Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@socketregistry/packageurl-js

Package Overview
Dependencies
Maintainers
2
Versions
23
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@socketregistry/packageurl-js

Socket.dev optimized package override for packageurl-js

Source
npmnpm
Version
1.1.4
Version published
Weekly downloads
2.2K
-11.69%
Maintainers
2
Weekly downloads
 
Created
Source

@socketregistry/packageurl-js

Socket Badge CI - @socketregistry/packageurl-js Follow @SocketSecurity Follow @socket.dev on Bluesky

TypeScript-first Package URL parser. Drop-in replacement for packageurl-js.

  • TypeScript support
  • Zero dependencies
  • Package URL spec compliant
  • Builder pattern API

Installation

pnpm install @socketregistry/packageurl-js

Package override (recommended):

{
  "overrides": {
    "packageurl-js": "npm:@socketregistry/packageurl-js@^1"
  }
}

Requirements: Node >= 18.20.4

Usage

import { PackageURL, PackageURLBuilder, UrlConverter } from '@socketregistry/packageurl-js'

// Parse from string
const purl = PackageURL.fromString('pkg:npm/lodash@4.17.21')
console.log(purl.name)      // 'lodash'

// Create from components
const newPurl = new PackageURL('npm', null, 'express', '4.18.2')
// -> 'pkg:npm/express@4.18.2'

// Builder pattern - ecosystem-specific builders
const npmPurl = PackageURLBuilder
  .npm()
  .name('lodash')
  .version('4.17.21')
  .build()
// -> 'pkg:npm/lodash@4.17.21'

const pythonPurl = PackageURLBuilder
  .pypi()
  .name('requests')
  .version('2.28.1')
  .build()
// -> 'pkg:pypi/requests@2.28.1'

const javaPurl = PackageURLBuilder
  .maven()
  .namespace('org.springframework')
  .name('spring-core')
  .version('5.3.21')
  .qualifier('classifier', 'sources')
  .build()
// -> 'pkg:maven/org.springframework/spring-core@5.3.21?classifier=sources'

// Subpaths for packages like npm/@babel/runtime
const subpathPurl = new PackageURL('npm', '@babel', 'runtime', '7.18.6', null, 'helpers/typeof.js')
// -> 'pkg:npm/%40babel/runtime@7.18.6#helpers/typeof.js'

// URL conversion
const repoUrl = UrlConverter.toRepositoryUrl(purl)
// -> 'https://github.com/lodash/lodash'
const downloadUrl = UrlConverter.toDownloadUrl(purl)
// -> 'https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz'

Development

pnpm install   # Install dependencies
pnpm build     # Build
pnpm test      # Test
pnpm check     # Lint + typecheck

Keywords

Socket.dev
package-overrides

FAQs

Package last updated on 29 Sep 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Socket Firewall Now Available in Docker Hardened Images

Security News

/

Product

Socket Firewall Now Available in Docker Hardened Images

Socket Firewall Free is now bundled into Docker Hardened Images, adding build-time and dependency-install supply chain protection on top of hardened base images for Node.js, Python, and Rust.

By Sarah Gooding  -  Dec 17, 2025
The Nightmare Before Deployment

Security News

The Nightmare Before Deployment

Season’s greetings from Socket, and here’s to a calm end of year: clean dependencies, boring pipelines, no surprises.

By Ahmad Nassri  -  Dec 16, 2025