Expand description
Top-level product PURL auto-detection.
Detection chain (first match wins):
.git/config[remote "origin"]URL — the canonical identifier when the repo IS the product. GitHub/GitLab/ Bitbucket URLs are normalized topkg:<github|gitlab|bitbucket>/<owner>/<name>; anything else is returned as the raw URL.package.json(npm) →pkg:npm/<name>@<version>pyproject.toml(PyPI) →pkg:pypi/<name>@<version>Cargo.toml(Cargo) →pkg:cargo/<name>@<version>
Returns None only when none of these sources yield a usable
identifier. Multiple-package-manifest case: we pick the highest
package-manifest priority and surface a warning via
DetectResult::warnings so the CLI can echo it to stderr. Git
remote presence does NOT trigger that warning even when alongside
a package manifest — the priority is documented and stable.
Structs§
- Detect
Result - Outcome of
detect_product.