purlvalidator is a Go library for validating Package URLs (PURLs). It works fully offline, including in air-gapped or restricted environments, and answers one key question: Does the package this PURL represents actually exist?
purlvalidator is shipped with a pre-built FST (Finite State Transducer), a set of compact automata containing latest Package URLs mined by the MineCode1. Library uses this FST to perform lookups and confirm whether the base PURL2 exists.
- nuget: https://www.nuget.org/
Add purlvalidator as dependency in your go.mod
require github.com/aboutcode-org/purlvalidator-go v0.1.0Use it in your code like this
import "github.com/aboutcode-org/purlvalidator-go"
var result bool = purlvalidator.Validate("pkg:nuget/FluentValidation");We welcome contributions from the community! If you find a bug or have an idea for a new feature, please open an issue on the GitHub repository. If you want to contribute code, you can fork the repository, make your changes, and submit a pull request.
- Please try to write a good commit message, see good commit message wiki.
- Add DCO
Sign Offto your commits.
Run these commands, starting from a git clone of https://github.com/aboutcode-org/purlvalidator-go.git
Generate FST:
make build-fstRun tests:
make testFix formatting and linting:
make validSPDX-License-Identifier: Apache-2.0
purl-validator is licensed under Apache License version 2.0.
You may not use this software except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
