### Install packageurl-python Source: https://github.com/package-url/packageurl-python/blob/main/README.rst Install the library using pip. This is the primary method for adding the package to your project. ```bash pip install packageurl-python ``` -------------------------------- ### Setup Pre-commit Hook for Black Formatting Source: https://github.com/package-url/packageurl-python/blob/main/CONTRIBUTING.rst To ensure consistent code formatting, set up a pre-commit hook that automatically runs 'black' before commits. This command formats the code with a line length of 100 characters. ```bash black --line-length 100 . ``` -------------------------------- ### Convert Package URL to Download URL Source: https://github.com/package-url/packageurl-python/blob/main/README.rst Use purl2url.get_download_url() to get the inferred download URL from a Package URL. This is useful for locating package distribution files. ```python from packageurl.contrib import purl2url purl2url.get_download_url("pkg:gem/bundler@2.3.23") ``` -------------------------------- ### Convert Package URL to Repository URL Source: https://github.com/package-url/packageurl-python/blob/main/README.rst Use purl2url.get_repo_url() to get the inferred repository URL from a Package URL. This is useful for linking PURLs to their source code repositories. ```python from packageurl.contrib import purl2url purl2url.get_repo_url("pkg:gem/bundler@2.3.23") ``` -------------------------------- ### Get All Inferred URLs from a Purl Source: https://context7.com/package-url/packageurl-python/llms.txt get_inferred_urls returns a list of repository and download URLs for a given purl string. Some purls, like GitHub ones without version_prefix, may only yield a repository URL. ```python from packageurl.contrib.purl2url import get_inferred_urls print(get_inferred_urls("pkg:gem/bundler@2.3.23")) # ['https://rubygems.org/gems/bundler/versions/2.3.23', # 'https://rubygems.org/downloads/bundler-2.3.23.gem'] print(get_inferred_urls("pkg:cargo/rand@0.8.5")) # ['https://crates.io/crates/rand/0.8.5', # 'https://crates.io/api/v1/crates/rand/0.8.5/download'] # Only repo URL available (no download URL for GitHub purls without version_prefix) print(get_inferred_urls("pkg:github/pallets/flask@3.0.0")) # ['https://github.com/pallets/flask/tree/3.0.0'] ``` -------------------------------- ### Construct PackageURL from Components Source: https://context7.com/package-url/packageurl-python/llms.txt Create a normalized PackageURL object from explicit components. 'type' and 'name' are mandatory. Normalization is applied by default. ```python from packageurl import PackageURL # Minimal purl — type + name only p = PackageURL(type="pypi", name="Requests") print(str(p)) # pkg:pypi/requests (name lowercased + underscores → dashes per PyPI rules) # Full purl with all components p = PackageURL( type="maven", namespace="org.apache.commons", name="lang3", version="3.12.0", qualifiers={"classifier": "sources", "type": "jar"}, subpath="src/main", ) print(str(p)) # pkg:maven/org.apache.commons/lang3@3.12.0?classifier=sources&type=jar#src/main # npm scoped package p = PackageURL(type="npm", namespace="@angular", name="core", version="17.0.0") print(str(p)) # pkg:npm/%40angular/core@17.0.0 # Qualifiers can be passed as a pre-encoded string or as a dict p = PackageURL(type="deb", namespace="debian", name="libc6", version="2.36-9", qualifiers="arch=amd64") print(p.qualifiers) # {'arch': 'amd64'} ``` -------------------------------- ### Serialize PackageURL to String with to_string Source: https://context7.com/package-url/packageurl-python/llms.txt Convert a PackageURL object to its canonical string representation. Percent-encoding can be controlled. ```python from packageurl import PackageURL p = PackageURL( type="github", namespace="nexB", name="scancode-toolkit", version="v32.0.0", qualifiers={"download_url": "https://github.com/nexB/scancode-toolkit/archive/v32.0.0.tar.gz"}, ) print(p.to_string()) # pkg:github/nexb/scancode-toolkit@v32.0.0?download_url=https%3A%2F%2Fgithub.com%2FnexB%2Fscancode-toolkit%2Farchive%2Fv32.0.0.tar.gz # str() is an alias for to_string() print(str(p) == p.to_string()) # True ``` -------------------------------- ### Convert PackageURL to direct download URL Source: https://context7.com/package-url/packageurl-python/llms.txt Use `get_download_url()` to generate a direct artifact download URL for a purl. It falls back to the `download_url` qualifier if present. ```python from packageurl.contrib.purl2url import get_download_url print(get_download_url("pkg:gem/bundler@2.3.23")) # https://rubygems.org/downloads/bundler-2.3.23.gem print(get_download_url("pkg:npm/lodash@4.17.21")) ``` -------------------------------- ### PackageURL Constructor Source: https://context7.com/package-url/packageurl-python/llms.txt Constructs a normalized PackageURL named-tuple from explicit components. 'type' and 'name' are required. Normalization is applied automatically unless normalize_purl=False. ```APIDOC ## `PackageURL` — construct a purl from components Creates a normalized `PackageURL` named-tuple from explicit components. `type` and `name` are required; all other fields are optional. Normalization (case-folding, percent-encoding, PyPI dash/underscore conversion, etc.) is applied automatically unless `normalize_purl=False`. ```python from packageurl import PackageURL # Minimal purl — type + name only p = PackageURL(type="pypi", name="Requests") print(str(p)) # pkg:pypi/requests (name lowercased + underscores → dashes per PyPI rules) # Full purl with all components p = PackageURL( type="maven", namespace="org.apache.commons", name="lang3", version="3.12.0", qualifiers={"classifier": "sources", "type": "jar"}, subpath="src/main", ) print(str(p)) # pkg:maven/org.apache.commons/lang3@3.12.0?classifier=sources&type=jar#src/main # npm scoped package p = PackageURL(type="npm", namespace="@angular", name="core", version="17.0.0") print(str(p)) # pkg:npm/%40angular/core@17.0.0 # Qualifiers can be passed as a pre-encoded string or as a dict p = PackageURL(type="deb", namespace="debian", name="libc6", version="2.36-9", qualifiers="arch=amd64") print(p.qualifiers) # {'arch': 'amd64'} ``` ``` -------------------------------- ### PackageURL.to_string Serializer Source: https://context7.com/package-url/packageurl-python/llms.txt Returns the canonical purl string representation of a PackageURL instance. Optionally controls percent-encoding. ```APIDOC ## `PackageURL.to_string` — serialize a purl to its canonical string Returns the canonical purl string, optionally controlling percent-encoding. ```python from packageurl import PackageURL p = PackageURL( type="github", namespace="nexB", name="scancode-toolkit", version="v32.0.0", qualifiers={"download_url": "https://github.com/nexB/scancode-toolkit/archive/v32.0.0.tar.gz"}, ) print(p.to_string()) # pkg:github/nexb/scancode-toolkit@v32.0.0?download_url=https%3A%2F%2Fgithub.com%2FnexB%2Fscancode-toolkit%2Farchive%2Fv32.0.0.tar.gz # str() is an alias for to_string() print(str(p) == p.to_string()) # True ``` ``` -------------------------------- ### Infer PackageURL from URL Source: https://context7.com/package-url/packageurl-python/llms.txt Use `url2purl()` to convert package repository or download URLs into `PackageURL` objects. It supports over 20 URL patterns and falls back to a generic purl for unrecognized URLs. Returns `None` for invalid or empty input. ```python from packageurl.contrib.url2purl import url2purl # GitHub repository URL print(url2purl("https://github.com/nexB/scancode-toolkit")) # PackageURL(type='github', namespace='nexb', name='scancode-toolkit', ...) # PyPI