But it's not "standard" (IANA), and also already used e.g. by the the uri-scheme package for Node.js as a prefix for custom URI schemes used by mobile apps, according to Google Gemini - although https://www.npmjs.com/package/uri-scheme does not mention it.
The
pkg:scheme, à lapkg:maven/ch.vorburger.mariaDB4j/mariaDB4j@3.1.0, is shown e.g. on https://central.sonatype.com/artifact/ch.vorburger.mariaDB4j/mariaDB4j.But it's not "standard" (IANA), and also already used e.g. by the the
uri-schemepackage for Node.js as a prefix for custom URI schemes used by mobile apps, according to Google Gemini - although https://www.npmjs.com/package/uri-scheme does not mention it.An Enola specific URL template may be simplest; I'm thinking e.g. something like https://enola.dev/java/maven/central/ch.vorburger.mariaDB4j/mariaDB4j-core/3.1.0 perhaps. (Where
centralcould alternatively also be either an alias or an encoded full URL e.g. to an in-house repo.)Unless Security (CVE) community already have a useful URI standard for packages, such as Maven? (And others, probably.)
https://spdx.dev might have something we could map to?