Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

JavaScript implementation of the package url spec

License

MIT, MIT licenses found

Licenses found

MIT
LICENSE
MIT
LICENSE.original
NotificationsYou must be signed in to change notification settings

SocketDev/socket-packageurl-js

 
 

Socket BadgeCI - @socketregistry/packageurl-jsTest CoverageType Coverage

Follow @SocketSecurityFollow @socket.dev on Bluesky

TypeScript Package URL (purl) parser and builder. Drop-in replacement forpackageurl-js with full type safety, zero dependencies, and spec compliance with thePackage URL specification.

What is a PURL?

A Package URL (purl) standardizes how to identify software packages:

pkg:npm/lodash@4.17.21pkg:pypi/requests@2.28.1pkg:maven/org.springframework/spring-core@5.3.21

Format breakdown:

  pkg:type/namespace/name@version?qualifiers#subpath  │   │    │         │    │       │          │  │   │    │         │    │       │          └─ Optional subpath  │   │    │         │    │       └──────────── Optional key=value pairs  │   │    │         │    └──────────────────── Optional version  │   │    │         └───────────────────────── Required package name  │   │    └─────────────────────────────────── Optional namespace/scope  │   └──────────────────────────────────────── Required package type  └──────────────────────────────────────────── Scheme (always "pkg:")

Supports 35+ ecosystems: npm, pypi, maven, gem, cargo, nuget, composer, golang, docker, and more.

Installation

pnpm install @socketregistry/packageurl-js

Drop-in replacement via package override:

{"pnpm": {"overrides": {"packageurl-js":"npm:@socketregistry/packageurl-js@^1"    }  }}

Requirements: Node >= 18.20.4

Usage

Parse purls:

import{PackageURL}from'@socketregistry/packageurl-js'constpurl=PackageURL.fromString('pkg:npm/lodash@4.17.21')console.log(purl.name)// 'lodash'console.log(purl.version)// '4.17.21'

Build purls:

import{PackageURLBuilder}from'@socketregistry/packageurl-js'// npm packagesPackageURLBuilder.npm().name('lodash').version('4.17.21').build()// -> 'pkg:npm/lodash@4.17.21'// Python packagesPackageURLBuilder.pypi().name('requests').version('2.28.1').build()// -> 'pkg:pypi/requests@2.28.1'// Maven with namespace and qualifiersPackageURLBuilder.maven().namespace('org.springframework').name('spring-core').version('5.3.21').qualifier('classifier','sources').build()// -> 'pkg:maven/org.springframework/spring-core@5.3.21?classifier=sources'

Constructor API:

import{PackageURL}from'@socketregistry/packageurl-js'newPackageURL('npm',null,'express','4.18.2')// -> 'pkg:npm/express@4.18.2'// With namespace and subpathnewPackageURL('npm','@babel','runtime','7.18.6',null,'helpers/typeof.js')// -> 'pkg:npm/%40babel/runtime@7.18.6#helpers/typeof.js'

Convert to URLs:

import{UrlConverter}from'@socketregistry/packageurl-js'UrlConverter.toRepositoryUrl(purl)// -> 'https://github.com/lodash/lodash'UrlConverter.toDownloadUrl(purl)// -> 'https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz'

Use type-safe PURL types:

import{PURL_Type,EcosystemString}from'@socketregistry/packageurl-js'// Type-safe enum valuesconsole.log(PURL_Type.NPM)// 'npm'console.log(PURL_Type.PYPI)// 'pypi'console.log(PURL_Type.MAVEN)// 'maven'// Use in type annotationsfunctionprocessPurl(type:EcosystemString){// type is constrained to valid PURL type strings}

Documentation

DocDescription
Getting StartedQuick start for contributors (5 min setup)
API ReferenceComplete API documentation
ExamplesCommon use cases and patterns

Development

New to the project? See theGetting Started Guide for setup, workflow, and contribution guidelines.

Quick commands:

pnpm install# Install dependenciespnpm build# Buildpnpmtest# Testpnpm check# Lint + typecheck

About

JavaScript implementation of the package url spec

Resources

License

MIT, MIT licenses found

Licenses found

MIT
LICENSE
MIT
LICENSE.original

Code of conduct

Contributing

Security policy

Stars

Watchers

Forks

Packages

No packages published

Languages

  • JavaScript51.0%
  • TypeScript46.5%
  • Shell2.5%
[8]ページ先頭
©2009-2025 Movatter.jp