project page print(url2purl("https://pypi.org/project/requests/2.31.0")) # PackageURL(type='pypi', namespace=None, name='requests', version='2.31.0', ...) # npm registry API print(url2purl("https://registry.npmjs.org/lodash/4.17.21")) # PackageURL(type='npm', namespace=None, name='lodash', version='4.17.21', ...) # Maven Central download print(url2purl("https://repo1.maven.org/maven2/org/apache/commons/commons-lang3/3.12.0/commons-lang3-3.12.0.jar")) # PackageURL(type='maven', namespace='org.apache.commons', name='commons-lang3', version='3.12.0', ...) # Cargo (Rust crates.io) download print(url2purl("https://crates.io/api/v1/crates/serde/1.0.193/download")) # PackageURL(type='cargo', namespace=None, name='serde', version='1.0.193', ...) # Unknown URL → generic fallback print(url2purl("https://example.com/releases/mytool-2.0.tar.gz")) # PackageURL(type='generic', name='mytool-2.0.tar.gz', qualifiers={'download_url': '...'}, ...) # Returns None for invalid/empty input print(url2purl("")) # None ``` -------------------------------- ### Serialize PackageURL to Dictionary with to_dict Source: https://context7.com/package-url/packageurl-python/llms.txt Convert a PackageURL object into an ordered dictionary of its components. Useful for serialization to JSON or databases. Options to control qualifier encoding and representation of None values. ```python from packageurl import PackageURL p = PackageURL.from_string("pkg:npm/%40angular/core@17.0.0") # Default: qualifiers as dict, None for missing fields print(p.to_dict()) # {'type': 'npm', 'namespace': '@angular', 'name': 'core', # 'version': '17.0.0', 'qualifiers': {}, 'subpath': None} # encode=True: qualifiers serialized as key=value string print(p.to_dict(encode=True)) # {'type': 'npm', 'namespace': '@angular', 'name': 'core', # 'version': '17.0.0', 'qualifiers': None, 'subpath': None} # empty="": replace None with empty string (useful for DB models) p2 = PackageURL.from_string("pkg:pypi/flask@3.0.0") print(p2.to_dict(encode=True, empty="")) # {'type': 'pypi', 'namespace': '', 'name': 'flask', # 'version': '3.0.0', 'qualifiers': '', 'subpath': ''} ``` -------------------------------- ### Infer All URLs from Package URL Source: https://github.com/package-url/packageurl-python/blob/main/README.rst Use purl2url.get_inferred_urls() to retrieve all inferred URLs (repository and download) from a Package URL. This provides a comprehensive set of related links. ```python from packageurl.contrib import purl2url purl2url.get_inferred_urls("pkg:gem/bundler@2.3.23") ``` -------------------------------- ### PackageURL.from_string Parser Source: https://context7.com/package-url/packageurl-python/llms.txt Parses any valid purl string and returns a PackageURL instance. Raises ValueError on malformed input. Supports skipping normalization with normalize_purl=False. ```APIDOC ## `PackageURL.from_string` — parse a purl string Parses any valid purl string and returns a `PackageURL` instance. Raises `ValueError` on malformed input. ```python from packageurl import PackageURL # Basic parsing p = PackageURL.from_string("pkg:maven/org.apache.commons/io@1.3.4") print(p.type) # maven print(p.namespace) # org.apache.commons print(p.name) # io print(p.version) # 1.3.4 print(p.qualifiers) # {} print(p.subpath) # None # Purl with qualifiers and subpath p = PackageURL.from_string( "pkg:docker/customer/dockerimage@sha256:244fd47e07d10?repository_url=gcr.io#foo/bar" ) print(p.qualifiers) # {'repository_url': 'gcr.io'} print(p.subpath) # foo/bar # Error handling try: PackageURL.from_string("not-a-purl") except ValueError as e: print(e) # purl is missing the required "pkg" scheme component: 'not-a-purl'. # Skip normalization (strict mode, preserves original casing) p = PackageURL.from_string("pkg:PyPi/Django@4.2", normalize_purl=False) print(p.type) # PyPi (not lowercased) ``` ``` -------------------------------- ### Build Purl from Go Module String Source: https://context7.com/package-url/packageurl-python/llms.txt get_golang_purl parses Go package import paths or go.mod dependency lines into a PackageURL object. It handles various formats including those with and without versions, and stdlib-style paths. ```python from packageurl.utils import get_golang_purl # go.mod style "package version" p = get_golang_purl("github.com/gorilla/mux v1.8.1") print(p) # PackageURL(type='golang', namespace='github.com/gorilla', name='mux', # version='v1.8.1', qualifiers={}, subpath=None) # Import path without version p = get_golang_purl("golang.org/x/net/http2") print(p) # PackageURL(type='golang', namespace='golang.org/x/net', name='http2', # version=None, qualifiers={}, subpath=None) # Stdlib-style single-segment path p = get_golang_purl("fmt") print(p) # PackageURL(type='golang', namespace='', name='fmt', version=None, ...) ``` -------------------------------- ### Infer Download URLs from Package URLs Source: https://context7.com/package-url/packageurl-python/llms.txt Use get_download_url to retrieve the canonical download URL for various package types. Supports explicit download_url qualifiers. ```python print(get_download_url("pkg:maven/org.apache.commons/commons-lang3@3.12.0")) # https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.12.0/commons-lang3-3.12.0.jar print(get_download_url("pkg:nuget/Newtonsoft.Json@13.0.1")) # https://www.nuget.org/api/v2/package/Newtonsoft.Json/13.0.1 print(get_download_url("pkg:golang/github.com/gorilla/mux@v1.8.1")) # https://proxy.golang.org/github.com/gorilla/mux/@v/v1.8.1.zip # Fallback: purl with explicit download_url qualifier print(get_download_url("pkg:generic/mytool@2.0?download_url=https://example.com/mytool-2.0.tar.gz")) # https://example.com/mytool-2.0.tar.gz ``` -------------------------------- ### PackageURL.to_dict Serializer Source: https://context7.com/package-url/packageurl-python/llms.txt Returns an ordered dictionary of all purl component fields. Supports options for encoding qualifiers and handling empty fields. ```APIDOC ## `PackageURL.to_dict` — serialize a purl to a dictionary Returns an ordered dict of all purl component fields. Useful for serialization (JSON, DB storage, etc.). ```python from packageurl import PackageURL p = PackageURL.from_string("pkg:npm/%40angular/core@17.0.0") # Default: qualifiers as dict, None for missing fields print(p.to_dict()) # {'type': 'npm', 'namespace': '@angular', 'name': 'core', # 'version': '17.0.0', 'qualifiers': {}, 'subpath': None} # encode=True: qualifiers serialized as key=value string print(p.to_dict(encode=True)) # {'type': 'npm', 'namespace': '@angular', 'name': 'core', # 'version': '17.0.0', 'qualifiers': None, 'subpath': None} # empty="": replace None with empty string (useful for DB models) p2 = PackageURL.from_string("pkg:pypi/flask@3.0.0") print(p2.to_dict(encode=True, empty="")) # {'type': 'pypi', 'namespace': '', 'name': 'flask', # 'version': '3.0.0', 'qualifiers': '', 'subpath': ''} ``` ``` -------------------------------- ### Convert PackageURL to repository browse URL Source: https://context7.com/package-url/packageurl-python/llms.txt Use `get_repo_url()` to obtain the canonical repository web URL for a given purl string. Returns `None` if the purl type is not supported. ```python from packageurl.contrib.purl2url import get_repo_url print(get_repo_url("pkg:pypi/flask@3.0.0")) # https://pypi.org/project/flask/3.0.0/ print(get_repo_url("pkg:npm/%40angular/core@17.0.0")) # https://www.npmjs.com/package/@angular/core/v/17.0.0 print(get_repo_url("pkg:maven/org.springframework/spring-core@6.0.0")) # https://repo.maven.apache.org/maven2/org/springframework/spring-core/6.0.0 