purl 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7b04edce0acf5c2872aea527f2b3845dcff94e8079d23ed394abd688779e335e
-  data.tar.gz: 504d83a02eb4b6574b42bbc790820c1f22335f594667d2e239e1edf2569d5300
+  metadata.gz: 25661f74cff7bd498cd8b82d64887231cd1a576b8ce0ef59c5397c6d378759eb
+  data.tar.gz: 0e82bbe5c1600601b3f27a82c79d9ea579587961ae97df1f1272ce31da35877e
 SHA512:
-  metadata.gz: 5a7e76a9dfb4042cece6132a19c390c0ab648335d2d4e9a5acb519310c1475c37030c9c20c7f4ef43f6027805c53d713a3e58c1b391bbea592f92f1bfefc3736
-  data.tar.gz: 1c8c1662e1f893b7f62278951778a59e3af27df05d2b61a54fb8b7cbb3b418ee00815f0996bcd4c93ae28290bd457c0c2cd0010327fb39cb886704444a573eb7
+  metadata.gz: d95b6ca47f39eccb13394340e6a63a9acfa9c0efc8a031897e876fe0350e354ae1d1e4f45f747463e14e1060b89e455e03e3dcbedcefca3a99522fe4f4b54fa1
+  data.tar.gz: 3e5322963a75161291bead8050759a0578c07c8e2b8a732a6a3ca7180b0ffa5a099a63f9cb95785e9dcc42674f1933b10aa6acc9450f4e30ec8f233aa9bb6983

data/CONTRIBUTING.md

@@ -0,0 +1,167 @@
+# Contributing to Purl
+
+Thank you for your interest in contributing to the Purl Ruby library! This document provides guidelines and information for contributors.
+
+## Code of Conduct
+
+This project and everyone participating in it is governed by our [Code of Conduct](CODE_OF_CONDUCT.md). By participating, you are expected to uphold this code.
+
+## How to Contribute
+
+### Reporting Issues
+
+Before creating an issue, please:
+1. Search existing issues to avoid duplicates
+2. Use the latest version of the gem
+3. Provide a clear, descriptive title
+4. Include steps to reproduce the issue
+5. Share relevant code examples or error messages
+
+### Suggesting Enhancements
+
+Enhancement suggestions are welcome! Please:
+1. Check if the enhancement is already requested
+2. Explain the use case and expected behavior
+3. Consider if it fits the project's scope
+4. Be willing to help implement if accepted
+
+### Pull Requests
+
+1. **Fork** the repository
+2. **Create** a feature branch (`git checkout -b my-new-feature`)
+3. **Make** your changes following our coding standards
+4. **Add** tests for your changes
+5. **Ensure** all tests pass (`rake test`)
+6. **Run** the full test suite including compliance tests
+7. **Commit** your changes with clear, descriptive messages
+8. **Push** to your branch (`git push origin my-new-feature`)
+9. **Create** a Pull Request with a clear description
+
+## Development Setup
+
+### Prerequisites
+
+- Ruby 3.1 or higher
+- Bundler gem
+
+### Setup
+
+```bash
+git clone https://github.com/package-url/purl-ruby.git
+cd purl-ruby
+bundle install
+```
+
+### Running Tests
+
+```bash
+# Run all tests
+rake test
+
+# Run PURL specification compliance tests
+rake spec:compliance
+
+# Validate JSON schemas
+rake spec:validate_schemas
+
+# Validate PURL examples
+rake spec:validate_examples
+
+# Show all available tasks
+rake -T
+```
+
+### Coding Standards
+
+- Follow Ruby best practices and conventions
+- Use meaningful variable and method names
+- Add documentation for public methods
+- Keep methods focused and concise
+- Follow the existing code style
+
+### Testing Requirements
+
+All contributions must include appropriate tests:
+
+- **Unit tests** for new functionality
+- **Integration tests** for feature interactions
+- **Compliance tests** must continue to pass
+- **Example validation** for any new PURL examples
+
+### Documentation
+
+- Update the README.md if adding new features
+- Add inline documentation for complex methods
+- Update CHANGELOG.md following the format
+- Include examples in documentation
+
+## Project Structure
+
+```
+├── lib/
+│   ├── purl.rb              # Main module
+│   └── purl/
+│       ├── errors.rb        # Error classes
+│       ├── package_url.rb   # Core PURL parsing
+│       └── registry_url.rb  # Registry URL handling
+├── test/                    # Test files
+├── schemas/                 # JSON schemas
+├── purl-types.json         # Package types configuration
+└── test-suite-data.json    # Official test cases
+```
+
+## Adding New Package Types
+
+To add support for a new package type:
+
+1. **Add type definition** to `purl-types.json`
+2. **Include examples** from the official specification
+3. **Add registry configuration** if applicable
+4. **Update tests** to verify the new type
+5. **Run validation** to ensure compliance
+
+## JSON Schema Updates
+
+When modifying JSON files:
+
+1. **Validate** against schemas: `rake spec:validate_schemas`
+2. **Update schemas** if structure changes
+3. **Test examples** are valid: `rake spec:validate_examples`
+
+## PURL Specification Compliance
+
+This library maintains 100% compliance with the official PURL specification:
+
+- All changes must maintain compliance
+- Run `rake spec:compliance` before submitting
+- New features should align with the spec
+- Report spec issues upstream when discovered
+
+## Release Process
+
+Releases are handled by maintainers:
+
+1. Update version in `lib/purl/version.rb`
+2. Update `CHANGELOG.md` with changes
+3. Run full test suite
+4. Create release tag
+5. Publish to RubyGems
+
+## Getting Help
+
+- **Issues**: Use GitHub issues for bugs and feature requests
+- **Discussions**: Use GitHub discussions for questions
+- **Security**: Follow our [Security Policy](SECURITY.md)
+
+## Recognition
+
+Contributors will be recognized in:
+- Git commit history
+- CHANGELOG.md for significant contributions
+- Project documentation where appropriate
+
+## License
+
+By contributing to Purl, you agree that your contributions will be licensed under the [MIT License](LICENSE).
+
+Thank you for contributing to make Purl better for everyone!

