dependencies
Repository for wine software dependencies (by bottlesdevs)
purl-spec
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby (by package-url)
| dependencies | purl-spec | |
|---|---|---|
| 1 | 14 | |
| 54 | 1,052 | |
| - | 3.4% | |
| 5.1 | 9.6 | |
| 4 months ago | 2 days ago | |
| Python | ||
| - | GNU General Public License v3.0 or later |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
dependencies
Posts with mentions or reviews of dependencies.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-08-29.
-
Why is Proton-GE necessary?
Just to add to this answer, one specific example of proprietary media issue is Windows media foundation. It has been an issue for wine-based projects, such as in bottles, proton, etc.
purl-spec
Posts with mentions or reviews of purl-spec.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2026-04-09.
-
Reconciling 15 OSS Vulnerability Databases: What They Actually Cover
vuln_id is the primary identifier that source uses — a GHSA-xxxx, CVE-xxxx, PYSEC-xxxx, RUSTSEC-xxxx, GO-xxxx, or MAL-xxxx. aliases is a semicolon-joined list of cross-database identifiers the source knows about. purl is the Package URL — a canonical string like pkg:pypi/tensorflow or pkg:maven/io.grpc/grpc-protobuf that uniquely names a package across every public ecosystem.
-
Evidence Stores for Supply Chain Security
So supply chain evidence platform, like ReARM, becomes the glue that ties together different independent pieces of supply chain. Now, such evidence store or platform is not meant to be centralized store of everything. For this we have new identifiers, primarily Package-URL or PURL.
-
CDEvents in Action #3: Direct CI/CD Pipeline Integration
Rule: Follow the Package URL specification for your artifact type.
-
PURL Support
And the list of adopters is already pretty impressive.
-
Understanding the PURL Specification (Package URL)
We have a standard checksum "qualifier" at https://github.com/package-url/purl-spec/blob/main/PURL-SPEC... ... that would be the "hash" ... would this work?
- Purl: A Simple Tool for Text Processing
- Package URL Specification
-
PSA: Changes to the mason.nvim registry
Makes heavy use of purls to define package sources. This aids portability of package identifiers, which is currently leveraged to automate version upgrades through Renovate and hopefully can be used to hook into vulnerability databases such as NVD for automated security scanning purposes.
-
OSS Gadget: Using oss-download
The oss-download tool operates on a Package URL, which is a convenient way to express an ecosystem, package, and version. For example, the Python Django package would be pkg:pypi/django, and version 4.1.4 of Django would be pkg:pypi/django@4.1.4.
What are some alternatives?
When comparing dependencies and purl-spec you can also consider the following projects:
init-repo-template - 🚀 Kickstart your next project with a clean, consistent, and collaborative-ready repo template — zero fuss, maximum clarity.
mason-registry - Core package registry
components - Repository for Bottles components
purl - Streamlining Text Processing
wine - Repository for Vaniglia CI builds
OSSGadget - Collection of tools for analyzing open source packages.