github.com/google/osv-scalibr@v0.4.1/extractor/filesystem/language/python/pypipurl/pythonpurl.go

github.com/google/osv-scalibr@v0.4.1/extractor/filesystem/language/python/pypipurl/pythonpurl.go (about)

     1  // Copyright 2025 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package pypipurl converts a package to a PyPI type PackageURL.
    16  package pypipurl
    17  
    18  import (
    19  	"regexp"
    20  	"strings"
    21  
    22  	"github.com/google/osv-scalibr/purl"
    23  )
    24  
    25  var specialCharRunFinder = regexp.MustCompile("[-_.]+")
    26  
    27  // MakePackageURL returns a package URL following the purl PyPI spec:
    28  // - Name is lowercased
    29  // - Replaces all runs of ` _ . - ` with -
    30  //
    31  // See: https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#pypi
    32  // And: https://peps.python.org/pep-0503/#normalized-names
    33  //
    34  // This function does *not* handle package names with invalid characters, and will
    35  // return them as is.
    36  func MakePackageURL(name string, version string) *purl.PackageURL {
    37  	normalizedName := specialCharRunFinder.ReplaceAllLiteralString(strings.ToLower(name), "-")
    38  	return &purl.PackageURL{
    39  		Type:    purl.TypePyPi,
    40  		Name:    normalizedName,
    41  		Version: version,
    42  	}
    43  }