data/README.md

@@ -1,26 +1,26 @@
 # Purl - Package URL Parser for Ruby
 
-A comprehensive Ruby library for parsing, validating, and working with Package URLs (PURLs) as defined by the [PURL specification](https://github.com/package-url/purl-spec).
+A Ruby library for parsing, validating, and generating Package URLs (PURLs) as defined by the [PURL specification](https://github.com/package-url/purl-spec).
 
-This library provides better error handling than existing solutions with namespaced error types, bidirectional registry URL conversion, and JSON-based configuration for cross-language compatibility.
+This library features comprehensive error handling with namespaced error types, bidirectional registry URL conversion, and JSON-based configuration for cross-language compatibility.
 
-[![Ruby](https://img.shields.io/badge/ruby-%3E%3D%202.7-red.svg)](https://www.ruby-lang.org/)
+[![Ruby](https://img.shields.io/badge/ruby-%3E%3D%203.1-red.svg)](https://www.ruby-lang.org/)
 [![Gem Version](https://badge.fury.io/rb/purl.svg)](https://rubygems.org/gems/purl)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 
-**🔗 [Available on RubyGems](https://rubygems.org/gems/purl)**
+**[Available on RubyGems](https://rubygems.org/gems/purl)**
 
 ## Features
 
-- 🎯 **Comprehensive PURL parsing and validation** with 37 package types (32 official + 5 additional ecosystems)
-- 🔥 **Better error handling** with namespaced error classes and contextual information
-- 🔄 **Bidirectional registry URL conversion** - generate registry URLs from PURLs and parse PURLs from registry URLs
-- 📋 **Type-specific validation** for conan, cran, and swift packages
-- 🌐 **Registry URL generation** for 20 package ecosystems (npm, gem, maven, pypi, etc.)
-- 🎨 **Rails-style route patterns** for registry URL templates
-- 📊 **100% compliance** with official PURL specification test suite (59/59 tests passing)
-- 🤝 **Cross-language compatibility** with JSON-based configuration
-- 📚 **Comprehensive documentation** and examples
+- **Comprehensive PURL parsing and validation** with 37 package types (32 official + 5 additional ecosystems)
+- **Better error handling** with namespaced error classes and contextual information
+- **Bidirectional registry URL conversion** - generate registry URLs from PURLs and parse PURLs from registry URLs
+- **Type-specific validation** for conan, cran, and swift packages
+- **Registry URL generation** for 20 package ecosystems (npm, gem, maven, pypi, etc.)
+- **Rails-style route patterns** for registry URL templates
+- **100% compliance** with official PURL specification test suite (59/59 tests passing)
+- **Cross-language compatibility** with JSON-based configuration
+- **Comprehensive documentation** and examples
 
