purlvalidator

package module
v0.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 16, 2026 License: Apache-2.0 Imports: 4 Imported by: 0

README

purlvalidator

License Version Test

purlvalidator is a Go library for validating Package URLs (PURLs). It works fully offline, including in air-gapped or restricted environments, and answers one key question: Does the package this PURL represents actually exist?

How It Works?

purlvalidator is shipped with a pre-built FST (Finite State Transducer), a set of compact automata containing latest Package URLs mined by the MineCode[^1]. Library uses this FST to perform lookups and confirm whether the base PURL[^2] exists.

Currently Supported Ecosystems

  • apk
  • cargo
  • composer
  • conan
  • cpan
  • cran
  • debain
  • maven
  • npm
  • nuget
  • pypi
  • swift

Usage

Add purlvalidator as dependency in your go.mod

require github.com/aboutcode-org/purlvalidator-go v0.1.0

Use it in your code like this

import "github.com/aboutcode-org/purlvalidator-go"

var result bool = purlvalidator.Validate("pkg:nuget/FluentValidation");

Contribution

We welcome contributions from the community! If you find a bug or have an idea for a new feature, please open an issue on the GitHub repository. If you want to contribute code, you can fork the repository, make your changes, and submit a pull request.

Development Setup

Run these commands, starting from a git clone of https://github.com/aboutcode-org/purlvalidator-go.git

Generate FST:

make build-fst

Run tests:

make test

Fix formatting and linting:

make valid

License

SPDX-License-Identifier: Apache-2.0

purl-validator is licensed under Apache License version 2.0.

You may not use this software except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

[^1]: MineCode continuously collects package metadata from various package ecosystems to maintain an up-to-date catalog of known packages. [^2]: A Base Package URL is a Package URL without a version or subpath.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Validate 

func Validate(packageURL string) bool

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.