Return to Glossary



A list of files, dependencies, and other information about a software project. Examples include:

  • package.json in Node projects and pyproject.toml in Python projects are examples of package manifests, which define a project’s dependencies and other metadata.
  • Docker’s Image Manifests reference image layers for multiple variants of a container image, allowing for a single image to be used for multiple architectures and operating systems.
  • SPDX and CycloneDX are standards for sharing the metadata of software artifacts between different projects, allowing developers to track the licensing and provenance of their dependencies.
Last topic: ← CycloneDX
Next topic: Notarization →