 ## Installation
 
@@ -79,6 +79,42 @@ purl = Purl::PackageURL.new(
 puts purl.to_s  # => "pkg:maven/org.apache.commons/commons-lang3@3.12.0"
 ```
 
+### Modifying PURL Objects
+
+PURL objects are immutable by design, but you can create new objects with modified attributes using the `with` method:
+
+```ruby
+# Create original PURL
+original = Purl::PackageURL.new(
+  type: "npm",
+  namespace: "@babel", 
+  name: "core",
+  version: "7.20.0",
+  qualifiers: { "arch" => "x64" }
+)
+
+# Create new PURL with updated version
+updated = original.with(version: "7.21.0")
+puts updated.to_s  # => "pkg:npm/@babel/core@7.21.0?arch=x64"
+
+# Update qualifiers
+with_new_qualifiers = original.with(
+  qualifiers: { "arch" => "arm64", "os" => "linux" }
+)
+puts with_new_qualifiers.to_s  # => "pkg:npm/@babel/core@7.20.0?arch=arm64&os=linux"
+
+# Update multiple attributes at once
+fully_updated = original.with(
+  version: "8.0.0",
+  qualifiers: { "dev" => "true" },
+  subpath: "lib/index.js"
+)
+puts fully_updated.to_s  # => "pkg:npm/@babel/core@8.0.0#lib/index.js?dev=true"
+
+# Original remains unchanged
+puts original.to_s  # => "pkg:npm/@babel/core@7.20.0?arch=x64"
+```
+
 ### Registry URL Generation
 
 ```ruby
@@ -110,6 +146,30 @@ purl = Purl.from_registry_url("https://pypi.org/project/django/4.0.0/")
 puts purl.to_s  # => "pkg:pypi/django@4.0.0"
 ```
 
+### Custom Registry Domains
+
+You can parse registry URLs from custom domains or generate URLs for private registries:
+
+```ruby
+# Parse from custom domain (specify type to help with parsing)
+purl = Purl.from_registry_url("https://npm.company.com/package/@babel/core", type: "npm")
+puts purl.to_s  # => "pkg:npm/@babel/core"
+
+# Generate URLs for custom registries
+purl = Purl.parse("pkg:gem/rails@7.0.0")
+custom_url = purl.registry_url(base_url: "https://gems.internal.com/gems")
+puts custom_url  # => "https://gems.internal.com/gems/rails"
+
+# With version-specific URLs
+with_version = purl.registry_url_with_version(base_url: "https://gems.internal.com/gems")
+puts with_version  # => "https://gems.internal.com/gems/rails/versions/7.0.0"
+
+# Works with all supported package types
+composer_purl = Purl.parse("pkg:composer/symfony/console@5.4.0")
+private_composer = composer_purl.registry_url(base_url: "https://packagist.company.com/packages")
+puts private_composer  # => "https://packagist.company.com/packages/symfony/console"
+```
+
 ### Route Patterns
 
