So the lockfile is a superset, but never a subset? So it basically is an SBOM th... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		sunnyday_002 33 days ago \| parent \| context \| favorite \| on: Could lockfiles just be SBOMs? So the lockfile is a superset, but never a subset? So it basically is an SBOM then but just sometimes has extra dependencies?

matharmin 33 days ago [–]

Superset of dependencies, but often a subset of info per depedency.

sunnyday_002 33 days ago | [–]

Ah okay! I know Rust has the transitive dependencies did not think/realise all languages might not, good point!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact