packageurl-js - npm Package Compare versions

Comparing version 1.2.0 to 1.2.1

CHANGELOG.md

@@ -0,1 +1,6 @@
+# 1.2.1
+## Bug Fixes
+* purls with + in versions are now valid #52 (contributed by @satanshiro)
+* purl names staring with `:` are now accepted #45 (contributed by @aniruth37)
+
 # 1.2.0
@@ -2,0 +7,0 @@ ## Features

package.json

 {
   "name": "packageurl-js",
-  "version": "1.2.0",
+  "version": "1.2.1",
   "description": "JavaScript library to parse and build \"purl\" aka. package URLs. This is a microlibrary implementing the purl spec at https://github.com/package-url",
@@ -5,0 +5,0 @@ "keywords": [

src/package-url.js

@@ -107,3 +107,3 @@ /*!
       purl.push('@');
-      purl.push(encodeURIComponent(this.version).replace(/%3A/g, ':'));
+      purl.push(encodeURIComponent(this.version).replace(/%3A/g, ':').replace(/%2B/g,'+'));
     }
@@ -142,3 +142,4 @@
 
-    let [scheme, remainder] = purl.split(':', 2);
+    let scheme = purl.slice(0, purl.indexOf(':'))
+    let remainder = purl.slice(purl.indexOf(':') + 1)
     if (scheme !== 'pkg') {
@@ -193,3 +194,3 @@ throw new Error('purl is missing the required "pkg" scheme component.');
       // https://github.com/package-url/packageurl-js/blob/58026c86978c6e356e5e07f29ecfdccbf8829918/src/package-url.js#L98C10-L98C10
-      let versionEncoded = encodeURIComponent(version).replace(/%3A/g, ':');
+      let versionEncoded = encodeURIComponent(version).replace(/%3A/g, ':').replace(/%2B/g,'+');
 
@@ -196,0 +197,0 @@ if (rawVersion !== versionEncoded) {

test/data/test-suite-data.json

@@ -111,2 +111,14 @@ [
   {
+    "description": "debian can have debian versions as part of version with plus sign",
+    "purl": "pkg:deb/debian/libssl1.1@1.1.1n-0+deb10u3?arch=amd64&distro=debian-10",
+    "canonical_purl": "pkg:deb/debian/libssl1.1@1.1.1n-0+deb10u3?arch=amd64&distro=debian-10",
+    "type": "deb",
+    "namespace": "debian",
+    "name": "libssl1.1",
+    "version": "1.1.1n-0+deb10u3",
+    "qualifiers": {"arch": "amd64", "distro": "debian-10"},
+    "subpath": null,
+    "is_invalid": false
+  },
+  {
     "description": "docker uses qualifiers and hash image id as versions",
@@ -410,3 +422,15 @@ "purl": "pkg:docker/customer/dockerimage@sha256:244fd47e07d1004f0aed9c?repository_url=gcr.io",
     "is_invalid": true
+  },
+  {
+    "description": "colon present in name is a valid PURL",
+    "purl": "pkg:maven/:spring-context@5.2.8-RELEASE",
+    "canonical_purl": "pkg:maven/:spring-context@5.2.8-RELEASE",
+    "type": "maven",
+    "namespace": null,
+    "name": ":spring-context",
+    "version": "5.2.8-RELEASE",
+    "qualifiers": null,
+    "subpath": null,
+    "is_invalid": false
   }
 ]

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

42223

increased by3.29%

Number of package files

15

increased by7.14%

Lines of code

907

increased by2.83%

No dependency changes