packageurl-go
packageurl-go copied to clipboard
Go implementation of the package url spec
Signed-off-by: Jason Hall This adds a simple [Go fuzz test](https://go.dev/doc/fuzz/) that checks for inputs that cause `FromString` to panic. Returned errors are not considered interesting fuzzing inputs, only inputs that...
Fixes three issues with the encoding/decoding of strings: 1. Namespace segments are escaped as paths instead of queries to match how they are unescaped. 2. Subpath segments are escaped to...
Trying to view Go package doc in https://pkg.go.dev/github.com/package-url/packageurl-go shows the message: > Documentation not displayed due to license restrictions. > See our [license policy](https://pkg.go.dev/license-policy). Does anybody know what license issue...
We identified a few improvements how NPM packages are handled. For example, `@` is not being encoded, as well as other characters per the spec. This PR brings the improvements...
For types such as `github`, the specification states that name should be lowercased, but not the version. https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#github Git tags and branches however can be case sensitive. Looking at the...
There are inconsistencies with how namespace, subpath and name components are URL encoded by `FromString` and how they are decoded by `ToString`. See https://github.com/package-url/packageurl-go/pull/22 for more details and proposed fixes.
The latest release is [v0.1.1](https://github.com/package-url/packageurl-go/releases/tag/v0.1.1), released 2 months ago, and is missing several types in the spec (added in #43). Can this not block on #47, and get a new...
Currently, our README.md defines the following versioning scheme: ``` The versions will follow the spec. So if the spec is released at 1.0. Then all versions in the 1.x.y will...
BREAKING CHANGE: This commit removes all the custom qualifier-logic that existed in order to keep the ordering of the qualifiers. The spec says: > sort this list of qualifier strings...
Hi again! After #52, there seems to be a "bug" about the ordering of the qualifiers. [The code says](https://github.com/package-url/packageurl-go/blob/master/packageurl.go#L120): ```go // Qualifiers is a slice of key=value pairs, with order...