This change addresses an issue where links to scoped npm packages resulted in 404s in the OSS Index service. Namespaces in npm include an @ symbol. According to purl-spec, that should be encoded as %40. However, the path param was being decoded into the @ symbol, resulting in an invalid PackageUrl. Generally, most parts of purls use percent-encoded strings when necessary.
The JAX-RS javadocs state that the @Encoded attribute "disables automatic decoding of parameter values...". By disabling decoding, the coordinates path param can be read as intended.
Additionally, hide GET in the Swagger docs until an issue with the construction of encoded path params is resolved (separate issue open).
Internal references: OSSI-327, OSSI-336, and testsuite
This change addresses an issue where links to scoped npm packages resulted in 404s in the OSS Index service. Namespaces in npm include an
@symbol. According to purl-spec, that should be encoded as%40. However, the path param was being decoded into the@symbol, resulting in an invalidPackageUrl. Generally, most parts of purls use percent-encoded strings when necessary.The JAX-RS javadocs state that the
@Encodedattribute "disables automatic decoding of parameter values...". By disabling decoding, the coordinates path param can be read as intended.Additionally, hide GET in the Swagger docs until an issue with the construction of encoded path params is resolved (separate issue open).
Internal references: OSSI-327, OSSI-336, and testsuite