "name": "axios", "version": "0.21.0", "scope": "required", "purl": "pkg:npm/axios@0.21.0", "externalReferences": [ { "type": "distribution", "url": "https://registry.npmjs.org/axios/-/axios-0.21.0.tgz" } ] }, { "type": "library", "name": "react", "version": "18.2.0", "scope": "required", "purl": "pkg:npm/react@18.2.0", "externalReferences": [ { "type": "distribution", "url": "https://registry.npmjs.org/react/-/react-18.2.0.tgz" } ] }, { "type": "library", "name": "zod", "version": "3.23.8", "scope": "optional", "purl": "pkg:npm/zod@3.23.8", "externalReferences": [ { "type": "distribution", "url": "https://registry.npmjs.org/zod/-/zod-3.23.8.tgz" } ] }, { "type": "library", "group": "@company", "name": "internal-auth-client", "version": "2.4.0", "scope": "required", "purl": "pkg:npm/%40company/internal-auth-client@2.4.0", "externalReferences": [ { "type": "distribution", "url": "https://npm.pkg.example.internal/@company/internal-auth-client/-/internal-auth-client-2.4.0.tgz" } ] }, { "type": "library", "group": "@private", "name": "checkout-widget", "version": "0.9.5", "scope": "required", "purl": "pkg:npm/%40private/checkout-widget@0.9.5", "externalReferences": [ { "type": "vcs", "url": "git+https://github.com/example/checkout-widget.git" } ] }, { "type": "library", "name": "sample-internal-local-plugin", "version": "0.1.0", "scope": "optional", "purl": "pkg:npm/sample-internal-local-plugin@0.1.0", "externalReferences": [ { "type": "other", "url": "file:../packages/sample-internal-local-plugin" } ] }, { "type": "library", "name": "left-pad", "scope": "required", "purl": "pkg:npm/left-pad" }, { "type": "container", "name": "sample-sidecar-image", "version": "2026.05.26" } ], "dependencies": [ { "ref": "pkg:npm/lodash@4.17.20" }, { "ref": "pkg:npm/minimist@0.0.8" }, { "ref": "pkg:npm/serialize-javascript@2.1.1" }, { "ref": "pkg:npm/axios@0.21.0" }, { "ref": "pkg:npm/react@18.2.0" }, { "ref": "pkg:npm/zod@3.23.8" }, { "ref": "pkg:npm/%40company/internal-auth-client@2.4.0" }, { "ref": "pkg:npm/%40private/checkout-widget@0.9.5" }, { "ref": "pkg:npm/sample-internal-local-plugin@0.1.0" } ] }