purl-spec
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby (by package-url)
OSSGadget
Collection of tools for analyzing open source packages. (by microsoft)
purl-spec | OSSGadget | |
---|---|---|
4 | 2 | |
621 | 304 | |
3.1% | 1.6% | |
4.8 | 6.6 | |
22 days ago | about 1 month ago | |
C# | ||
GNU General Public License v3.0 or later | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
purl-spec
Posts with mentions or reviews of purl-spec.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2024-04-12.
- Purl: A Simple Tool for Text Processing
- Package URL Specification
-
PSA: Changes to the mason.nvim registry
Makes heavy use of purls to define package sources. This aids portability of package identifiers, which is currently leveraged to automate version upgrades through Renovate and hopefully can be used to hook into vulnerability databases such as NVD for automated security scanning purposes.
-
OSS Gadget: Using oss-download
The oss-download tool operates on a Package URL, which is a convenient way to express an ecosystem, package, and version. For example, the Python Django package would be pkg:pypi/django, and version 4.1.4 of Django would be pkg:pypi/[email protected].
OSSGadget
Posts with mentions or reviews of OSSGadget.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-12-20.
-
Hunting for malware in npm
My team and I packaged up a bunch of suspicious patterns into a tool, part of the OSS Gadget suite. You can use this to automatically download and scan for interesting patterns. In this case of the reactjs-slick module, we detect it easily:
-
OSS Gadget: Using oss-download
As a developer, I loathe repeating myself, so a few years ago, my team and I started building a collection of tools we call OSS Gadget. It simplifies and automates various task that we've needed to perform, and thought it would help others too.
What are some alternatives?
When comparing purl-spec and OSSGadget you can also consider the following projects:
rebom - Rebom by Reliza - Catalog of Software Bills of Materials (SBOMs), demo:
dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
mason-registry - Core registry for mason.nvim.