packageurl-python icon indicating copy to clipboard operation
packageurl-python copied to clipboard
verified publisher icon package-url

PackageURL type not being validated

Open benmss opened this issue 1 year ago • 0 comments

The PackageURL spec includes a list of requirements for a type to be considered valid:

  • The package type is composed only of ASCII letters and numbers, '.', '+' and '-' (period, plus, and dash)

  • The type cannot start with a number

Therefore, the following should not be possible:

PackageURL.from_string("pkg:111_^5/example")
PackageURL(type='111_^5', namespace=None, name='example', version=None, qualifiers={}, subpath=None)

Spec taken from: https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst

benmss avatar May 21 '24 06:05 benmss