purl_validator 0.7.0

Offline PackageURL validator using a prebuilt FST of known packages.
docs.rs failed to build purl_validator-0.7.0
Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.
Visit the last successful build: purl_validator-0.1.0

purl-validator

License Version Test

purl-validator is a Rust library for validating Package URLs (PURLs). It works fully offline, including in air-gapped or restricted environments, and answers one key question: Does the package this PURL represents actually exist?

How It Works?

purl-validator is shipped with a pre-built FST (Finite State Transducer), a set of compact automata containing latest Package URLs mined by the MineCode[^1]. Library uses this FST to perform lookups and confirm whether the base PURL[^2] exists.

Currently Supported Ecosystems

  • apk
  • cargo
  • composer
  • conan
  • cpan
  • cran
  • debain
  • maven
  • npm
  • nuget
  • pypi
  • swift

Usage

Add purl-validator to your Rust dependency

cargo add purl-validator

Use it in your code like this

use purl_validator::validate;

let result: bool = validate("pkg:nuget/FluentValidation");

Contribution

We welcome contributions from the community! If you find a bug or have an idea for a new feature, please open an issue on the GitHub repository. If you want to contribute code, you can fork the repository, make your changes, and submit a pull request.

Development Setup

Run these commands, starting from a git clone of https://github.com/aboutcode-org/purl-validator-rust.git

Generate FST:

make build-fst

Run tests:

make test

Fix formatting and linting:

make valid

License

SPDX-License-Identifier: Apache-2.0

purl-validator is licensed under Apache License version 2.0.

You may not use this software except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

[^1]: MineCode continuously collects package metadata from various package ecosystems to maintain an up-to-date catalog of known packages. [^2]: A Base Package URL is a Package URL without a version or subpath.