 ```ruby
@@ -123,21 +183,64 @@ puts all_patterns["npm"]
 # => ["https://www.npmjs.com/package/:namespace/:name", "https://www.npmjs.com/package/:name", ...]
 ```
 
+### Working with Qualifiers
+
+Qualifiers are key-value pairs that provide additional metadata about packages:
+
+```ruby
+# Create PURL with qualifiers
+purl = Purl::PackageURL.new(
+  type: "apk",
+  name: "curl",
+  version: "7.83.0-r0",
+  qualifiers: {
+    "distro" => "alpine-3.16",
+    "arch" => "x86_64",
+    "repository_url" => "https://dl-cdn.alpinelinux.org"
+  }
+)
+puts purl.to_s  # => "pkg:apk/curl@7.83.0-r0?arch=x86_64&distro=alpine-3.16&repository_url=https://dl-cdn.alpinelinux.org"
+
+# Access qualifiers
+puts purl.qualifiers["distro"]  # => "alpine-3.16"
+puts purl.qualifiers["arch"]    # => "x86_64"
+
+# Parse PURL with qualifiers
+parsed = Purl.parse("pkg:rpm/httpd@2.4.53?distro=fedora-36&arch=x86_64")
+puts parsed.qualifiers  # => {"distro" => "fedora-36", "arch" => "x86_64"}
+
+# Add qualifiers to existing PURL
+with_qualifiers = purl.with(qualifiers: purl.qualifiers.merge("signed" => "true"))
+```
+
 ### Package Type Information
 
 ```ruby
 # Get all known PURL types
-puts Purl.known_types.length          # => 32
+puts Purl.known_types.length          # => 37
 puts Purl.known_types.include?("gem") # => true
 
 # Check type support
 puts Purl.known_type?("gem")                    # => true
 puts Purl.registry_supported_types              # => ["cargo", "gem", "maven", "npm", ...]
-puts Purl.reverse_parsing_supported_types       # => ["cargo", "gem", "maven", "npm", ...]
+puts Purl.reverse_parsing_supported_types       # => ["bioconductor", "cargo", "clojars", ...]
+
+# Get default registry for a type
+puts Purl.default_registry("gem")               # => "https://rubygems.org"
+puts Purl.default_registry("npm")               # => "https://registry.npmjs.org"
+puts Purl.default_registry("golang")             # => nil (no default)
+
+# Get official examples for a type
+puts Purl.type_examples("gem")                  # => ["pkg:gem/rails@7.0.4", "pkg:gem/bundler@2.3.26", ...]
+puts Purl.type_examples("npm")                  # => ["pkg:npm/lodash@4.17.21", "pkg:npm/@babel/core@7.20.0", ...]
+puts Purl.type_examples("unknown")              # => []
 
 # Get detailed type information
 info = Purl.type_info("gem")
 puts info[:known]                     # => true
+puts info[:description]               # => "RubyGems"
+puts info[:default_registry]          # => "https://rubygems.org"
+puts info[:examples]                  # => ["pkg:gem/rails@7.0.4", ...]
 puts info[:registry_url_generation]   # => true
 puts info[:reverse_parsing]           # => true
 puts info[:route_patterns]            # => ["https://rubygems.org/gems/:name", ...]
@@ -191,8 +294,8 @@ The library supports 37 package types (32 official + 5 additional ecosystems):
 - `pypi` (Python) - pypi.org
 - `swift` (Swift) - swiftpackageindex.com
 
-**Reverse Parsing (10 types):**
-- `cargo`, `deno`, `elm`, `gem`, `golang`, `hackage`, `homebrew`, `maven`, `npm`, `pypi`
+**Reverse Parsing (20 types):**
+- `bioconductor`, `cargo`, `clojars`, `cocoapods`, `composer`, `conda`, `cpan`, `deno`, `elm`, `gem`, `golang`, `hackage`, `hex`, `homebrew`, `maven`, `npm`, `nuget`, `pub`, `pypi`, `swift`
 
