@socketregistry/packageurl-js

Package Overview

Dependencies

Maintainers

Versions

Alerts

File Explorer

Advanced tools

License

Install Socket

Detect and block malicious and high-risk dependencies

Install

@socketregistry/packageurl-js

Socket.dev optimized package override for packageurl-js

Source

npm

Version: 1.2.0

Version published: 2 months ago

Weekly downloads: 2.2K

Maintainers: 2

Weekly downloads

Created: last year

Source

@socketregistry/packageurl-js

TypeScript-first Package URL (purl) parser and builder. Drop-in replacement for packageurl-js with better types and zero dependencies.

Why use this?

🎯 TypeScript-first: Full type safety and IntelliSense
📦 Zero dependencies: No supply chain bloat
✅ Spec compliant: Implements Package URL specification
🔨 Builder API: Fluent, ecosystem-specific builders

Installation

pnpm install @socketregistry/packageurl-js

Package override (recommended for drop-in replacement):

{
  "pnpm": {
    "overrides": {
      "packageurl-js": "npm:@socketregistry/packageurl-js@^1"
    }
  }
}

Requirements: Node >= 18.20.4

Usage

Parse existing purls:

import { PackageURL } from '@socketregistry/packageurl-js'

const purl = PackageURL.fromString('pkg:npm/lodash@4.17.21')
console.log(purl.name)      // 'lodash'
console.log(purl.version)   // '4.17.21'

Build new purls (recommended):

import { PackageURLBuilder } from '@socketregistry/packageurl-js'

// npm packages
PackageURLBuilder.npm().name('lodash').version('4.17.21').build()
// -> 'pkg:npm/lodash@4.17.21'

// Python packages
PackageURLBuilder.pypi().name('requests').version('2.28.1').build()
// -> 'pkg:pypi/requests@2.28.1'

// Maven with namespace and qualifiers
PackageURLBuilder.maven()
  .namespace('org.springframework')
  .name('spring-core')
  .version('5.3.21')
  .qualifier('classifier', 'sources')
  .build()
// -> 'pkg:maven/org.springframework/spring-core@5.3.21?classifier=sources'

Constructor API:

import { PackageURL } from '@socketregistry/packageurl-js'

new PackageURL('npm', null, 'express', '4.18.2')
// -> 'pkg:npm/express@4.18.2'

// With namespace and subpath
new PackageURL('npm', '@babel', 'runtime', '7.18.6', null, 'helpers/typeof.js')
// -> 'pkg:npm/%40babel/runtime@7.18.6#helpers/typeof.js'

Convert to URLs:

import { UrlConverter } from '@socketregistry/packageurl-js'

UrlConverter.toRepositoryUrl(purl)
// -> 'https://github.com/lodash/lodash'

UrlConverter.toDownloadUrl(purl)
// -> 'https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz'

Development

pnpm install   # Install dependencies
pnpm build     # Build
pnpm test      # Test
pnpm check     # Lint + typecheck

Keywords

Socket.dev

package-overrides

FAQs

What is @socketregistry/packageurl-js?

Is @socketregistry/packageurl-js popular?

Is @socketregistry/packageurl-js well maintained?

Package last updated on 04 Oct 2025

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install