A package can refer to a project, product, artifact, distribution or a component that is external to the SPDX document.
Since the environment from which an SBOM is generated includes base Julia at a specific version, not to mention the assorted base Julia packages that are otherwise depended on by various package dependencies, I think we should include base Julia in the generated SBOM.
From the SPDX documentation:
Since the environment from which an SBOM is generated includes base Julia at a specific version, not to mention the assorted base Julia packages that are otherwise depended on by various package dependencies, I think we should include base Julia in the generated SBOM.