Syft Schema

SyftPackage

Representation of a software package discovered by Syft, created from Syft’s artifacts array.

Field	Description
firstseen	Timestamp of when a sync job first discovered this node
lastupdated	Timestamp of the last time the node was updated
id	Normalized package ID (e.g., npm|express|4.18.2)
name	Package name
version	Package version
type	Package type (e.g., npm, pypi, deb)
purl	Package URL
normalized_id	Normalized ID for cross-tool matching (format: {type}|{namespace/}{name}|{version}). Indexed.
language	Programming language
found_by	Syft cataloger that discovered the package

Relationships

• A SyftPackage depends on another SyftPackage.

  (SyftPackage)-[:DEPENDS_ON]->(SyftPackage)
  

• A canonical Package (ontology) is detected as a SyftPackage.

  (Package)-[:DETECTED_AS]->(SyftPackage)
  

Direct vs Transitive Dependencies

Direct and transitive dependencies are determined by graph structure rather than stored properties:

• Direct dependencies: Packages with no incoming DEPENDS_ON edges (nothing depends on them)

• Transitive dependencies: Packages that have incoming DEPENDS_ON edges

Query to find direct dependencies:

MATCH (p:SyftPackage)
WHERE NOT exists((p)<-[:DEPENDS_ON]-())
RETURN p.name

Query to find transitive dependencies:

MATCH (p:SyftPackage)
WHERE exists((p)<-[:DEPENDS_ON]-())
RETURN p.name