Episode I · The Software Ecosystem

sbom.wiki

A nature documentary of software dependencies — observed with the patience of a naturalist.

Observe below ↓

02

Knowledge Cells

Each hexagon a species in the SBOM ecosystem — cataloged, observed, and tagged with provenance.

Library

lodash

v4.17.21 · MIT

A flowering perennial of the JavaScript understory. Provides utility blossoms for data manipulation; pollinated by tens of thousands of downstream packages.

npm:lodash@4.17.21

Framework

react

v18.2.0 · MIT

A canopy tree of the modern web forest. Grows declarative limbs; shelters component undergrowth and supports rich biomes of state, effect, and ref.

npm:react@18.2.0

Runtime

node

v20.11.1 · MIT

A root system threading the soil of the operating system. Distributes nutrients (I/O, networking, processes) to the visible flora above.

runtime:node@20.11.1

Tool

esbuild

v0.20.1 · MIT

A fruit-bearing branch in the build orchard. Compiles, bundles, and ripens source into shipped artifacts within milliseconds.

npm:esbuild@0.20.1

Library

zod

v3.22.4 · MIT

A schema-flowering shrub. Validates the chemistry of data at the boundary of every system; its blossoms guard the integrity of the ecosystem.

npm:zod@3.22.4

Framework

next

v14.1.4 · MIT

A long-trunked conifer of the React forest. Manages light (rendering), water (data), and seed dispersal (routing) for production-grade growth.

npm:next@14.1.4

Runtime

deno

v1.41.3 · MIT

A second root system in the same forest. Drinks the same TypeScript dew as its sibling but filters its nutrients through a permission membrane.

runtime:deno@1.41.3

Tool

vitest

v1.4.0 · MIT

An orchard inspector. Walks each row, tasting outcomes, flagging blight before it spreads through the dependency canopy.

npm:vitest@1.4.0

Library

openssl

v3.2.1 · Apache-2.0

A trefoil of cryptographic blooms. Three petals: encryption, signing, key-exchange. Pollinates nearly every secure connection on the internet.

native:openssl@3.2.1

03

The Canopy

A wide shot of the full dependency biome — flowers above, stems through, roots below; thorns where vulnerabilities have grown.

Flowers (libraries) Stems (direct deps) Roots (transitive deps) Thorns (advisories)

Filmed in the long take of npm install, this biome contains 1,284 species — 17 direct, 1,267 transitive. Two thorns observed; both treatable. The forest breathes on a 28-day cycle.