print(get_repo_url("pkg:github/nexb/scancode-toolkit@v32.0.0")) # https://github.com/nexb/scancode-toolkit/tree/v32.0.0 print(get_repo_url("pkg:cargo/serde@1.0.193")) # https://crates.io/crates/serde/1.0.193 print(get_repo_url("pkg:golang/github.com/gorilla/mux@v1.8.1")) # https://pkg.go.dev/github.com/gorilla/mux@v1.8.1 ``` -------------------------------- ### Parse PURL String with PackageURL.from_string Source: https://context7.com/package-url/packageurl-python/llms.txt Parse a PURL string into a PackageURL instance. Raises ValueError for malformed input. Can optionally skip normalization. ```python from packageurl import PackageURL # Basic parsing p = PackageURL.from_string("pkg:maven/org.apache.commons/io@1.3.4") print(p.type) # maven print(p.namespace) # org.apache.commons print(p.name) # io print(p.version) # 1.3.4 print(p.qualifiers) # {} print(p.subpath) # None # Purl with qualifiers and subpath p = PackageURL.from_string( "pkg:docker/customer/dockerimage@sha256:244fd47e07d10?repository_url=gcr.io#foo/bar" ) print(p.qualifiers) # {'repository_url': 'gcr.io'} print(p.subpath) # foo/bar # Error handling try: PackageURL.from_string("not-a-purl") except ValueError as e: print(e) # purl is missing the required "pkg" scheme component: 'not-a-purl'. # Skip normalization (strict mode, preserves original casing) p = PackageURL.from_string("pkg:PyPi/Django@4.2", normalize_purl=False) print(p.type) # PyPi (not lowercased) ``` -------------------------------- ### Tag and Push Git Release Source: https://github.com/package-url/packageurl-python/blob/main/README.rst Tag a new release version and push it to the origin. This action typically triggers automated workflows for building and uploading releases. ```bash VERSION=v0.x.x git tag -a $VERSION -m "Tag $VERSION" git push origin $VERSION ``` -------------------------------- ### Parse Package URL string Source: https://github.com/package-url/packageurl-python/blob/main/README.rst Use the PackageURL.from_string() method to parse a PURL string into a PackageURL object. This is useful for validating and extracting components from PURL strings. ```python from packageurl import PackageURL purl = PackageURL.from_string("pkg:maven/org.apache.commons/io@1.3.4") print(purl.to_dict()) print(purl.to_string()) print(str(purl)) print(repr(purl)) ``` -------------------------------- ### url2purl.url2purl / url2purl.get_purl Source: https://context7.com/package-url/packageurl-python/llms.txt Infers a PackageURL from an arbitrary URL, supporting over 20 URL patterns for various package managers and repositories. It falls back to a generic PURL when no specific pattern matches. Returns None for invalid or empty input. ```APIDOC ## `url2purl.url2purl` / `url2purl.get_purl` — infer a purl from an arbitrary URL Converts a package repository or download URL to a `PackageURL`. Handles 20+ URL patterns (GitHub, npm, PyPI, Maven, RubyGems, Cargo, GitLab, Bitbucket, NuGet, Hackage, CRAN, Conda, Debian, Alpine, and more). Falls back to a `generic` purl when no specific pattern matches. ```python from packageurl.contrib.url2purl import url2purl # GitHub repository URL print(url2purl("https://github.com/nexB/scancode-toolkit")) # PackageURL(type='github', namespace='nexb', name='scancode-toolkit', ...) # PyPI project page print(url2purl("https://pypi.org/project/requests/2.31.0")) # PackageURL(type='pypi', namespace=None, name='requests', version='2.31.0', ...) # npm registry API print(url2purl("https://registry.npmjs.org/lodash/4.17.21")) # PackageURL(type='npm', namespace=None, name='lodash', version='4.17.21', ...) # Maven Central download print(url2purl("https://repo1.maven.org/maven2/org/apache/commons/commons-lang3/3.12.0/commons-lang3-3.12.0.jar")) # PackageURL(type='maven', namespace='org.apache.commons', name='commons-lang3', version='3.12.0', ...) # Cargo (Rust crates.io) download print(url2purl("https://crates.io/api/v1/crates/serde/1.0.193/download")) # PackageURL(type='cargo', namespace=None, name='serde', version='1.0.193', ...) # Unknown URL → generic fallback print(url2purl("https://example.com/releases/mytool-2.0.tar.gz")) # PackageURL(type='generic', name='mytool-2.0.tar.gz', qualifiers={'download_url': '...'