Open ioggstream opened 1 year ago
adg
commented
1 year ago Thanks for the suggestion.
One possible implementation would be to add a "purl" parameter to Query.
For now, though, users will have to decompose a purl into a system, package name, and version.
ioggstream
commented
1 year ago It would be great to have a consolidated way to decompose the purl and map its components into the ones supported by deps.dev.
adg
commented
1 year ago An update: this is a work in progress, but we don't have a delivery date.
benken-parasoft
commented
1 year ago There are various "package-url" reference implementations available: https://github.com/orgs/package-url/repositories . For example, I use "packageurl-java" to parse my package URL and then translate it to "versionKey" path parameters. This is admittedly cumbersome:
PackageURL purl = new PackageURL(purlStr);
String versionKeySystem = purl.getType().toUpperCase();
String versionKeyName = purl.getNamespace() + ':' + purl.getName();
String versionKeyVersion = purl.getVersion();
// invoke /systems/{versionKey.system}/packages/{versionKey.name}/versions/{versionKey.version}
getVersion(versionKeySystem, versionKeyName, versionKeyVersion);The above is also not entirely correct because the rules for constructing "versionKey.name" depends on what is used for "versionKey.system". Colon is used for Maven but the syntax is different for PyPI and NuGet.
rkg-mm
commented
11 months ago An update: this is a work in progress, but we don't have a delivery date.
Is this still being worked on?
sarnesjo
commented
8 months ago I'm happy to announce that we now have experimental support for querying by purl via the new PurlLookup and PurlLookupBatch endpoints. This was just launched alongside a number of other new API features, which you can read about on our blog.
jamietanna
commented
8 months ago Ooh thanks very much 👏🏽
I'll shortly update my implementation (https://dmd.tanna.dev) which will simplify a number of things I'm doing to translate package metadata 🚀
I expect