CRA Compliance
Software Bill of Materials
Complete inventory of software components used in Welcome to AntiMatter, provided in compliance with the EU Cyber Resilience Act (CRA) requirements.
CycloneDX
1.4
Download
JSON →
Product: AntiMatter
AV
Version: 1.0.0
Publisher: AntiMatterAV
End of Support: February 2031
Server Components (Node.js)
| Package | Version | Scope | Purpose | License |
|---|---|---|---|---|
| express | 4.x | required | HTTP web framework | MIT |
| pg | 8.x | required | PostgreSQL database client | MIT |
| bcryptjs | 2.x | required | Password hashing (bcrypt) | MIT |
| jsonwebtoken | 9.x | required | JWT authentication tokens | MIT |
| uuid | 9.x | required | Unique ID generation (license keys) | MIT |
| cors | 2.x | required | Cross-origin resource sharing | MIT |
| dotenv | 16.x | required | Environment variable management | BSD-2 |
| typescript | 5.x | dev | Type-safe JavaScript compiler | Apache-2.0 |
Windows Components (Rust / Tauri)
| Crate | Version | Scope | Purpose | License |
|---|---|---|---|---|
| tauri | 2.x | required | Desktop application framework | Apache-2.0/MIT |
| sha2 | 0.10.x | required | SHA-256 hash computation | Apache-2.0/MIT |
| walkdir | 2.x | required | Recursive directory traversal | MIT/Unlicense |
| notify | 6.x | required | File system event watcher (EDR) | CC0-1.0/Artistic-2.0 |
| reqwest | 0.12.x | required | HTTP client for API communication | Apache-2.0/MIT |
| sysinfo | 0.30.x | required | System information & disk enumeration | MIT |
| serde | 1.x | required | Serialization/deserialization | Apache-2.0/MIT |
| hex | 0.4.x | required | Hex encoding for hash values | Apache-2.0/MIT |
Windows Frontend (React / Vite)
| Package | Version | Scope | Purpose | License |
|---|---|---|---|---|
| react | 19.x | required | UI component library | MIT |
| react-dom | 19.x | required | React DOM rendering | MIT |
| framer-motion | 12.x | required | UI animations | MIT |
| vite | 7.x | dev | Frontend build tool | MIT |
Android Components (Kotlin)
| Library | Version | Scope | Purpose | License |
|---|---|---|---|---|
| Android SDK | API 36 | required | Core Android platform | Apache-2.0 |
| androidx.core:core-ktx | 1.15.0 | required | Kotlin extensions for Android | Apache-2.0 |
| androidx.appcompat | 1.7.0 | required | Backward-compatible UI | Apache-2.0 |
| material | 1.13.0 | required | Material Design components | Apache-2.0 |
| constraintlayout | 2.2.1 | required | Flexible UI layouts | Apache-2.0 |
| osmdroid | 6.1.18 | optional | OpenStreetMap for device tracking | Apache-2.0 |
Infrastructure
| Component | Version | Purpose | License |
|---|---|---|---|
| Node.js | 20.x LTS | Server runtime | MIT |
| PostgreSQL | 15.x | Relational database | PostgreSQL License |
| Nginx | 1.20.x | Reverse proxy & static file server | BSD-2 |
| PM2 | 5.x | Process manager | AGPL-3.0 |
| Let's Encrypt | - | TLS certificate issuer | ISRG CPS |
Machine-Readable SBOM
The full SBOM is available in CycloneDX JSON format via our API:
This endpoint returns a CycloneDX 1.4 compliant JSON document listing all components, versions, and package URLs (purl). Updated with each release.