← Back to the AI Dependency AtlasExact repository supply-chain dossier

SmartPlanAI Anwendung

sh/digitalhub-sh/landesprogramm-offene-innovationen/ki-bauleitplaene/smartplanai-anwendung
npm · pypi

This dossier retains 318 exact component occurrences from 3 published evidence files at one immutable repository commit.

opencode:101621d70807d48a8project ID + commit SHA + exact evidence path

Published dependency evidence does not prove deployment, productive use, procurement or runtime reachability.

project ID + commit SHA + exact evidence path
318exact component occurrences
266package identities
3evidence files
80OSV records returned
Exact published evidence

Files that resolve this repository’s dependencies

Every file remains tied to the observed commit. A parse error stays visible and never becomes a zero.

Evidence pathblp_streamlit_pipeline/src/ext/streamlit-draw-image-mask/draw_image_mask/draw_image_mask/frontend/package-lock.jsonsha256:d6cf494bd944eff796a59b32b36c8214816e3be6639d5c2ea67893310aa39322
Format
npm-lock
Parser state
parsed
Resolved components
123
Open exact source ↗
Evidence pathblp_streamlit_pipeline/src/ext/streamlit-draw-image-mask/poetry.locksha256:834ae2be07a53839d9a28b3e1f69e45e947515a00364ef07871b6fc47c379933
Format
poetry-lock
Parser state
parsed
Resolved components
78
Open exact source ↗
Evidence pathpoetry.locksha256:aeab690097e8e006cb4680cb53d452b805b943ab2091762607ff4d493cc71549
Format
poetry-lock
Parser state
parsed
Resolved components
117
Open exact source ↗
Observed relations

