Source-backed software supply chains

The dependency atlas for public-sector AI code

See which exact package versions support AI code published by German public administration—and where concentration, license evidence, release age and OSV records can actually be assessed.

lockfiles and SBOMsexact versions onlydeps.dev and OSVno generative AI
Data state 19 July 2026Observed since 18 July 202630 repositories in the exact cohort
The assessment boundary

A matched advisory is not proof of exploitability.

The atlas sends only observed, resolved package versions to OSV. A match does not prove reachability or productive use; no returned advisory does not mean that a package is safe.

resolved package@version only
Exact supply-chain snapshot

What supports the published public-sector AI stack?

The cohort begins with repositories that already contain exact AI code evidence. Lockfiles, SBOMs and exact pins reveal package identities without replacing ranges with guessed versions.

29repositories with resolved evidence
4,205exact package versions assessed
572current OSV records

From AI code evidence to an assessable version

Each stage keeps its own denominator. An absent lockfile in an incomplete tree remains not assessable—not zero.

  1. 0130

    Code Radar cohort

  2. 0220

    with a lockfile or SBOM

  3. 0320

    with resolved components

  4. 044,205

    exact versions sent to OSV

Most widely observed AI packages

Repository presence within the exact 30-repository cohort. This is not market share.

  1. OpenAI SDK18
  2. scikit-learn13
  3. tiktoken12
  4. PyTorch10
  5. Hugging Face Tokenizers9
  6. Transformers8
  7. LangChain6
  8. LangGraph6
  9. LangChain Core5
  10. LangChain OpenAI5

Provider-interface families in published code

An interface package can enable a provider; it does not prove an account, configuration, procurement or API call.

  1. OpenAI3 packages
    6
  2. Ollama2 packages
    3
  3. Hugging Face1 package
    1

Reported license expressions

Expressions are copied from package metadata. No compatibility or legal conclusion is inferred.

  1. MIT2,028
  2. non-standard197
  3. Apache-2.0225
  4. BSD-3-Clause126
  5. ISC131
  6. BSD-2-Clause47
  7. PSF-2.03
  8. Apache-2.0 AND MIT12
Sources and citation

Designed for reproducible, time-stamped claims

Each result retains the public repository, immutable commit and evidence file. Package metadata and OSV responses are recorded separately, with their own collection time and interpretation boundary.

i6eal (2026): German public-sector AI Dependency Atlas — 30 repositories, 4,205 exact npm/PyPI package versions assessed and 572 OSV records returned, data state 19 July 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/

Clearly explained

Does an OSV record prove that a repository is vulnerable?
No. It shows that OSV matched a public advisory to an exact observed package version at collection time. Reachability, exploitability, deployment and mitigating controls are not established.
What does no returned OSV record mean?
Only that the OSV API returned no matching public record for the submitted exact version at that time. It is not a statement that the package is safe.
How are version ranges handled?
They are never resolved by assumption. A version is assessed only when a lockfile, SBOM or exact double-equals pin publishes it. The collector never substitutes the newest release.
Do the license fields measure portability?
No. The atlas reports SPDX expressions supplied by package metadata and missing coverage. It does not infer compatibility, obligations, migration effort or legal conclusions.
Does a provider SDK prove provider use?
No. A direct interface package is a code-level exposure signal only. It does not prove configuration, an account, procurement, data transfer or an API call.
Does the collector use generative AI?
No. File discovery, parsing, package normalization, provider rules and publishing are deterministic and bounded.

Need a verifiable software supply-chain dataset for your field?

We build public-interest intelligence products with exact identities, explicit missing states and source paths that remain inspectable.

Discuss a data projectExplore the AI Code Radar