Moullisha

@goneall Is it possible to have more than one DESCRIBES relationships in an SPDX document?

@goneall Can an SPDXRef-DOCUMENT describe multiple packages? For instance, considering the below relationship array, is it possible to have multiple DESCRIBES relationship with packages? "relationships": [ { "spdxElementId": "SPDXRef-Pkg-467877y78y8y1.1-3862772", "relationshipType":...

@goneall Is it safe to say that there should be only one DESCRIBES relationship b/w SPDXRef-DOCUMENT and a top-level package, if the SPDX doc contains only packages/modules contained in a...

Yes, it is mentioned as a required field in [development/v2.3.1](https://github.com/spdx/spdx-spec/blob/development/v2.3.1/schemas/spdx-schema.json) but not in [development/v2.3](https://github.com/spdx/spdx-spec/blob/development/v2.3/schemas/spdx-schema.json) which created confusion. Do you suggest we follow the 2.3.1 branch?

@goneall externalRef has few allowed values for category like ["OTHER", "PERSISTENT_ID", "PERSISTENT-ID", "SECURITY", "PACKAGE_MANAGER"]. The only category value that seems suitable when providing repository location is OTHER. But this can...

@goneall Repository URL here refers to the github repository path of a project to which module belongs

@goneall The repository location here refers to the github repository of the product where a particular module is being used. For instance, if I use node.js in one of my...

``` "packages": [ { "SPDXID": "SPDXRef-Pkg-Product-3.134-4027901", "name": "adduser", "filesAnalyzed": false, "description": "apko container image", "downloadLocation": "NOASSERTION", "checksums": [ { "algorithm": "SHA256", "checksumValue": "d62fea9d5f46122c0355f10e54d500fda294e15088cd1a1a06bdf25af537859a" } ], }, { "SPDXID": "SPDXRef-Pkg-nodejs-2.6.1-4027993", "name":...

Fix for issue #64 @steven-esser @matt-phylum Please review!

@matt-phylum The purl string **pkg:npm/@aws-crypto/[email protected]** was being accurately parsed using the python version of the module but js version was throwing error. But as you mentioned the python version does...