Package identities at this commit

pypiOpenCVpypi:opencv-python
2 Occurrences4.12.0.88 · 4.13.0.92
Apache-2.0
pypipillowpypi:pillow
2 Occurrences11.3.0 · 12.1.1
HPND · MIT-CMU15 OSV records returned
pypitornadopypi:tornado
2 Occurrences6.5.2 · 6.5.5
Apache-2.010 OSV records returned
pypiurllib3pypi:urllib3
2 Occurrences2.5.0 · 2.6.3
MIT7 OSV records returned
npmvitenpm:vite
1 Occurrence6.3.5
MIT7 OSV records returned
pypigitpythonpypi:gitpython
2 Occurrences3.1.45 · 3.1.46
BSD-3-Clause5 OSV records returned
pypijinja2pypi:jinja2
2 Occurrences3.1.6
BSD-3-Clause · non-standard4 OSV records returned
pypiujsonpypi:ujson
1 Occurrence5.12.0
BSD-3-Clause · BSD-3-Clause AND TCL · TCL4 OSV records returned
pypirequestspypi:requests
2 Occurrences2.32.5 · 2.33.1
Apache-2.03 OSV records returned
pypisetuptoolspypi:setuptools
2 Occurrences80.9.0 · 82.0.1
MIT3 OSV records returned
pypifilelockpypi:filelock
2 Occurrences3.19.1 · 3.25.2
MIT · Unlicense2 OSV records returned
npmpicomatchnpm:picomatch
1 Occurrence4.0.3
MIT2 OSV records returned
pypiprotobufpypi:protobuf
2 Occurrences6.32.0 · 6.33.6
BSD-3-Clause2 OSV records returned
pypistreamlitpypi:streamlit
2 Occurrences1.49.0 · 1.55.0
Apache-2.02 OSV records returned
pypicertifipypi:certifi
2 Occurrences2025.8.3 · 2026.2.25
MPL-2.01 OSV record returned
pypiclickpypi:click
2 Occurrences8.1.8 · 8.3.1
BSD-3-Clause · non-standard1 OSV record returned
pypifonttoolspypi:fonttools
1 Occurrence4.62.1
MIT1 OSV record returned
pypigeopandaspypi:geopandas
1 Occurrence1.1.3
BSD-3-Clause1 OSV record returned
pypih11pypi:h11
1 Occurrence0.16.0
MIT1 OSV record returned
pypiidnapypi:idna
2 Occurrences3.10 · 3.11
BSD-3-Clause · non-standard1 OSV record returned
npmpostcssnpm:postcss
1 Occurrence8.5.6
MIT1 OSV record returned
pypipyarrowpypi:pyarrow
2 Occurrences21.0.0 · 23.0.1
Apache-2.0 · non-standard1 OSV record returned
pypipycryptodomepypi:pycryptodome
1 Occurrence3.23.0
non-standard1 OSV record returned
pypipygmentspypi:pygments
2 Occurrences2.19.2 · 2.20.0
BSD-2-Clause1 OSV record returned
pypipytestpypi:pytest
1 Occurrence8.3.2
MIT1 OSV record returned
npmrollupnpm:rollup
1 Occurrence4.46.1
MIT1 OSV record returned
pypitqdmpypi:tqdm
1 Occurrence4.67.3
MIT AND MPL-2.01 OSV record returned
pypivirtualenvpypi:virtualenv
1 Occurrence20.34.0
MIT1 OSV record returned
npm@esbuild/aix-ppc64npm:@esbuild/aix-ppc64
1 Occurrence0.25.8
MIT
npm@esbuild/android-armnpm:@esbuild/android-arm
1 Occurrence0.25.8
MIT
npm@esbuild/android-arm64npm:@esbuild/android-arm64
1 Occurrence0.25.8
MIT
npm@esbuild/android-x64npm:@esbuild/android-x64
1 Occurrence0.25.8
MIT
npm@esbuild/darwin-arm64npm:@esbuild/darwin-arm64
1 Occurrence0.25.8
MIT
npm@esbuild/darwin-x64npm:@esbuild/darwin-x64
1 Occurrence0.25.8
MIT
npm@esbuild/freebsd-arm64npm:@esbuild/freebsd-arm64
1 Occurrence0.25.8
MIT
npm@esbuild/freebsd-x64npm:@esbuild/freebsd-x64
1 Occurrence0.25.8
MIT
npm@esbuild/linux-armnpm:@esbuild/linux-arm
1 Occurrence0.25.8
MIT
npm@esbuild/linux-arm64npm:@esbuild/linux-arm64
1 Occurrence0.25.8
MIT
