![Oracle Drags Its Feet in the JavaScript Trademark Dispute](https://cdn.sanity.io/images/cgdhsj6q/production/919c3b22c24f93884c548d60cbb338e819ff2435-1024x1024.webp?w=400&fit=max&auto=format)
Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Python library to parse and build "purl" aka. Package URLs. See https://github.com/package-url/purl-spec for details.
Join the discussion at https://gitter.im/package-url/Lobby or enter a ticket for support.
License: MIT
+----------------------+ | Tests and build | +======================+ | |ci-tests| | +----------------------+
::
pip install packageurl-python
::
>>> from packageurl import PackageURL
>>> purl = PackageURL.from_string("pkg:maven/org.apache.commons/io@1.3.4")
>>> print(purl.to_dict())
{'type': 'maven', 'namespace': 'org.apache.commons', 'name': 'io', 'version': '1.3.4', 'qualifiers': None, 'subpath': None}
>>> print(purl.to_string())
pkg:maven/org.apache.commons/io@1.3.4
>>> print(str(purl))
pkg:maven/org.apache.commons/io@1.3.4
>>> print(repr(purl))
PackageURL(type='maven', namespace='org.apache.commons', name='io', version='1.3.4', qualifiers={}, subpath=None)
Django models ^^^^^^^^^^^^^
packageurl.contrib.django.models.PackageURLMixin
is a Django abstract model mixin to
use Package URLs in Django.
SQLAlchemy mixin ^^^^^^^^^^^^^^^^
packageurl.contrib.sqlalchemy.mixin.PackageURLMixin
is a SQLAlchemy declarative mixin
to use Package URLs in SQLAlchemy models.
URL to PURL ^^^^^^^^^^^
packageurl.contrib.url2purl.get_purl(url)
returns a Package URL inferred from an URL.
::
>>> from packageurl.contrib import url2purl
>>> url2purl.get_purl("https://github.com/package-url/packageurl-python")
PackageURL(type='github', namespace='package-url', name='packageurl-python', version=None, qualifiers={}, subpath=None)
PURL to URL ^^^^^^^^^^^
packageurl.contrib.purl2url.get_repo_url(purl)
returns a repository URL inferred
from a Package URL.packageurl.contrib.purl2url.get_download_url(purl)
returns a download URL inferred
from a Package URL.packageurl.contrib.purl2url.get_inferred_urls(purl)
return all inferred URLs
(repository, download) from a Package URL.::
>>> from packageurl.contrib import purl2url
>>> purl2url.get_repo_url("pkg:gem/bundler@2.3.23")
"https://rubygems.org/gems/bundler/versions/2.3.23"
>>> purl2url.get_download_url("pkg:gem/bundler@2.3.23")
"https://rubygems.org/downloads/bundler-2.3.23.gem"
>>> purl2url.get_inferred_urls("pkg:gem/bundler@2.3.23")
["https://rubygems.org/gems/bundler/versions/2.3.23", "https://rubygems.org/downloads/bundler-2.3.23.gem"]
Install test dependencies::
python3 thirdparty/virtualenv.pyz --never-download --no-periodic-update .
bin/pip install -e ."[test]"
Run tests::
bin/pytest tests
Start a new release branch
Update the CHANGELOG.rst, AUTHORS.rst, and README.rst if needed
Bump version in setup.cfg
Run all tests
Install restview and validate that all .rst docs are correct
Commit and push this branch
Make a PR and merge once approved
Tag and push that tag. This triggers the pypi-release.yml workflow that takes care of building the dist release files and upload those to pypi::
VERSION=v0.x.x git tag -a $VERSION -m "Tag $VERSION" git push origin $VERSION
Review the GitHub release created by the workflow at https://github.com/package-url/packageurl-python/releases
.. |ci-tests| image:: https://github.com/package-url/packageurl-python/actions/workflows/ci.yml/badge.svg?branch=main :target: https://github.com/package-url/packageurl-python/actions/workflows/ci.yml :alt: CI Tests and build status
FAQs
A purl aka. Package URL parser and builder
We found that packageurl-python demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
Security News
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.