packageurl-python
packageurl-python copied to clipboard
package-url
Python implementation of the package url spec. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ , the Google Summer of Code, nexB and other generous sponsors...
The PackageURL spec includes a list of requirements for a `type` to be considered valid: - > The package type is composed only of ASCII letters and numbers, '.', '+'...
When passing in a URL encoded name to `PackageURL.from_string`, it de-encodes the string, which is correct to have the actual name. However, when rendering this out as a string, it...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4.1.7. Release notes Sourced from actions/download-artifact's releases. v4.1.7 What's Changed Update @actions/artifact dependency by @bethanyj28 in actions/download-artifact#325 Full Changelog: https://github.com/actions/download-artifact/compare/v4.1.6...v4.1.7 v4.1.6 What's Changed updating @actions/artifact...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
See https://github.com/package-url/purl-spec/issues/324 for more information and the related PR
While working with `PackageURL.from_string`, I came across a purl string that looked like this: `pkg:npm/@stencil/core/[email protected]`. `PackageURL.from_string("pkg:npm/@stencil/core/[email protected]")` failed with the following error: ``` Traceback (most recent call last): File "/repos/sw-factory/hoppr/hoppr/./test.py", line...
In some applications, PURLs can be used to identify / track certain types of models instead of being a model of its own. In such cases, having the PURL as...
Calling ```get_download_url``` on ``` pkg:maven/junit/[email protected] ``` will give: ``` https://repo.maven.apache.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar ``` which is good and can be downloaded. However, I would have preferred to get ``` https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2-sources.jar ``` that gives...
"pkg:golang/google.golang.org/genproto#googleapis/api/annotations" is taken from https://github.com/package-url/purl-spec/blob/main/types/golang-definition.json ``` python Python 3.14.1 (main, Dec 2 2025, 12:51:37) [Clang 17.0.0 (clang-1700.4.4.1)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> from...
Applying get_download_url() to ``` pkg:pypi/[email protected] ``` gives no result. I would have expected something like: ``` https://files.pythonhosted.org/packages/22/68/24fd855343f218e016bbb04b1a5a2dc1be191a4cbd4d3cdabb13d1c2a371/Django-1.11.1.tar.gz ```
In the spec, https://github.com/package-url/purl-spec there is an example of Debian PURL: ``` pkg:deb/debian/[email protected]?arch=i386&distro=jessie ``` packageurl-python converts this PURL in the following URL: ``` https://deb.debian.org/debian/pool/main/c/curl/curl_7.50.3-1_i386.deb ``` This gives: ``` The requested...
Metadata
Owner
Metadata
Python implementation of the package url spec. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ , the Google Summer of Code, nexB and other generous sponsors...