github.com/google/osv-scalibr@v0.4.1/extractor/filesystem/language/javascript/purl/purl.go (about) 1 // Copyright 2025 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Package purl converts NPM package details into an NPM PackageURL. 16 package purl 17 18 import ( 19 javascriptmeta "github.com/google/osv-scalibr/extractor/filesystem/language/javascript/packagejson/metadata" 20 "github.com/google/osv-scalibr/purl" 21 ) 22 23 // MakePackageURL returns a package URL for NPM PURLs. Technically they spec requires that package names be lowercase, 24 // but that'd make us not be able to disambiguate between some packages in the wild that still use uppercase. 25 // See https://github.com/package-url/purl-spec/issues/136 26 func MakePackageURL(name string, version string, metadata any) *purl.PackageURL { 27 q := make(map[string]string) 28 if m, ok := metadata.(*javascriptmeta.JavascriptPackageJSONMetadata); ok { 29 if m.Source != javascriptmeta.Unknown { 30 q["source"] = m.Source.ToProto().String() 31 } 32 } 33 var qualifiers purl.Qualifiers 34 if len(q) > 0 { 35 qualifiers = purl.QualifiersFromMap(q) 36 } 37 return &purl.PackageURL{ 38 Type: purl.TypeNPM, 39 Name: name, 40 Version: version, 41 Qualifiers: qualifiers, 42 } 43 }