Resolve Package URLs to registry metadata API URLs

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mhalle from gravatar.com mhalle

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Michael Halle
  • Tags metadata , package-manager , package-url , purl , registry , sbom , spdx
  • Requires: Python >=3.8
  • Provides-Extra: fetch , test
Classifiers
Report project as malware

Project description

purl2meta

Resolve Package URLs (purl) to registry metadata API URLs.

Given a purl like pkg:pypi/requests@2.28.0, purl2meta returns the corresponding registry API endpoint — https://pypi.org/pypi/requests/2.28.0/json — so you can fetch package metadata without hardcoding registry-specific URL patterns.

Installation

pip install purl2meta

To also fetch metadata over HTTP (installs httpx):

pip install purl2meta[fetch]

Quick start

Get a metadata URL

from purl2meta import get_metadata_url

get_metadata_url("pkg:pypi/requests@2.28.0")
# => "https://pypi.org/pypi/requests/2.28.0/json"

get_metadata_url("pkg:npm/express@4.18.2")
# => "https://registry.npmjs.org/express/4.18.2"

get_metadata_url("pkg:maven/org.apache.commons/commons-io@1.3.2")
# => "https://repo.maven.apache.org/maven2/org/apache/commons/commons-io/1.3.2/commons-io-1.3.2.pom"

get_metadata_url("pkg:cargo/serde@1.0.193")
# => "https://crates.io/api/v1/crates/serde/1.0.193"

Returns None for unsupported types or purls missing required fields.

Fetch metadata directly

Requires the [fetch] extra.

from purl2meta import get_metadata

data = get_metadata("pkg:pypi/requests@2.28.0")
# => {"info": {"name": "requests", "version": "2.28.0", ...}, "urls": [...], ...}

data = get_metadata("pkg:npm/express@4.18.2")
# => {"name": "express", "version": "4.18.2", "dependencies": {...}, ...}

get_metadata resolves the URL, sends an HTTP GET, and returns parsed JSON (or raw text for non-JSON responses like Maven POM files). Returns None if the purl type is unsupported.

Supported package types

Type Example purl Metadata API
npm pkg:npm/express@4.18.2 registry.npmjs.org
PyPI pkg:pypi/requests@2.28.0 pypi.org/pypi
Cargo pkg:cargo/serde@1.0.193 crates.io/api
RubyGems pkg:gem/rails@7.1.2 rubygems.org/api
NuGet pkg:nuget/Newtonsoft.Json@13.0.3 api.nuget.org
Hex pkg:hex/phoenix@1.7.10 hex.pm/api
Pub pkg:pub/http@0.13.3 pub.dev/api
Hackage pkg:hackage/aeson@2.2.1.0 hackage.haskell.org
Go pkg:golang/golang.org/x/oauth2@0.29.0 proxy.golang.org
Maven pkg:maven/org.apache.commons/commons-io@1.3.2 repo.maven.apache.org
Composer pkg:composer/laravel/framework@10.38.0 repo.packagist.org
CocoaPods pkg:cocoapods/Alamofire@5.8.1 trunk.cocoapods.org
Conda pkg:conda/numpy?channel=conda-forge api.anaconda.org
GitHub pkg:github/pallets/flask@3.0.0 api.github.com
GitLab pkg:gitlab/inkscape/inkscape gitlab.com/api
Bitbucket pkg:bitbucket/birkenfeld/pygments-main api.bitbucket.org
CRAN pkg:cran/ggplot2@3.4.0 crandb.r-pkg.org

API reference

get_metadata_url(purl: str) -> str | None

Return the metadata API URL for the given purl string, or None if the type is unsupported or required fields are missing.

get_metadata(purl: str) -> dict | str | None

Fetch metadata from the registry. Returns parsed JSON as a dict, raw text for non-JSON responses (e.g. Maven POM XML), or None if unsupported. Requires httpx.

metadata_router

The underlying Router instance. Use it to register custom routes:

from packageurl import PackageURL
from purl2meta import metadata_router

@metadata_router.route("pkg:custom/.*")
def build_custom_metadata_url(purl):
    purl_data = PackageURL.from_string(purl)
    return f"https://my-registry.example.com/api/{purl_data.name}"

Development

git clone <repo-url>
cd purl2meta

# Run tests
uv run --with pytest --with httpx python -m pytest tests/ -v

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for mhalle from gravatar.com mhalle

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Michael Halle
  • Tags metadata , package-manager , package-url , purl , registry , sbom , spdx
  • Requires: Python >=3.8
  • Provides-Extra: fetch , test
Classifiers

Release history Release notifications | RSS feed

This version

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

purl2meta-0.1.1.tar.gz (7.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

purl2meta-0.1.1-py3-none-any.whl (5.2 kB view details)

Uploaded Python 3

File details

Details for the file purl2meta-0.1.1.tar.gz.

File metadata

  • Download URL: purl2meta-0.1.1.tar.gz
  • Upload date:
  • Size: 7.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for purl2meta-0.1.1.tar.gz
Algorithm Hash digest
SHA256 7e24d53cf8ff3f0a371266b2d7e8d44af4162ac6d0671c585a0fd12b105c584d
MD5 75390c06cb29715fef93cd67390ded31
BLAKE2b-256 66a0471f26c7d34e103bd9949f68b6d1dee4c8b89c83024d1e18ec30ab23d9f0

See more details on using hashes here.

Provenance

The following attestation bundles were made for purl2meta-0.1.1.tar.gz:

Publisher: publish.yml on mhalle/purl2meta

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file purl2meta-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: purl2meta-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 5.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for purl2meta-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 02f93e8d032c1941aa9453a0db85aabfdf0b69c81c0424ef340d1eafad3f549b
MD5 99756b29cc9154cdb3ee6f2c63a8c1e1
BLAKE2b-256 5e991952eb741af24ecedef82385d756cd1a74cc3694989291e4e58dbdec2697

See more details on using hashes here.

Provenance

The following attestation bundles were made for purl2meta-0.1.1-py3-none-any.whl:

Publisher: publish.yml on mhalle/purl2meta

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page