Security transparency
SupaPM Extension SBOM
Last updated: 1 May 2026
We publish a Software Bill of Materials for the SupaPM browser extension so security, IT, and compliance teams can review the open source packages used by the extension before approving it.
Download the machine-readable SBOM
The current extension SBOM is available as CycloneDX 1.6 JSON and can be imported into common software composition analysis and vendor review tools.
What is included
The SBOM is generated from the extension npm lockfile and lists the runtime dependency tree for the SupaPM browser extension. Development-only packages are omitted from the published file so the artifact stays focused on dependencies relevant to the shipped extension.
How to use it
- Import the CycloneDX JSON file into your software composition analysis tooling.
- Review package names, versions, licences, package URLs, and dependency relationships.
- Compare future versions to understand supply chain changes between extension releases.
Important notes
An SBOM is a transparency artifact, not a security certification. It helps reviewers understand the extension supply chain, but it does not replace vulnerability scanning, source review, browser permission review, or your organisation's own vendor assessment.
If your team needs additional security or compliance information, contact us at hello@supapm.com.