Company News
Socket Joins the OpenJS Foundation
Socket is proud to join the OpenJS Foundation as a Silver Member, deepening our commitment to the long-term health and security of the JavaScript ecosystem.
By Sarah Gooding - Feb 19, 2026
New: Introducing PHP and Composer Support.Read the Announcement →
@jdalton/packageurl-js
Advanced tools
@jdalton/packageurl-js
JavaScript library to parse and build "purl" aka. package URLs. This is a microlibrary implementing the purl spec at https://github.com/package-url
packageurl-js
Installing:
To install packageurl-js in your project, simply run:
npm install packageurl-js
This command will download the packageurl-js npm package for use in your application.
Local Development:
Clone the packageurl-js repo and cd into the directory.
Then run:
npm install
Testing
To run the test suite:
npm test
Usage Examples
Import ES6 Module
import { PackageURL } from 'packageurl-js';
Import CommonJs Module
const { PackageURL } = require('packageurl-js');
Parsing from a string
const pkg = PackageURL.fromString('pkg:maven/org.springframework.integration/spring-integration-jms@5.5.5');
console.log(pkg);
=>
PackageURL {
type: 'maven',
name: 'spring-integration-jms',
namespace: 'org.springframework.integration',
version: '5.5.5',
qualifiers: null,
subpath: null
}
Constructing
const pkg = new PackageURL(
'maven',
'org.springframework.integration',
'spring-integration-jms',
'5.5.5',
undefined,
undefined);
console.log(pkg.toString());
=>
pkg:maven/org.springframework.integration/spring-integration-jms@5.5.5
Error Handling
try {
PackageURL.fromString('not-a-purl');
} catch(ex) {
console.error(ex.message);
}
=>
purl is missing the required "pkg" scheme component.
FAQs
JavaScript library to parse and build "purl" aka. package URLs. This is a microlibrary implementing the purl spec at https://github.com/package-url
The npm package @jdalton/packageurl-js receives a total of 31 weekly downloads. As such, @jdalton/packageurl-js popularity was classified as not popular.
We found that @jdalton/packageurl-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 13 Aug 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Socket Security Analysis Is Now One Click Away on npm
npm now links to Socket's security analysis on every package page. Here's what you'll find when you click through.
By Sarah Gooding - Feb 19, 2026
Security News
Cline CLI npm Package Compromised via Suspected Cache Poisoning Attack
A compromised npm publish token was used to push a malicious postinstall script in cline@2.3.0, affecting the popular AI coding agent CLI with 90k weekly downloads.
By Sarah Gooding - Feb 18, 2026