npm@esbuild/linux-ia32npm:@esbuild/linux-ia32
1 Occurrence0.25.8
MIT
npm@esbuild/linux-loong64npm:@esbuild/linux-loong64
1 Occurrence0.25.8
MIT
npm@esbuild/linux-mips64elnpm:@esbuild/linux-mips64el
1 Occurrence0.25.8
MIT
npm@esbuild/linux-ppc64npm:@esbuild/linux-ppc64
1 Occurrence0.25.8
MIT
npm@esbuild/linux-riscv64npm:@esbuild/linux-riscv64
1 Occurrence0.25.8
MIT
npm@esbuild/linux-s390xnpm:@esbuild/linux-s390x
1 Occurrence0.25.8
MIT
npm@esbuild/linux-x64npm:@esbuild/linux-x64
1 Occurrence0.25.8
MIT
npm@esbuild/netbsd-arm64npm:@esbuild/netbsd-arm64
1 Occurrence0.25.8
MIT
npm@esbuild/netbsd-x64npm:@esbuild/netbsd-x64
1 Occurrence0.25.8
MIT
npm@esbuild/openbsd-arm64npm:@esbuild/openbsd-arm64
1 Occurrence0.25.8
MIT
npm@esbuild/openbsd-x64npm:@esbuild/openbsd-x64
1 Occurrence0.25.8
MIT
npm@esbuild/openharmony-arm64npm:@esbuild/openharmony-arm64
1 Occurrence0.25.8
MIT
npm@esbuild/sunos-x64npm:@esbuild/sunos-x64
1 Occurrence0.25.8
MIT
npm@esbuild/win32-arm64npm:@esbuild/win32-arm64
1 Occurrence0.25.8
MIT
npm@esbuild/win32-ia32npm:@esbuild/win32-ia32
1 Occurrence0.25.8
MIT
npm@esbuild/win32-x64npm:@esbuild/win32-x64
1 Occurrence0.25.8
MIT
npm@rolldown/pluginutilsnpm:@rolldown/pluginutils
1 Occurrence1.0.0-beta.27
MIT
npm@rollup/rollup-android-arm-eabinpm:@rollup/rollup-android-arm-eabi
1 Occurrence4.46.1
MIT
npm@rollup/rollup-android-arm64npm:@rollup/rollup-android-arm64
1 Occurrence4.46.1
MIT
npm@rollup/rollup-darwin-arm64npm:@rollup/rollup-darwin-arm64
1 Occurrence4.46.1
MIT
npm@rollup/rollup-darwin-x64npm:@rollup/rollup-darwin-x64
1 Occurrence4.46.1
MIT
npm@rollup/rollup-freebsd-arm64npm:@rollup/rollup-freebsd-arm64
1 Occurrence4.46.1
MIT
npm@rollup/rollup-freebsd-x64npm:@rollup/rollup-freebsd-x64
1 Occurrence4.46.1
MIT
npm@rollup/rollup-linux-arm-gnueabihfnpm:@rollup/rollup-linux-arm-gnueabihf
1 Occurrence4.46.1
MIT
npm@rollup/rollup-linux-arm-musleabihfnpm:@rollup/rollup-linux-arm-musleabihf
1 Occurrence4.46.1
MIT
npm@rollup/rollup-linux-arm64-gnunpm:@rollup/rollup-linux-arm64-gnu
1 Occurrence4.46.1
MIT
npm@rollup/rollup-linux-arm64-muslnpm:@rollup/rollup-linux-arm64-musl
1 Occurrence4.46.1
MIT
npm@rollup/rollup-linux-loongarch64-gnunpm:@rollup/rollup-linux-loongarch64-gnu
1 Occurrence4.46.1
MIT
npm@rollup/rollup-linux-ppc64-gnunpm:@rollup/rollup-linux-ppc64-gnu
1 Occurrence4.46.1
MIT
npm@rollup/rollup-linux-riscv64-gnunpm:@rollup/rollup-linux-riscv64-gnu
1 Occurrence4.46.1
MIT
npm@rollup/rollup-linux-riscv64-muslnpm:@rollup/rollup-linux-riscv64-musl
1 Occurrence4.46.1
MIT
npm@rollup/rollup-linux-s390x-gnunpm:@rollup/rollup-linux-s390x-gnu
1 Occurrence4.46.1
MIT
npm@rollup/rollup-linux-x64-gnunpm:@rollup/rollup-linux-x64-gnu
1 Occurrence4.46.1
MIT
npm@rollup/rollup-linux-x64-muslnpm:@rollup/rollup-linux-x64-musl
1 Occurrence4.46.1
MIT
npm@rollup/rollup-win32-arm64-msvcnpm:@rollup/rollup-win32-arm64-msvc
1 Occurrence4.46.1
MIT
npm@rollup/rollup-win32-ia32-msvcnpm:@rollup/rollup-win32-ia32-msvc
1 Occurrence4.46.1
MIT
npm@rollup/rollup-win32-x64-msvcnpm:@rollup/rollup-win32-x64-msvc
