The package-url project provides a practical specification and implementation for a “package (mostly universal) URL” → purl.
The Package URL specification was originally developed by nexB for use in ScanCode and VulnerableCode. It is now a de-facto standard for vulnerability management and package references in active use by SCA projects like CycloneDX and SPDX and by many companies and organizations worldwide.
The specification is at https://github.com/package-url/purl-spec. There are implementations of the purl specification for 9 major languages:
- .Net – https://github.com/package-url/packageurl-dotnet
- Go - https://github.com/package-url/packageurl-go
- Java- https://github.com/package-url/packageurl-java
- JavaScript - https://github.com/package-url/packageurl-js
- PHP: https://github.com/package-url/packageurl-php
- Python - https://github.com/package-url/packageurl-python
- Ruby - https://github.com/package-url/packageurl-ruby
- Rust - https://github.com/package-url/packageurl-dotnet
- Swift: https://github.com/package-url/packageurl-swift
package-url also has a Gitter channel.