2 Normative references

The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.

Apache Maven, Apache Software Foundation, https://maven.apache.org/

Bower API, https://bower.io/docs/api/#install

Common Platform Enumeration (CPE) – Specification, The MITRE Corporation, https://cpe.mitre.org/files/cpe-specification_2.2.pdf

NISTIR 7695, Common Platform Enumeration: Naming Specification Version 2.3, NIST, https://csrc.nist.gov/publications/detail/nistir/7695/final

npm-package.json, npm Inc., https://docs.npmjs.com/files/package.json

NuGet documentation, Microsoft, https://docs.microsoft.com/en-us/nuget/

POSIX.1-2017 The Open Group Base Specifications Issue 7, 2018 edition, IEEE/Open Group, https://pubs.opengroup.org/onlinepubs/9699919799/

purl (package URL), https://github.com/package-url/purl-spec

Resource Description Framework (RDF), 2014-02-25, W3C, http://www.w3.org/standards/techs/rdf

RFC-1321, The MD5 Message-Digest Algorithm, The Internet Society Network Working Group, https://tools.ietf.org/html/rfc1321

RFC-3174, US Secure Hash Algorithm 1 (SHA1), The Internet Society Network Working Group, https://tools.ietf.org/html/rfc3174

RFC-3986, Uniform Resource Identifier (URI): Generic Syntax, The Internet Society Network Working Group, https://tools.ietf.org/html/rfc3986

RFC-5234, Augmented BNF for Syntax Specifications: ABNF, The Internet Society Network Working Group, https://tools.ietf.org/html/rfc5234

RFC-6234, US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF), The Internet Society Network Working Group, https://tools.ietf.org/html/rfc6234

SoftWare Heritage persistent IDentifiers (SWHIDs), https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html

SPDX and RDF Ontology, http://spdx.org/rdf/ontology/spdx-2-2

SPDX License list, Linux Foundation, https://spdx.org/licenses/

SPDX License Exceptions list, Linux Foundation, https://spdx.org/licenses/exceptions-index.html