purl 1.7.0 → 1.7.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 02a4895e51ce7c9ace65a53d97fd8d4c5d288d7137daa71c9e8b8a778595e6cb
-  data.tar.gz: 55d348a442e23a0ffddc2b236bc1be22c9cf29d8eac0ce3ff289ce637e1ba6f5
+  metadata.gz: fd8e9d9c9a3cafa22edc44525dccb49e48a3d845d3449e34af58503fe073f108
+  data.tar.gz: f53708d2eef113aa44d3d5518f6258785b475d7fa92c762110693543efd3dadf
 SHA512:
-  metadata.gz: 4f8ff4ff13c1184c4b1adf6950fc1d04acedb8ce2cbbf4d62f2430455567e98f8b153b5493732919e1921a55132a2f3f51b61157b6eba85e207e6675d8675771
-  data.tar.gz: 9f203b73ef705fe70a27de5aae3b85558bd34204a2362a7429c441dc7f66d4a5ae403741fcb36471ab33e972868e4d31e6121a5eeaf23fb88832e3d38fec1e9c
+  metadata.gz: e2c169dbd6baf5749e733fb689eb7ceac90f0f8e6570e79b1bf6a85968bab6cb95da9be8ac97662ea6b5efb5f1f2841250daa8c84bfeb861aac71af1cc05e02d
+  data.tar.gz: 3bf9997d1529682639fe3f9d465688cd109178cd0902c57b08e3236f7c6d9657b9b94b8c80127c22153d3f05d5ea4cbb77219c615284ddc2eb775efdd6ea5632

data/CHANGELOG.md

@@ -7,6 +7,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.7.1] - 2026-01-14
+
+### Added
+- ecosyste.ms API URL generation for packages and versions
+  - `ecosystems_registry` method returns the ecosyste.ms registry name for a PURL type
+  - `ecosystems_api_url` method generates the full API URL (version URL if version present, otherwise package URL)
+  - `ecosystems_package_api_url` method generates package API URL
+  - `ecosystems_version_api_url` method generates version API URL
+- New `ecosystems_registry` field in purl-types.json for types where the registry name differs from the registry URL host
+
 ## [1.7.0] - 2026-01-02
 
 ### Added

data/README.md

@@ -466,6 +466,30 @@ puts Purl.download_supported_types
 #     "npm", "nuget", "pub", "swift"]
 ```
 
+### ecosyste.ms API URLs
+
+Generate API URLs for the packages.ecosyste.ms service:
+
+```ruby
+# Get the ecosyste.ms registry name for a package type
+purl = Purl.parse("pkg:gem/rake@13.3.1")
+purl.ecosystems_registry  # => "rubygems.org"
+
+# Generate API URLs
+purl.ecosystems_api_url          # => "https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/rake/versions/13.3.1"
+purl.ecosystems_package_api_url  # => "https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/rake"
+purl.ecosystems_version_api_url  # => "https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/rake/versions/13.3.1"
+
+# Works with namespaced packages
+purl = Purl.parse("pkg:npm/@babel/core@7.20.0")
+purl.ecosystems_registry  # => "npmjs.org"
+purl.ecosystems_api_url   # => "https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/%40babel%2Fcore/versions/7.20.0"
+
+# Without version, returns package URL
+purl = Purl.parse("pkg:cargo/serde")
+purl.ecosystems_api_url  # => "https://packages.ecosyste.ms/api/v1/registries/crates.io/packages/serde"
+```
+
 ### Reverse Parsing: Registry URLs to PURLs
 