}, ...) # Returns None for invalid/empty input print(url2purl("")) # None ``` ``` -------------------------------- ### SQLAlchemy Declarative Mixin for Purl-Aware Models Source: https://context7.com/package-url/packageurl-python/llms.txt PackageURLMixin adds purl-related columns and methods to SQLAlchemy declarative models. It simplifies setting and retrieving PackageURL objects from model instances. ```python from sqlalchemy import create_engine from sqlalchemy.orm import DeclarativeBase, Session from packageurl.contrib.sqlalchemy.mixin import PackageURLMixin engine = create_engine("sqlite:///:memory:") class Base(DeclarativeBase): pass class Package(PackageURLMixin, Base): __tablename__ = "packages" id: int = ... # add your own primary key column Base.metadata.create_all(engine) # Save a package with Session(engine) as session: pkg = Package() pkg.set_package_url("pkg:npm/%40angular/core@17.0.0") session.add(pkg) session.commit() # Read it back with Session(engine) as session: pkg = session.query(Package).first() print(pkg.package_url) # pkg:npm/%40angular/core@17.0.0 print(pkg.get_package_url()) # PackageURL(type='npm', namespace='@angular', name='core', version='17.0.0', ...) ``` -------------------------------- ### Django Abstract Model for Purl-Aware Models Source: https://context7.com/package-url/packageurl-python/llms.txt PackageURLMixin provides a base Django model with fields and methods for managing Package URLs. It includes computed properties and custom manager filters for querying. ```python # models.py from django.db import models from packageurl.contrib.django.models import PackageURLMixin class Package(PackageURLMixin, models.Model): description = models.TextField(blank=True) class Meta: app_label = "myapp" # Usage in views or shell: from myapp.models import Package from packageurl import PackageURL # Create and save a package pkg = Package() pkg.set_package_url("pkg:pypi/requests@2.31.0") pkg.save() # Access the computed purl string print(pkg.package_url) # pkg:pypi/requests@2.31.0 print(pkg.get_package_url()) # PackageURL(type='pypi', name='requests', version='2.31.0', ...) # QuerySet filtering — partial match (type + name only) qs = Package.objects.for_package_url("pkg:pypi/requests") # Returns all versions of requests # Exact match qs = Package.objects.for_package_url("pkg:pypi/requests@2.31.0", exact_match=True) # Helper filters qs_with = Package.objects.with_package_url() # rows that have type + name qs_without = Package.objects.without_package_url() # rows missing type or name qs_ordered = Package.objects.order_by_package_url() ``` -------------------------------- ### Commit Message Signing Source: https://github.com/package-url/packageurl-python/blob/main/CONTRIBUTING.rst Sign your commits with your name and email to confirm your agreement with the Developer Certificate of Origin. This is a standard practice for many open-source projects. ```git Signed-off-by: Jane Doe ``` -------------------------------- ### Validate PackageURL string directly Source: https://context7.com/package-url/packageurl-python/llms.txt Use the `PackageURL.validate_string()` class method for a combined parsing and validation call. It returns a list of `ValidationMessage` objects. ```python from packageurl import PackageURL # Valid purl msgs = PackageURL.validate_string("pkg:maven/com.google.guava/guava@32.1.3-jre") print(msgs) # [] # Missing required namespace for maven msgs = PackageURL.validate_string("pkg:maven/guava@32.1.3-jre") for msg in msgs: print(msg.severity.value, ":", msg.message) # error : Namespace is required for purl type: 'maven' # Completely broken string msgs = PackageURL.validate_string("garbage") for msg in msgs: print(msg.to_dict()) # {'severity': , # 'message': 'purl is missing the required "pkg" scheme component: \'garbage\'.'