CRA Compliance
Software Bill of Materials
Complete inventory of software components used in AntiMatter AV, provided in compliance with the EU Cyber Resilience Act (CRA) requirements.
CycloneDX
1.4
Download
JSON →
Product: AntiMatter
AV
Version: 1.0.0
Publisher: AntiMatterAV
End of Support: February 2031
Server Components (Node.js)
| Package | Version | Scope | Purpose | License |
|---|---|---|---|---|
| express | 4.x | required | HTTP web framework | MIT |
| pg | 8.x | required | PostgreSQL database client | MIT |
| bcryptjs | 2.x | required | Password hashing (bcrypt) | MIT |
| jsonwebtoken | 9.x | required | JWT authentication tokens | MIT |
| uuid | 9.x | required | Unique ID generation (license keys) | MIT |
| cors | 2.x | required | Cross-origin resource sharing | MIT |
| dotenv | 16.x | required | Environment variable management | BSD-2 |
| typescript | 5.x | dev | Type-safe JavaScript compiler | Apache-2.0 |
Windows Components (Rust / Tauri)
| Crate | Version | Scope | Purpose | License |
|---|---|---|---|---|
| tauri | 2.x | required | Desktop application framework | Apache-2.0/MIT |
| sha2 | 0.10.x | required | SHA-256 hash computation | Apache-2.0/MIT |
| walkdir | 2.x | required | Recursive directory traversal | MIT/Unlicense |
| notify | 6.x | required | File system event watcher (EDR) | CC0-1.0/Artistic-2.0 |
| reqwest | 0.12.x | required | HTTP client for API communication | Apache-2.0/MIT |
| sysinfo | 0.30.x | required | System information & disk enumeration | MIT |
| serde | 1.x | required | Serialization/deserialization | Apache-2.0/MIT |
| hex | 0.4.x | required | Hex encoding for hash values | Apache-2.0/MIT |
Windows Frontend (React / Vite)
| Package | Version | Scope | Purpose | License |
|---|---|---|---|---|
| react | 19.x | required | UI component library | MIT |
| react-dom | 19.x | required | React DOM rendering | MIT |
| framer-motion | 12.x | required | UI animations | MIT |
| vite | 7.x | dev | Frontend build tool | MIT |
Android Components (Kotlin)
| Library | Version | Scope | Purpose | License |
|---|---|---|---|---|
| Android SDK | API 36 | required | Core Android platform | Apache-2.0 |
| androidx.core:core-ktx | 1.15.0 | required | Kotlin extensions for Android | Apache-2.0 |
| androidx.appcompat | 1.7.0 | required | Backward-compatible UI | Apache-2.0 |
| material | 1.13.0 | required | Material Design components | Apache-2.0 |
| constraintlayout | 2.2.1 | required | Flexible UI layouts | Apache-2.0 |
| osmdroid | 6.1.18 | optional | OpenStreetMap for device tracking | Apache-2.0 |
Infrastructure
| Component | Version | Purpose | License |
|---|---|---|---|
| Node.js | 20.x LTS | Server runtime | MIT |
| PostgreSQL | 15.x | Relational database | PostgreSQL License |
| Nginx | 1.20.x | Reverse proxy & static file server | BSD-2 |
| PM2 | 5.x | Process manager | AGPL-3.0 |
| Let's Encrypt | - | TLS certificate issuer | ISRG CPS |
Machine-Readable SBOM
The full SBOM is available in CycloneDX JSON format via our API:
This endpoint returns a CycloneDX 1.4 compliant JSON document listing all components, versions, and package URLs (purl). Updated with each release.