 ```ruby

data/lib/purl/ecosystems_url.rb

@@ -0,0 +1,101 @@
+# frozen_string_literal: true
+
+module Purl
+  class EcosystemsURL
+    API_BASE = "https://packages.ecosyste.ms/api/v1"
+
+    def self.registry_name(purl)
+      new(purl).registry_name
+    end
+
+    def self.api_url(purl)
+      new(purl).api_url
+    end
+
+    def self.package_api_url(purl)
+      new(purl).package_api_url
+    end
+
+    def self.version_api_url(purl)
+      new(purl).version_api_url
+    end
+
+    def initialize(purl)
+      @purl = purl.is_a?(PackageURL) ? purl : PackageURL.parse(purl.to_s)
+    end
+
+    def registry_name
+      # Check for explicit ecosystems_registry in config first
+      type_config = Purl.type_config(@purl.type)
+      return type_config["ecosystems_registry"] if type_config&.dig("ecosystems_registry")
+
+      # Fall back to extracting host from registry_url
+      return nil unless @purl.supports_registry_url?
+
+      host = URI.parse(@purl.registry_url).host
+      host.sub(/^www\./, "")
+    rescue URI::InvalidURIError, RegistryError
+      nil
+    end
+
+    def api_url
+      @purl.version ? version_api_url : package_api_url
+    end
+
+    def package_api_url
+      registry = registry_name
+      return nil unless registry
+
+      name = package_name_for_api
+      "#{API_BASE}/registries/#{registry}/packages/#{encode_path_segment(name)}"
+    end
+
+    def version_api_url
+      registry = registry_name
+      return nil unless registry
+      return nil unless @purl.version
+
+      name = package_name_for_api
+      "#{API_BASE}/registries/#{registry}/packages/#{encode_path_segment(name)}/versions/#{encode_path_segment(@purl.version)}"
+    end
+
+    private
+
+    def package_name_for_api
+      # Some ecosystems use namespace/name format
+      if @purl.namespace && namespaced_package_types.include?(@purl.type.downcase)
+        "#{@purl.namespace}/#{@purl.name}"
+      else
+        @purl.name
+      end
+    end
+
+    def namespaced_package_types
+      %w[npm composer maven golang swift elm clojars]
+    end
+
+    def encode_path_segment(str)
+      URI.encode_www_form_component(str)
+    end
+
+    attr_reader :purl
+  end
+
+  class PackageURL
+    def ecosystems_registry
+      EcosystemsURL.registry_name(self)
+    end
+
+    def ecosystems_api_url
+      EcosystemsURL.api_url(self)
+    end
+
+    def ecosystems_package_api_url
+      EcosystemsURL.package_api_url(self)
+    end
+
+    def ecosystems_version_api_url
+      EcosystemsURL.version_api_url(self)
+    end
+  end
+end

data/lib/purl/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Purl
-  VERSION = "1.7.0"
+  VERSION = "1.7.1"
 end

data/lib/purl.rb

@@ -5,6 +5,7 @@ require_relative "purl/errors"
 require_relative "purl/package_url"
 require_relative "purl/registry_url"
 require_relative "purl/download_url"
+require_relative "purl/ecosystems_url"
 require_relative "purl/lookup"
 require_relative "purl/lookup_formatter"
 require_relative "purl/advisory"

data/purl-types.json

@@ -222,6 +222,7 @@
     "golang": {
       "description": "Go packages",
       "default_registry": "https://pkg.go.dev",
+      "ecosystems_registry": "proxy.golang.org",
       "examples": [
         "pkg:golang/github.com/gorilla/context@234fd47e07d1004f0aed9c",
         "pkg:golang/google.golang.org/genproto#googleapis/api/annotations",
@@ -319,7 +320,8 @@
     "maven": {
       "description": "PURL type for Maven JARs and related artifacts.",
       "default_registry": "https://repo.maven.apache.org/maven2",
-      "namespace_requirement": "required", 
+      "ecosystems_registry": "repo1.maven.org",
+      "namespace_requirement": "required",
       "examples": [
         "pkg:maven/org.apache.commons/commons-lang3@3.12.0",
         "pkg:maven/junit/junit@4.13.2",
@@ -349,6 +351,7 @@
     "npm": {
       "description": "PURL type for npm packages.",
       "default_registry": "https://registry.npmjs.org",
+      "ecosystems_registry": "npmjs.org",
       "namespace_requirement": "optional",
       "examples": [
         "pkg:npm/@babel/core@7.20.0",

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: purl
 version: !ruby/object:Gem::Version
-  version: 1.7.0
+  version: 1.7.1
 platform: ruby
 authors:
 - Andrew Nesbitt
@@ -46,6 +46,7 @@ files:
 - lib/purl/advisory.rb
 - lib/purl/advisory_formatter.rb
 - lib/purl/download_url.rb
+- lib/purl/ecosystems_url.rb
 - lib/purl/errors.rb
 - lib/purl/lookup.rb
 - lib/purl/lookup_formatter.rb