SDKs — Generate and Verify DBOMs in 3 Lines

Official libraries for Python and JavaScript. Both SDKs generate schema-valid Makoto DBOM records and verify them with a single function call.

🔒 All DBOMs are validated against the canonical schema at https://usemakoto.dev/schema/v0.1.json. A bundled copy is included in each SDK for offline use.

Python makoto

Works with Python 3.8+. Install via uv or pip.

Install

uv add makoto

Quick Start

                    
from makoto import generate, verify

# Generate a DBOM
dbom = generate("data/sales.csv", signer="github:you")

# Verify it
result = verify(dbom, file_path="data/sales.csv")
print("Valid" if result.valid else result.errors)
                

→ Full README & API reference

JS @makoto/sdk

Works in Node.js 18+ and modern browsers. ES modules only.

Install

npm install @makoto/sdk

Quick Start — Node.js

                    
import { generate, verify } from "@makoto/sdk";

const dbom = await generate({ filePath: "sales.csv", signer: "github:you", fileName: "sales.csv" });
const result = await verify(dbom);
console.log(result.valid ? "✓ Valid" : result.errors);

Quick Start — Browser

                    
import { generate, verify } from "@makoto/sdk";

const buffer = await file.arrayBuffer();
const dbom = await generate({ fileBuffer: buffer, fileName: file.name, signer: "github:you" });
const result = await verify(dbom, buffer);

→ Full README & API reference

Schema

The DBOM JSON Schema is published at:

https://usemakoto.dev/schema/v0.1.json
https://usemakoto.dev/schema/latest.json

Both URLs serve the same v0.1 schema. Both SDKs fetch it at runtime and fall back to a bundled copy when offline.