[{"data":1,"prerenderedAt":152},["ShallowReactive",2],{"NoscriptNav_XrRK2e2e8meJ0jKVGkb5ULGQDVi3UiFQ9nupAr7Yns":3,"\u002Freports\u002Fpackage-manager-manifest-examples":8},["Island",4],{"key":5,"result":6},"NoscriptNav_XrRK2e2e8meJ0jKVGkb5ULGQDVi3UiFQ9nupAr7Yns",{"head":7},{},{"id":9,"title":10,"authors":11,"body":13,"canonicalUrl":94,"canonicalWebsiteName":140,"category":141,"date":142,"description":19,"extension":143,"featured":144,"fullWidthLayout":144,"image":145,"imageAlt":145,"location":145,"meta":146,"metaImage":145,"navigation":147,"path":148,"seo":149,"stem":150,"venue":145,"venueUrl":145,"__hash__":151},"reports\u002Freports\u002Fpackage-manager-manifest-examples.md","Package Manager Manifest Examples",[12],"andrew",{"type":14,"value":15,"toc":135},"minimark",[16,20,72,83,97,102,111,114,117,132],[17,18,19],"p",{},"Over 145 manifest and lockfile examples from 34 package ecosystems, organized by PURL type.",[17,21,22,23,27,28,27,31,27,34,27,37,27,40,27,43,27,46,49,50,27,53,27,56,27,59,27,62,27,65,27,68,71],{},"Manifests include ",[24,25,26],"code",{},"package.json",", ",[24,29,30],{},"requirements.txt",[24,32,33],{},"pyproject.toml",[24,35,36],{},"Cargo.toml",[24,38,39],{},"Gemfile",[24,41,42],{},"composer.json",[24,44,45],{},"go.mod",[24,47,48],{},"pom.xml",", and more. Lockfiles include ",[24,51,52],{},"package-lock.json",[24,54,55],{},"yarn.lock",[24,57,58],{},"poetry.lock",[24,60,61],{},"Cargo.lock",[24,63,64],{},"Gemfile.lock",[24,66,67],{},"composer.lock",[24,69,70],{},"go.sum",", and others.",[17,73,74,75,82],{},"Initially extracted from ",[76,77,81],"a",{"href":78,"rel":79},"https:\u002F\u002Fgithub.com\u002Fecosyste-ms\u002Fbibliothecary",[80],"nofollow","Bibliothecary",", with additional examples from tools like Trivy, Syft, OSV-Scanner, and Grype. Each example documents its filename, type (manifest\u002Flockfile), source project, and what features it demonstrates.",[84,85,88,89],"div",{"className":86},[87],"page-items","\n    ",[76,90,96],{"className":91,"href":94,"target":95},[92,93],"button","button--arrow","https:\u002F\u002Fgithub.com\u002Fecosyste-ms\u002Fpackage-manager-manifest-examples","_blank","\n        Go to data\n    ",[98,99,101],"h2",{"id":100},"background","Background",[17,103,104,105,110],{},"This work was originally posted on ",[76,106,109],{"href":107,"rel":108},"https:\u002F\u002Fblog.ecosyste.ms\u002F2025\u002F11\u002F17\u002Fdocumenting-package-manager-data.html",[80],"blog.ecosyste.ms"," on November 17, 2025.",[17,112,113],{},"Package managers are the quiet workhorses of computing. They make installing software on a machine trivial, but they have their differences, and as recent events have shown, those differences can lead to vulnerabilities and provide opportunities for attackers to disrupt public and private services alike.",[17,115,116],{},"ecosyste.ms is in something of a unique position: having aggregated and normalized package data from over 70 sources we know something about how package managers work, and how they differ from one another.",[17,118,119,120,125,126,131],{},"Working alongside the ",[76,121,124],{"href":122,"rel":123},"https:\u002F\u002Fgithub.com\u002Fchaoss\u002Fwg-package-metadata",[80],"CHAOSS Package Metadata Working Group"," and ",[76,127,130],{"href":128,"rel":129},"https:\u002F\u002Falpha-omega.dev",[80],"Alpha-Omega"," we've documented the similarities and differences across package registries and clients, publishing multiple repositories of information about how package managers work, including the data in this post. In doing so we hope to identify common problems and work toward better practices.",[17,133,134],{},"This repository is released under CC0 1.0 Universal and accepts contributions if you have corrections or additions.",{"title":136,"searchDepth":137,"depth":137,"links":138},"",2,[139],{"id":100,"depth":137,"text":101},"GitHub","package-management","2025-11-30","md",false,null,{},true,"\u002Freports\u002Fpackage-manager-manifest-examples",{"title":10,"description":19},"reports\u002Fpackage-manager-manifest-examples","WDKpFxgVU9ZBABioCFNrQlMQdI68pkLumsR4bAijaGs",1780596103333]