Closed ThiefaineM closed 2 years ago
ThiefaineM
commented
2 years ago Hello @rnjudge ! I have a question: so there is the list of package recognized in the purl spec and the one in Tern : tern/tern/analyse/defaukt/command_lib/base.yml Should I only focus on the twelve in base.yml and ignored the others ?
rnjudge
commented
2 years ago Hi @ThiefaineM, base.yml lists the package managers that Tern is able to collect metadata for (I imagine the purl spec has many more than 12). If you have other package mangers that you would like to see added to base.yml please let me know and we can look in to them. The scripts in base.yml are what Tern runs to collect package metadata for each package manager so any package manager we add will have to have a corresponding command or set of commands that can be run in a container from a command line to collect metdata.
ThiefaineM
commented
2 years ago OK, then for the pull request I only worked with the one present in base.yml. I think base.yml has most of the interesting packages manager but maven could be a big plus :)
Describe the bug According to the purl spec, some package names should always be in lowercase : https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst One of them is for pypi languages, but at the moment the generated purl for Django is : "pkg:pypi/Django@3.2.3"
To Reproduce
I will work on the PR (if it's okay of course).