 **All 37 Supported Types:**
 `alpm`, `apk`, `bioconductor`, `bitbucket`, `bitnami`, `cargo`, `clojars`, `cocoapods`, `composer`, `conan`, `conda`, `cpan`, `cran`, `deb`, `deno`, `docker`, `elm`, `gem`, `generic`, `github`, `golang`, `hackage`, `hex`, `homebrew`, `huggingface`, `luarocks`, `maven`, `mlflow`, `npm`, `nuget`, `oci`, `pub`, `pypi`, `qpkg`, `rpm`, `swid`, `swift`
@@ -212,20 +315,51 @@ Package types and registry patterns are stored in `purl-types.json` for easy con
 {
   "version": "1.0.0",
   "description": "PURL types and registry URL patterns for package ecosystems",
+  "source": "https://github.com/package-url/purl-spec/blob/main/PURL-TYPES.rst",
+  "last_updated": "2025-07-24",
   "types": {
     "gem": {
       "description": "RubyGems",
-      "registry_support": true,
+      "default_registry": "https://rubygems.org",
       "registry_config": {
-        "base_url": "https://rubygems.org/gems",
-        "route_patterns": ["https://rubygems.org/gems/:name"],
-        "reverse_parsing": true
+        "path_template": "/gems/:name",
+        "version_path_template": "/gems/:name/versions/:version",
+        "reverse_regex": "/gems/([^/?#]+)(?:/versions/([^/?#]+))?",
+        "components": {
+          "namespace": false,
+          "version_in_url": true,
+          "version_path": "/versions/"
+        }
       }
     }
   }
 }
 ```
 
+**Key Configuration Improvements:**
+- **Domain-agnostic patterns**: `path_template` without hardcoded domains enables custom registries
+- **Flexible URL generation**: Combine `default_registry` + `path_template` for any domain
+- **Cleaner JSON**: Reduced duplication and easier maintenance
+- **Cross-registry compatibility**: Same URL structure works with public and private registries
+
+## JSON Schema Validation
+
+The library includes JSON schemas for validation and documentation:
+
+- **`schemas/purl-types.schema.json`** - Schema for the PURL types configuration file
+- **`schemas/test-suite-data.schema.json`** - Schema for the official test suite data
+
+These schemas provide:
+- **Structure validation** - Ensure JSON files conform to expected format
+- **Documentation** - Self-documenting configuration with descriptions
+- **IDE support** - Enable autocomplete and validation in editors
+- **CI/CD integration** - Validate configuration in automated pipelines
+
+Validate JSON files against their schemas:
+```bash
+rake spec:validate_schemas
+```
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then:
@@ -253,14 +387,16 @@ rake spec:verify_types
 - `rake spec:compliance` - Run compliance tests against official test suite  
 - `rake spec:types` - Show information about all PURL types and their support
 - `rake spec:verify_types` - Verify our types list against official specification
+- `rake spec:validate_schemas` - Validate JSON files against their schemas
 - `rake spec:debug` - Show detailed info about failing test cases
 
 ## Funding
 
 If you find this project useful, please consider supporting its development:
 
-- 💝 [GitHub Sponsors](https://github.com/sponsors/andrew)
-- ☕ [Buy me a coffee](https://www.buymeacoffee.com/andrew)
+- [GitHub Sponsors](https://github.com/sponsors/andrew)
+- [Ko-fi](https://ko-fi.com/andrewnez)
+- [Buy Me a Coffee](https://www.buymeacoffee.com/andrewnez)
 
 Your support helps maintain and improve this library for the entire Ruby community.
 

data/Rakefile

@@ -18,6 +18,8 @@ namespace :spec do
     puts "rake spec:debug       - Show detailed info about failing test cases"
     puts "rake spec:types       - Show information about all PURL types and their support"
     puts "rake spec:verify_types - Verify our types list against the official specification"
+    puts "rake spec:validate_schemas - Validate JSON files against their schemas"
+    puts "rake spec:validate_examples - Validate all PURL examples in purl-types.json"
     puts "rake spec:help        - Show this help message"
     puts
     puts "Example workflow:"
@@ -390,4 +392,155 @@ namespace :spec do
       puts "Overall success rate: #{success_rate}% (#{test_data.length - failed_cases.length}/#{test_data.length})"
     end
   end
+
+  desc "Validate JSON files against their schemas"
+  task :validate_schemas do
+    require "json"
+    require "json-schema"
+    
+    puts "🔍 Validating JSON files against schemas..."
+    puts "=" * 50
+    
+    schemas_dir = File.join(__dir__, "schemas")