1 Occurrence4.46.1
MIT
npm@swc/corenpm:@swc/core
1 Occurrence1.13.3
Apache-2.0
npm@swc/core-darwin-arm64npm:@swc/core-darwin-arm64
1 Occurrence1.13.3
Apache-2.0 AND MIT
npm@swc/core-darwin-x64npm:@swc/core-darwin-x64
1 Occurrence1.13.3
Apache-2.0 AND MIT
npm@swc/core-linux-arm-gnueabihfnpm:@swc/core-linux-arm-gnueabihf
1 Occurrence1.13.3
Apache-2.0
npm@swc/core-linux-arm64-gnunpm:@swc/core-linux-arm64-gnu
1 Occurrence1.13.3
Apache-2.0 AND MIT
npm@swc/core-linux-arm64-muslnpm:@swc/core-linux-arm64-musl
1 Occurrence1.13.3
Apache-2.0 AND MIT
npm@swc/core-linux-x64-gnunpm:@swc/core-linux-x64-gnu
1 Occurrence1.13.3
Apache-2.0 AND MIT
npm@swc/core-linux-x64-muslnpm:@swc/core-linux-x64-musl
1 Occurrence1.13.3
Apache-2.0 AND MIT
npm@swc/core-win32-arm64-msvcnpm:@swc/core-win32-arm64-msvc
1 Occurrence1.13.3
Apache-2.0 AND MIT
npm@swc/core-win32-ia32-msvcnpm:@swc/core-win32-ia32-msvc
1 Occurrence1.13.3
Apache-2.0 AND MIT
npm@swc/core-win32-x64-msvcnpm:@swc/core-win32-x64-msvc
1 Occurrence1.13.3
Apache-2.0 AND MIT
npm@swc/counternpm:@swc/counter
1 Occurrence0.1.3
Apache-2.0
npm@swc/typesnpm:@swc/types
1 Occurrence0.1.23
Apache-2.0
npm@types/command-line-argsnpm:@types/command-line-args
1 Occurrence5.2.0
MIT
npm@types/command-line-usagenpm:@types/command-line-usage
1 Occurrence5.0.2
MIT
npm@types/estreenpm:@types/estree
1 Occurrence1.0.8
MIT
npm@types/flatbuffersnpm:@types/flatbuffers
1 Occurrence2.0.1
MIT
npm@types/nodenpm:@types/node
2 Occurrences18.7.23 · 22.16.5
MIT
npm@types/pad-leftnpm:@types/pad-left
1 Occurrence2.1.1
MIT
npm@types/prop-typesnpm:@types/prop-types
1 Occurrence15.7.15
MIT
npm@types/reactnpm:@types/react
1 Occurrence18.3.23
MIT
npm@types/react-domnpm:@types/react-dom
1 Occurrence18.3.7
MIT
npm@vitejs/plugin-react-swcnpm:@vitejs/plugin-react-swc
1 Occurrence3.11.0
MIT
pypiaffinepypi:affine
1 Occurrence2.4.0
non-standard
pypiaistudio-sdkpypi:aistudio-sdk
1 Occurrence0.3.8
Not reported
pypialtairpypi:altair
2 Occurrences5.5.0 · 6.0.0
non-standard
pypiannotated-docpypi:annotated-doc
1 Occurrence0.0.4
MIT
pypiannotated-typespypi:annotated-types
1 Occurrence0.7.0
MIT
npmansi-stylesnpm:ansi-styles
1 Occurrence3.2.1
MIT
pypianyiopypi:anyio
1 Occurrence4.13.0
MIT
npmapache-arrownpm:apache-arrow
1 Occurrence11.0.0
Apache-2.0
npmarray-backnpm:array-back
2 Occurrences3.1.0 · 4.0.2
MIT
pypiattrspypi:attrs
2 Occurrences25.3.0 · 26.1.0
MIT
pypibanditpypi:bandit
1 Occurrence1.7.5
Apache-2.0
pypibce-python-sdkpypi:bce-python-sdk
1 Occurrence0.9.68
Apache-2.0
pypiblinkerpypi:blinker
2 Occurrences1.9.0
MIT
pypicachetoolspypi:cachetools
2 Occurrences6.2.0 · 7.0.5
MIT
pypicfgvpypi:cfgv
1 Occurrence3.4.0
MIT
npmchalknpm:chalk
1 Occurrence2.4.2
MIT
pypichardetpypi:chardet
1 Occurrence7.4.0.post2
0BSD · non-standard
pypicharset-normalizerpypi:charset-normalizer
2 Occurrences3.4.3 · 3.4.6
MIT
pypicligjpypi:cligj
1 Occurrence0.7.2
non-standard
npmcolor-convertnpm:color-convert
1 Occurrence1.9.3
MIT
npmcolor-namenpm:color-name
1 Occurrence1.1.3
MIT
pypicoloramapypi:colorama
2 Occurrences0.4.6
non-standard

