**Definition:** The organization that supplied/distributed the package to you. **Complexity:** Supplier differs from publisher when using: - Private Hex repositories - Internal mirrors - Proxies/caches > [!IMPORTANT] > **Question:** ❓ How to handle cases where supplier info is not available? Leave as `null` or infer from PURL?
Definition: The organization that supplied/distributed the package to you.
Complexity: Supplier differs from publisher when using:
Important
Question: ❓ How to handle cases where supplier info is not available? Leave as
nullor infer from PURL?