+    
+    validations = [
+      {
+        name: "PURL Types Configuration",
+        data_file: "purl-types.json",
+        schema_file: File.join(schemas_dir, "purl-types.schema.json")
+      },
+      {
+        name: "Test Suite Data", 
+        data_file: "test-suite-data.json",
+        schema_file: File.join(schemas_dir, "test-suite-data.schema.json")
+      }
+    ]
+    
+    all_valid = true
+    
+    validations.each do |validation|
+      puts "\n📋 Validating #{validation[:name]}..."
+      
+      data_path = File.join(__dir__, validation[:data_file])
+      schema_path = validation[:schema_file]
+      
+      # Check if files exist
+      unless File.exist?(data_path)
+        puts "   ❌ Data file not found: #{validation[:data_file]}"
+        all_valid = false
+        next
+      end
+      
+      unless File.exist?(schema_path)
+        puts "   ❌ Schema file not found: #{validation[:schema_file]}"
+        all_valid = false
+        next
+      end
+      
+      begin
+        # Load and parse files
+        data = JSON.parse(File.read(data_path))
+        schema = JSON.parse(File.read(schema_path))
+        
+        # Validate
+        errors = JSON::Validator.fully_validate(schema, data)
+        
+        if errors.empty?
+          puts "   ✅ Valid - conforms to schema"
+        else
+          puts "   ❌ Invalid - found #{errors.length} error(s):"
+          errors.first(5).each { |error| puts "      • #{error}" }
+          if errors.length > 5
+            puts "      • ... and #{errors.length - 5} more errors"
+          end
+          all_valid = false
+        end
+        
+      rescue JSON::ParserError => e
+        puts "   ❌ JSON parsing error: #{e.message}"
+        all_valid = false
+      rescue => e
+        puts "   ❌ Validation error: #{e.message}"
+        all_valid = false
+      end
+    end
+    
+    puts "\n" + "=" * 50
+    if all_valid
+      puts "🎉 All JSON files are valid according to their schemas!"
+    else
+      puts "❌ One or more JSON files failed schema validation"
+      exit 1
+    end
+  end
+
+  desc "Validate all PURL examples in purl-types.json"
+  task :validate_examples do
+    require "json"
+    require_relative "lib/purl"
+    
+    puts "🔍 Validating PURL examples in purl-types.json..."
+    puts "=" * 60
+    
+    project_root = __dir__
+    purl_types_data = JSON.parse(File.read(File.join(project_root, "purl-types.json")))
+    
+    total_examples = 0
+    invalid_examples = []
+    
+    purl_types_data["types"].each do |type_name, type_config|
+      examples = type_config["examples"]
+      next unless examples && examples.is_a?(Array)
+      
+      puts "\n📦 #{type_name} (#{examples.length} examples):"
+      
+      examples.each do |example_purl|
+        total_examples += 1
+        
+        begin
+          # Try to parse the example PURL
+          parsed = Purl::PackageURL.parse(example_purl)
+          
+          # Verify the type matches
+          if parsed.type == type_name
+            puts "   ✅ #{example_purl}"
+          else
+            puts "   ❌ #{example_purl} - Type mismatch: expected '#{type_name}', got '#{parsed.type}'"
+            invalid_examples << {
+              type: type_name,
+              example: example_purl,
+              error: "Type mismatch: expected '#{type_name}', got '#{parsed.type}'"
+            }
+          end
+          
+        rescue => e
+          puts "   ❌ #{example_purl} - #{e.class}: #{e.message}"
+          invalid_examples << {
+            type: type_name,
+            example: example_purl,
+            error: "#{e.class}: #{e.message}"
+          }
+        end
+      end
+    end
+    
+    puts "\n" + "=" * 60
+    puts "📊 Validation Summary:"
+    puts "   Total examples: #{total_examples}"
+    puts "   Valid examples: #{total_examples - invalid_examples.length}"
+    puts "   Invalid examples: #{invalid_examples.length}"
+    
+    if invalid_examples.empty?
+      puts "\n🎉 All PURL examples are valid!"
+    else
+      puts "\n❌ Found #{invalid_examples.length} invalid examples:"
+      invalid_examples.each do |invalid|
+        puts "   • #{invalid[:type]}: #{invalid[:example]}"
+        puts "     Error: #{invalid[:error]}"
+      end
+      
+      puts "\n📝 These examples should be reported upstream to the PURL specification maintainers."
+      exit 1
+    end
+  end
 end