This page displays 120 of 266 ordered rows. The machine-readable dossier retains the complete exact projection.

OSV

Related OSV records

GHSA-248v-346w-9cwc

Certifi removes GLOBALTRUST root certificate

1 repository10 Jun 2026
GHSA-2xpw-w6gg-jr37

urllib3 streaming API improperly handles highly compressed data

13 repositories07 Jul 2026
GHSA-38jv-5279-wg99

Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API)

13 repositories07 Jul 2026
GHSA-3j69-69wj-xqx2

UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()

5 repositories18 Jul 2026
GHSA-3v7f-55p6-f55p

Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching

3 repositories28 Mar 2026
GHSA-3x9g-8vmp-wqvf

Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient

6 repositories13 Jul 2026
GHSA-48p4-8xcf-vxj5

urllib3 does not control redirects in browsers and Node.js

7 repositories07 Jul 2026
GHSA-4w7w-66w2-5vf9

Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling

1 repository09 Apr 2026
GHSA-5239-wwwm-4pmq

Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching

13 repositories13 Jul 2026
GHSA-597g-3phw-6986

virtualenv Has TOCTOU Vulnerabilities in Directory Creation

6 repositories07 Jul 2026
GHSA-5rjg-fvgr-3xxf

setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write

2 repositories11 May 2026
GHSA-5xmw-vc9v-4wf2

Pillow has a heap buffer overflow with nested list coordinates

10 repositories13 Jul 2026
GHSA-6497-prx7-gpmq

geopandas SQL Injection Vulnerability in to_postgis() Allows Information Disclosure

1 repository10 Jun 2026
GHSA-65pc-fj4g-8rjx

Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix

17 repositories08 Jul 2026
GHSA-6w46-j5rx-g56g

pytest has vulnerable tmpdir handling

6 repositories07 Jul 2026
GHSA-7545-fcxq-7j24

GitPython reference APIs has a path traversal vulnerability that allows arbitrary file write and delete outside the repository

4 repositories13 Jul 2026
GHSA-768j-98cg-p3fv

fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib

6 repositories07 Jul 2026
GHSA-78cv-mqj4-43f7

Tornado has incomplete validation of cookie attributes

6 repositories13 Jul 2026
GHSA-7cx3-6m66-7c5m

Tornado vulnerable to excessive logging caused by malformed multipart form data

2 repositories07 Jul 2026
GHSA-7gcm-g887-7qv7

protobuf affected by a JSON recursion depth bypass

10 repositories07 Jul 2026
GHSA-7p48-42j8-8846

Unauthenticated SSRF Vulnerability in Streamlit on Windows (NTLM Credential Exposure)

1 repository13 Jul 2026
GHSA-8qvm-5x2c-j2w7

protobuf-python has a potential Denial of Service issue

3 repositories07 Jul 2026
GHSA-93m4-6634-74q7

vite allows server.fs.deny bypass via backslash on Windows

1 repository04 Feb 2026
GHSA-9hjg-9r4m-mvj7

Requests vulnerable to .netrc credentials leak via malicious URLs

7 repositories07 Jul 2026
GHSA-9wx4-h78v-vm56

Requests `Session` object does not verify requests after making first request with verify=False

