HeroDevs

What are "Unknown Packages"?

Unknown package versions are any packages present within the SBOM scanned, for which we have not yet made an EOL determination. There are several reasons for unknown packages, and options are available to ensure they are not end-of-life.

Reasons a package version is unknown

Any private packages (packages not available on any OSS registry - like NPM, Maven Central, PyPI, etc.) will be considered unknown by our EOL scan.
While our current dataset contains over 10 million package versions, it is possible that we have not yet collected and calculated the data required for an EOL determination.
We offer comprehensive data coverage for these supported ecosystems. We are continually expanding our ecosystem support, and may not yet support your specific ecosystem.

When will these packages become known? When should I re-run a scan?

Our system automatically queues all unknown packages for data collection and processing. We are constantly updating and improving the dataset, and gathering new data for unknown packages. This process will resolve the unknown packages that have valid OSS purls. However, any private packages will remain with an unknown status.

What is End-Of-Life

Understanding how end-of-life is determined

What ecosystems are supported

Below is the list of the ecosystems currently supported by the EOL scanner. We are continuing to expand our ecosystem support.

On This Page

Submit a Request

Learn More

Talk to an Expert

Learn about personalized End-of-Life Support options and pricing for your organization

Contact Sales