|
|
|
|
|
|
by lucideer
1160 days ago
|
|
|
> Some executables distributed on npm do provide lockfiles but those aren't SBOMs Not entirely sure what this sentence means (some executables?), NPM generates lockfiles and, while lockfiles are not SPDX/CycloneDX equivalent, the overlap in intent and content is strong. SBOM makes just as much sense at this level as the existing lockfile generation mechanism. |
|
|