1 repository07 Jul 2026
GHSA-c2c7-rcm5-vvqj

Picomatch has a ReDoS vulnerability via extglob quantifiers

3 repositories28 Mar 2026
GHSA-c38f-wx89-p2xg

UltraJSON has a Memory Leak in ujson.dump() on Write Failure

5 repositories13 Jul 2026
GHSA-c8rr-9gxc-jprv

UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop

4 repositories13 Jul 2026
GHSA-cfh3-3jmp-rvhc

Pillow affected by out-of-bounds write when loading PSD images

12 repositories13 Jul 2026
GHSA-cpwx-vrp4-4pq7

Jinja2 vulnerable to sandbox breakout through attr filter selecting format method

2 repositories07 Jul 2026
GHSA-cx3h-4qpv-8hc9

Tornado has out-of-bounds memory access via C extension

6 repositories13 Jul 2026
GHSA-cx63-2mw6-8hw5

setuptools vulnerable to Command Injection via package URL

1 repository07 Jul 2026
GHSA-fx2h-pf6j-xcff

vite: `server.fs.deny` bypass on Windows alternate paths

1 repository16 Jul 2026
GHSA-g4jq-h2w9-997c

Vite middleware may serve files starting with the same name with the public directory

1 repository04 Feb 2026
GHSA-g7vv-2v7x-gj9p

tqdm CLI arguments injection attack

1 repository07 Jul 2026
GHSA-gc5v-m9x4-r6x2

Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

15 repositories13 Jul 2026
GHSA-gm62-xv2j-4w53

urllib3 allows an unbounded number of links in the decompression chain

13 repositories07 Jul 2026
GHSA-gmj6-6f8f-6699

Jinja has a sandbox breakout through malicious filenames

1 repository07 Jul 2026
GHSA-h75v-3vvj-5mfj

Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

1 repository07 Jul 2026
GHSA-j225-cvw7-qrx7

PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption

1 repository07 Jul 2026
GHSA-jqfw-vq24-v9c3

Vite's `server.fs` settings were not applied to HTML files

1 repository04 Feb 2026
GHSA-mf9v-mfxr-j63j

urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API

3 repositories08 Jun 2026
GHSA-mgf9-4vpg-hj56

tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)

6 repositories13 Jul 2026
GHSA-mv93-w799-cj2w

GitPython: Newline injection in config_writer() section parameter bypasses CVE-2026-42215 patch, enabling RCE via core.hooksPath

4 repositories10 May 2026
GHSA-mw96-cpmx-2vgc

Rollup 4 has Arbitrary File Write via Path Traversal

1 repository02 Mar 2026
GHSA-p9ff-h696-f583

Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket

1 repository09 Apr 2026
GHSA-pq67-6m6q-mj2v

urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation

7 repositories07 Jul 2026
GHSA-pw6j-qg29-8w7f

Tornado: CurlAsyncHTTPClient leaks per-request credentials on handle reuse

6 repositories17 Jun 2026
Interpretation boundary

Exact identities in, explicit limits out

The collector reads bounded lockfiles, SBOMs and exact double-equals pins at one immutable commit. Version ranges are never resolved by assumption.

Retrieval, parsing, matching and publishing use no generative AI model.

i6eal (2026): SmartPlanAI Anwendung — exact AI dependency evidence dossier, data state 19 Jul 2026. https://i6eal.de/en/tools/ki-abhaengigkeitsatlas/repository/opencode-10162/

Reading this dossier

Does this repository dossier prove deployment?
No. It documents dependencies published at one observed commit, not a deployed environment.
Why are exact versions required?
OSV and registry metadata can be linked reproducibly only to an observed package@version tuple. The collector never substitutes a newest release for a range.
Does a missing row mean the dependency is absent?
No. It means not observed within the bounded files and repository checkpoint. Incomplete trees and parser failures remain explicit.

Need a permanent dependency evidence trail for another public code cohort?

We build source-backed data products with stable identities, reproducible joins and boundaries that remain visible.

Discuss a data projectExplore all tools