:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
The PURL for a Swift package depends on where the package is hosted, and given that Package.swift does not contain the repository URL for the top-level package, it is not possible to infer the correct PURL for the top-level package solely from the Package.swift manifest.
We can use https://swiftpackageindex.com/ to get the correct PURL, but this may not work for all packages since Swift Package Index is not authoritative in nature, i.e. a Swift package may exist, and the author may choose not to add their package to Swift Package Index. https://swiftpackageindex.com/add-a-package
The PURL for a Swift package depends on where the package is hosted, and given that
Package.swiftdoes not contain the repository URL for the top-level package, it is not possible to infer the correct PURL for the top-level package solely from thePackage.swiftmanifest. We can use https://swiftpackageindex.com/ to get the correct PURL, but this may not work for all packages since Swift Package Index is not authoritative in nature, i.e. a Swift package may exist, and the author may choose not to add their package to Swift Package Index. https://swiftpackageindex.com/add-a-packageThis is a follow from this discussion https://github.com/nexB/scancode-toolkit/pull/3788#discussion_r1618829825