packageurl-go icon indicating copy to clipboard operation
packageurl-go copied to clipboard

Published 20 hours ago verified publisher icon package-url

Version component is incorrectly lowercased

Open rikkuness opened this issue 3 years ago • 0 comments

For types such as github, the specification states that name should be lowercased, but not the version. https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#github

Git tags and branches however can be case sensitive.

Looking at the code the functiontypeAdjustName not only passes the name, but is passing name and version, eg. purl-spec@244fd47e07d1004 and as such the version gets lowercased along with the name.

https://github.com/package-url/packageurl-go/blob/master/packageurl.go#L267

rikkuness avatar Jul 08 '21 14:07 rikkuness