} ``` -------------------------------- ### Infer Package URL from URL Source: https://github.com/package-url/packageurl-python/blob/main/README.rst Use the url2purl.get_purl() function to infer a Package URL from a given URL. This is helpful for converting web resource URLs into PURL format. ```python from packageurl.contrib import url2purl url2purl.get_purl("https://github.com/package-url/packageurl-python") ``` -------------------------------- ### purl2url.get_download_url Source: https://context7.com/package-url/packageurl-python/llms.txt Generates a direct artifact download URL for a given PURL string. If a direct download URL cannot be determined, it falls back to using the `download_url` qualifier if present. ```APIDOC ## `purl2url.get_download_url` — convert a purl to a direct download URL Returns a direct artifact download URL for a given purl string, or falls back to the `download_url` qualifier if present. ```python from packageurl.contrib.purl2url import get_download_url print(get_download_url("pkg:gem/bundler@2.3.23")) # https://rubygems.org/downloads/bundler-2.3.23.gem print(get_download_url("pkg:npm/lodash@4.17.21")) ``` -------------------------------- ### Validate PackageURL instance against type rules Source: https://context7.com/package-url/packageurl-python/llms.txt Use `PackageURL.validate()` to check a purl instance against its declared type's rules. It returns a list of `ValidationMessage` objects, where an empty list signifies a valid purl. Strict mode also validates qualifiers. ```python from packageurl import PackageURL, ValidationSeverity # Valid purl — no messages p = PackageURL.from_string("pkg:pypi/requests@2.31.0") msgs = p.validate() print(msgs) # [] # PyPI name with underscores triggers a WARNING p = PackageURL(type="pypi", name="my_package", version="1.0") for msg in p.validate(): print(msg.severity, msg.message) # ValidationSeverity.WARNING Name cannot contain underscores for purl type:'pypi' # Unknown type returns an ERROR p = PackageURL(type="unknowntype", name="foo") for msg in p.validate(): print(msg.severity, msg.message) # ValidationSeverity.ERROR Unexpected purl type: expected 'unknowntype' # Strict mode also checks qualifiers p = PackageURL.from_string("pkg:pypi/flask@3.0.0?bad_qualifier=x") for msg in p.validate(strict=True): print(msg.severity) # ValidationSeverity.INFO ``` -------------------------------- ### purl2url.get_repo_url Source: https://context7.com/package-url/packageurl-python/llms.txt Converts a PURL string to its canonical repository web URL. Returns None if the PURL type is not supported. ```APIDOC ## `purl2url.get_repo_url` — convert a purl to a repository browse URL Returns the canonical repository web URL for a given purl string, or `None` if not supported. ```python from packageurl.contrib.purl2url import get_repo_url print(get_repo_url("pkg:pypi/flask@3.0.0")) # https://pypi.org/project/flask/3.0.0/ print(get_repo_url("pkg:npm/%40angular/core@17.0.0")) # https://www.npmjs.com/package/@angular/core/v/17.0.0 print(get_repo_url("pkg:maven/org.springframework/spring-core@6.0.0")) # https://repo.maven.apache.org/maven2/org/springframework/spring-core/6.0.0 print(get_repo_url("pkg:github/nexb/scancode-toolkit@v32.0.0")) # https://github.com/nexb/scancode-toolkit/tree/v32.0.0 print(get_repo_url("pkg:cargo/serde@1.0.193")) # https://crates.io/crates/serde/1.0.193 