Translate Package URLs (PURLs) into validated download URLs for source code artifacts

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for alkamod from gravatar.com alkamod

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Oscar Valenzuela B.
  • Tags purl , package-url , package-manager , source-code , download
  • Requires: Python >=3.8
  • Provides-Extra: dev
Classifiers
Report project as malware

This project has been archived.

The maintainers of this project have marked this project as archived. No new releases are expected.

Project description

semantic-copycat-purl2src

Translate Package URLs (PURLs) into validated download URLs for source code artifacts.

Features

  • Multi-ecosystem support: NPM, PyPI, Cargo, NuGet, GitHub, Maven, RubyGems, Go, Conda, and more
  • Three-level resolution strategy:
    1. Direct URL construction based on known patterns
    2. Package registry API queries
    3. Local package manager fallback
  • URL validation: Verify download URLs are accessible
  • Batch processing: Process multiple PURLs from files
  • Multiple output formats: JSON, CSV, or plain text
  • Extensible architecture: Easy to add new package ecosystems

Installation

pip install semantic-copycat-purl2src

Usage

Command Line

# Single PURL (default text output)
purl2src "pkg:npm/express@4.17.1"
# Output: pkg:npm/express@4.17.1 -> https://registry.npmjs.org/express/-/express-4.17.1.tgz

# JSON output format
purl2src "pkg:npm/express@4.17.1" --format json

# With validation
purl2src "pkg:pypi/requests@2.28.0" --validate

# Batch processing from file
purl2src -f purls.txt --output results.json

# Batch processing with JSON to stdout
purl2src -f purls.txt --format json

Python API

from purl2src import get_download_url

# Get download URL for a PURL
result = get_download_url("pkg:npm/express@4.17.1")
print(result.download_url)
# https://registry.npmjs.org/express/-/express-4.17.1.tgz

# Without validation (faster)
result = get_download_url("pkg:pypi/requests@2.28.0", validate=False)

Supported Ecosystems

Ecosystem PURL Type Example
NPM npm pkg:npm/@angular/core@12.0.0
PyPI pypi pkg:pypi/django@4.0.0
Cargo cargo pkg:cargo/serde@1.0.0
NuGet nuget pkg:nuget/Newtonsoft.Json@13.0.1
Maven maven pkg:maven/org.apache.commons/commons-lang3@3.12.0
RubyGems gem pkg:gem/rails@7.0.0
Go golang pkg:golang/github.com/gin-gonic/gin@v1.8.0
GitHub github pkg:github/facebook/react@v18.0.0
Conda conda pkg:conda/numpy@1.23.0?channel=conda-forge&subdir=linux-64&build=py39h1234567_0
Generic generic pkg:generic/package@1.0.0?download_url=https://example.com/file.tar.gz

Examples

NPM with Scoped Package

purl2src "pkg:npm/@angular/core@12.0.0"
# Output: https://registry.npmjs.org/@angular/core/-/core-12.0.0.tgz

Maven with Classifier

purl2src "pkg:maven/org.apache.xmlgraphics/batik-anim@1.9.1?classifier=sources"
# Output: https://repo.maven.apache.org/maven2/org/apache/xmlgraphics/batik-anim/1.9.1/batik-anim-1.9.1-sources.jar

Generic with Checksum Validation

purl2src "pkg:generic/mypackage@1.0.0?download_url=https://example.com/pkg.tar.gz&checksum=sha256:abcd1234..."

License

Apache License 2.0 - see LICENSE file for details

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for alkamod from gravatar.com alkamod

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Oscar Valenzuela B.
  • Tags purl , package-url , package-manager , source-code , download
  • Requires: Python >=3.8
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

1.2.2

1.1.2

0.1.1

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

semantic_copycat_purl2src-0.1.0.tar.gz (22.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

semantic_copycat_purl2src-0.1.0-py3-none-any.whl (26.8 kB view details)

Uploaded Python 3

File details

Details for the file semantic_copycat_purl2src-0.1.0.tar.gz.

File metadata

File hashes

Hashes for semantic_copycat_purl2src-0.1.0.tar.gz
Algorithm Hash digest
SHA256 0ce3a3559e9b2c14f4999d353320894a019a8a8084e6e86eff7d5907ea43f1eb
MD5 37d99e9b0ffa5b7688c1b0ca030a6438
BLAKE2b-256 545a56582b226cf45debf455ac451fc3714c9bd7f07dc32d2d8e5aa106ecd643

See more details on using hashes here.

Provenance

The following attestation bundles were made for semantic_copycat_purl2src-0.1.0.tar.gz:

Publisher: python-publish.yml on oscarvalenzuelab/semantic-copycat-purl2src

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file semantic_copycat_purl2src-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for semantic_copycat_purl2src-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 6e17af84367135e83b7ef7773460ebb548df3b782d6b508c8d52ef8a292fbcfd
MD5 afb4a4fcc85a113367fa52590a83c30f
BLAKE2b-256 27a0c8f0ee2e8469bc0ec4705e8b97c56eadd99241f9f63077db8722d305be13

See more details on using hashes here.

Provenance

The following attestation bundles were made for semantic_copycat_purl2src-0.1.0-py3-none-any.whl:

Publisher: python-publish.yml on oscarvalenzuelab/semantic-copycat-purl2src

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page