sunrise-api.bundle
pkg:npm/sunrise-api@4.8.2 · sha256:a7c5f2
VERIFIED
06:08 · dawn inventory · SPDXRef-Package
What is inside today’s software?
A warm inspection lens for software bills of materials: package ingredients, origins, licenses, hashes, and handoffs unfolding through one luminous day.
08:42 · ingredient reveal
Ingredient labels drift into alignment.
Instead of a compliance spreadsheet, every component becomes a translucent wrapper: readable, inspectable, and gentle enough to invite curiosity.
reactive-mapCycloneDX · lib · Apache-2.01.12.0
frost-parserSPDX · source · BSD-30.9.6
orbit-authpurl · service · MIT3.4.1
lemon-cachehash · package · MPL-2.02.0.5
core-imagecontainer · sha256:91ff0c
11:17 · dependency drift
Friendly satellites show what changed while you blinked.
Version chips rotate and settle as the dependency thread snakes through transitive layers, showing lineage without turning the morning into an incident.
14:03 · vulnerability weather
No red panic wall. Just weather you can read.
Tiny glyphs mark uncertainty, verification, and unknown fog so teams can discuss risk in daylight.
╱╱drizzlereview needed · CVE lens
✦sunburstverified patch · fixed
≈violet fogunknown transitives
build
sign
ship
trust
16:29 · trust handoff
Provenance ribbons bend from origin to operator.
Maintainers, build systems, signatures, and recipients stay connected by one glowing supply-chain lineage.
18:55 · archivedsbom-2026-05-09.cdx.json
licenseApache-2.0
hashsha256:7c5c...
handoffattested
dusk archive
Now every ingredient can be seen, shared, and remembered.
sbom.day turns the software bill of materials into a calm daily ritual: inspect, understand, hand off, archive.