print(get_repo_url("pkg:golang/github.com/gorilla/mux@v1.8.1")) # https://pkg.go.dev/github.com/gorilla/mux@v1.8.1 ``` ``` -------------------------------- ### PackageURL.validate Source: https://context7.com/package-url/packageurl-python/llms.txt Validates a PackageURL instance against the spec for its declared type. It returns a list of ValidationMessage objects, where an empty list indicates a valid PURL. Messages include severity (ERROR, WARNING, INFO) and a descriptive message. ```APIDOC ## `PackageURL.validate` — validate a purl instance against type rules Validates the purl against the spec for its declared type. Returns a list of `ValidationMessage` objects (empty list = valid). Each message has a `severity` (ERROR, WARNING, INFO) and `message` string. ```python from packageurl import PackageURL, ValidationSeverity # Valid purl — no messages p = PackageURL.from_string("pkg:pypi/requests@2.31.0") msgs = p.validate() print(msgs) # [] # PyPI name with underscores triggers a WARNING p = PackageURL(type="pypi", name="my_package", version="1.0") for msg in p.validate(): print(msg.severity, msg.message) # ValidationSeverity.WARNING Name cannot contain underscores for purl type:'pypi' # Unknown type returns an ERROR p = PackageURL(type="unknowntype", name="foo") for msg in p.validate(): print(msg.severity, msg.message) # ValidationSeverity.ERROR Unexpected purl type: expected 'unknowntype' # Strict mode also checks qualifiers p = PackageURL.from_string("pkg:pypi/flask@3.0.0?bad_qualifier=x") for msg in p.validate(strict=True): print(msg.severity) # ValidationSeverity.INFO ``` ``` -------------------------------- ### Convert Purl String to Django ORM Filter Kwargs Source: https://context7.com/package-url/packageurl-python/llms.txt Converts a purl string into a dict of Django ORM `filter()` keyword arguments. By default, empty fields are omitted for partial matching. Pass `include_empty_fields=True` for exact matching. ```python from packageurl.contrib.django.utils import purl_to_lookups # Partial lookups (only non-empty fields) print(purl_to_lookups("pkg:pypi/requests@2.31.0")) # {'type': 'pypi', 'name': 'requests', 'version': '2.31.0'} ``` ```python # Exact match — all fields, including empty ones print(purl_to_lookups("pkg:pypi/requests@2.31.0", include_empty_fields=True)) # {'type': 'pypi', 'namespace': '', 'name': 'requests', 'version': '2.31.0', # 'qualifiers': '', 'subpath': ''} ``` ```python # Works without leading "pkg:" prefix too print(purl_to_lookups("pypi/requests")) # {'type': 'pypi', 'name': 'requests'} ``` ```python # Apply directly to a QuerySet from myapp.models import Package qs = Package.objects.filter(**purl_to_lookups("pkg:pypi/requests@2.31.0")) ``` -------------------------------- ### PackageURL.validate_string Source: https://context7.com/package-url/packageurl-python/llms.txt A convenience class method that combines parsing and validation of a PURL string into a single operation. It returns a list of ValidationMessage objects. ```APIDOC ## `PackageURL.validate_string` — validate a purl string directly Convenience class method that combines parsing and validation in one call. Returns a list of `ValidationMessage` objects. ```python from packageurl import PackageURL # Valid purl msgs = PackageURL.validate_string("pkg:maven/com.google.guava/guava@32.1.3-jre") print(msgs) # [] # Missing required namespace for maven msgs = PackageURL.validate_string("pkg:maven/guava@32.1.3-jre") for msg in msgs: print(msg.severity.value, ":", msg.message) # error : Namespace is required for purl type: 'maven' # Completely broken string msgs = PackageURL.validate_string("garbage") for msg in msgs: print(msg.to_dict()) # {'severity': , # 'message': 'purl is missing the required "pkg" scheme component: \'garbage\'.} ``` ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.