Skip to content

package-url/packageurl-python

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

packageurl-python

Python library to parse and build "purl" aka. Package URLs. See https://github.com/package-url/purl-spec for details.

Join the discussion at https://gitter.im/package-url/Lobby or enter a ticket for support.

License: MIT

Tests and build status

Tests and build
CI Tests and build status

Install

pip install packageurl-python

Usage

>>> from packageurl import PackageURL

>>> purl = PackageURL.from_string("pkg:maven/org.apache.commons/io@1.3.4")
>>> print(purl.to_dict())
{'type': 'maven', 'namespace': 'org.apache.commons', 'name': 'io', 'version': '1.3.4', 'qualifiers': None, 'subpath': None}

>>> print(purl.to_string())
pkg:maven/org.apache.commons/io@1.3.4

>>> print(str(purl))
pkg:maven/org.apache.commons/io@1.3.4

>>> print(repr(purl))
PackageURL(type='maven', namespace='org.apache.commons', name='io', version='1.3.4', qualifiers={}, subpath=None)

Utilities

Django models

packageurl.contrib.django.models.PackageURLMixin is a Django abstract model mixin to use Package URLs in Django.

SQLAlchemy mixin

packageurl.contrib.sqlalchemy.mixin.PackageURLMixin is a SQLAlchemy declarative mixin to use Package URLs in SQLAlchemy models.

URL to PURL

packageurl.contrib.url2purl.get_purl(url) returns a Package URL inferred from an URL.

>>> from packageurl.contrib import url2purl
>>> url2purl.get_purl("https://github.com/package-url/packageurl-python")
PackageURL(type='github', namespace='package-url', name='packageurl-python', version=None, qualifiers={}, subpath=None)

PURL to URL

  • packageurl.contrib.purl2url.get_repo_url(purl) returns a repository URL inferred from a Package URL.
  • packageurl.contrib.purl2url.get_download_url(purl) returns a download URL inferred from a Package URL.
  • packageurl.contrib.purl2url.get_inferred_urls(purl) return all inferred URLs (repository, download) from a Package URL.
>>> from packageurl.contrib import purl2url

>>> purl2url.get_repo_url("pkg:rubygems/bundler@2.3.23")
"https://rubygems.org/gems/bundler/versions/2.3.23"

>>> purl2url.get_download_url("pkg:rubygems/bundler@2.3.23")
"https://rubygems.org/downloads/bundler-2.3.23.gem"

>>> purl2url.get_inferred_urls("pkg:rubygems/bundler@2.3.23")
["https://rubygems.org/gems/bundler/versions/2.3.23", "https://rubygems.org/downloads/bundler-2.3.23.gem",]

Run tests

Install test dependencies:

python3 thirdparty/virtualenv.pyz --never-download --no-periodic-update .
bin/pip install -e ."[test]"

Run tests:

bin/py.test tests

Make a new release

  • start a new release branch

  • update the CHANGELOG.rst and AUTHORS.rst

  • update README.rst if needed

  • bump version in setup.cfg

  • run all tests

  • install restview and validate that all .rst docs are correct

  • commit and push this branch

  • tag and push that tag

  • make a PR to merge branch

  • once merged, run:

    bin/pip install --upgrade pip wheel twine setuptools
    
  • delete the "dist" and "build" directories:

    rm -rf dist/ build/
    
  • create a source distribution and wheel with:

    bin/python setup.py sdist bdist_wheel
    
  • finally, upload to PyPI:

    bin/twine upload dist/*
    

About

Python implementation of the package url spec. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ , the Google Summer of Code, nexB and other generous sponsors.

Topics

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages